On Wed, May 25, 2022 at 3:02 PM Stefan Berger <stef...@linux.ibm.com> wrote:
> From: Peter Maydell <peter.mayd...@linaro.org>
>
> In tpm_tis_mmio_read(), tpm_tis_mmio_write() and
> tpm_tis_dump_state(), we calculate a locality index with
> tpm_tis_locality_from_addr() and then use it as an index into the
> s->loc[] array. In all these cases, the array index can't overflow
> because the MemoryRegion is sized to be TPM_TIS_NUM_LOCALITIES <<
> TPM_TIS_LOCALITY_SHIFT bytes. However, Coverity can't see that, and
> it complains (CID 1487138, 1487180, 1487188, 1487198, 1487240).
>
> Add an assertion to tpm_tis_locality_from_addr() that the calculated
> locality index is valid, which will help Coverity and also catch any
> potential future bug where the MemoryRegion isn't sized exactly.
>
> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
> Signed-off-by: Stefan Berger <stef...@linux.ibm.com>
>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
>
> ---
>
> v2:
> - Moved 3 asserts from 3 callsites of tpm_tis_locality_from_addr() into
> tpm_tis_locality_from_addr()
> ---
> hw/tpm/tpm_tis_common.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
> index e700d82181..503be2a541 100644
> --- a/hw/tpm/tpm_tis_common.c
> +++ b/hw/tpm/tpm_tis_common.c
> @@ -50,7 +50,12 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr
> addr,
>
> static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
> {
> - return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
> + uint8_t locty;
> +
> + locty = (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
> + assert(TPM_TIS_IS_VALID_LOCTY(locty));
> +
> + return locty;
> }
>
>
> --
> 2.36.1
>
>
>
--
Marc-André Lureau
