Quoting Greg Kurz (2019-09-09 13:10:09)
> Coverity is reporting in CID 1405304 that tpm_execute() may pass a NULL
> tpm_proxy->host_path pointer to open(). This is based on the fact that
> h_tpm_comm() does a NULL check on tpm_proxy->host_path and then passes
> tpm_proxy to tpm_execute().
>
> The check in h_tpm_comm() is abusive actually since a spapr-proxy-tpm
> requires a non NULL host_path property, as checked during realize.
>
> Fixes: 0fb6bd073230
> Signed-off-by: Greg Kurz <gr...@kaod.org>
Reviewed-by: Michael Roth <mdr...@linux.vnet.ibm.com>
Thanks for the quick fix!
> ---
> hw/ppc/spapr_tpm_proxy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/ppc/spapr_tpm_proxy.c b/hw/ppc/spapr_tpm_proxy.c
> index b835d25be6f6..ca1caec113f0 100644
> --- a/hw/ppc/spapr_tpm_proxy.c
> +++ b/hw/ppc/spapr_tpm_proxy.c
> @@ -114,7 +114,7 @@ static target_ulong h_tpm_comm(PowerPCCPU *cpu,
> return H_FUNCTION;
> }
>
> - trace_spapr_h_tpm_comm(tpm_proxy->host_path ?: "null", op);
> + trace_spapr_h_tpm_comm(tpm_proxy->host_path, op);
>
> switch (op) {
> case TPM_COMM_OP_EXECUTE:
>
