Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
156 new defect(s) introduced to coreboot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 156 defect(s)
** CID 1434841: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/stm/Stm/StmPkg/Core/StmResource.c: 351 in IsResourceNodeValid()
________________________________________________________________________________________________________
*** CID 1434841: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/stm/Stm/StmPkg/Core/StmResource.c: 351 in IsResourceNodeValid()
345 }
346 break;
347 case MMIO_RANGE:
348 if (ResourceNode->Header.Length != sizeof(STM_RSC_MMIO_DESC)) {
349 goto CheckFail;
350 }
>>> CID 1434841: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "ResourceNode->Mmio.RWXAttributes & -8 /* ~((1 | 2) | 4) */" is always
>>> 0 regardless of the values of its operands. This occurs as a value.
351 if ((ResourceNode->Mmio.RWXAttributes & ~(STM_RSC_MMIO_R |
STM_RSC_MMIO_W | STM_RSC_MMIO_X)) != 0) {
352 goto CheckFail;
353 }
354 if (ResourceNode->Mmio.Reserved != 0) {
355 goto CheckFail;
356 }
** CID 1434840: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434840: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmVmcallHandler.c: 435 in
SmmVmcallHandler()
429 if (StmVmcallHandler == NULL) {
430 DEBUG((EFI_D_INFO, "%ld SmmVmcallHandler -
GetSmmVmcallHandlerByIndex - %x!\n", Index, (UINTN)ReadUnaligned32 ((UINT32
*)&Reg->Rax)));
431 // Should not happen
432 CpuDeadLoop ();
433 Status = ERROR_INVALID_API;
434 } else {
>>> CID 1434840: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rbx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
435 AddressParameter = ReadUnaligned32 ((UINT32 *)&Reg->Rbx) +
LShiftU64 (ReadUnaligned32 ((UINT32 *)&Reg->Rcx), 32);
436 Status = StmVmcallHandler (Index, AddressParameter);
437 }
438
439 WriteUnaligned32 ((UINT32 *)&Reg->Rax, Status);
440 if (Status == STM_SUCCESS) {
** CID 1434839: (UNUSED_VALUE)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 569 in PostPeVmProc()
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 573 in PostPeVmProc()
________________________________________________________________________________________________________
*** CID 1434839: (UNUSED_VALUE)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 569 in PostPeVmProc()
563 if
(mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched) {
564 Rflags = AsmVmResume
(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register);
565 // BUGBUG: - AsmVmLaunch if AsmVmResume fail
566 if (VmRead32
(VMCS_32_RO_VM_INSTRUCTION_ERROR_INDEX) ==
567
VmxFailErrorVmResumeWithNonLaunchedVmcs) {
568 DEBUG ((EFI_D_ERROR, "%ld :-(\n",
(UINTN)CpuIndex));
>>> CID 1434839: (UNUSED_VALUE)
>>> Assigning value from
>>> "AsmVmLaunch(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register)"
>>> to "Rflags" here, but that stored value is overwritten before it can be
>>> used.
569 Rflags = AsmVmLaunch
(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register);
570 }
571 } else {
572
mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched = TRUE;
573 Rflags = AsmVmLaunch
(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register);
574 DEBUG ((EFI_D_ERROR, "PostPeVmProc - somehow we
did not launch\n"));
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 573 in PostPeVmProc()
567
VmxFailErrorVmResumeWithNonLaunchedVmcs) {
568 DEBUG ((EFI_D_ERROR, "%ld :-(\n",
(UINTN)CpuIndex));
569 Rflags = AsmVmLaunch
(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register);
570 }
571 } else {
572
mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched = TRUE;
>>> CID 1434839: (UNUSED_VALUE)
>>> Assigning value from
>>> "AsmVmLaunch(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register)"
>>> to "Rflags" here, but that stored value is overwritten before it can be
>>> used.
573 Rflags = AsmVmLaunch
(&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register);
574 DEBUG ((EFI_D_ERROR, "PostPeVmProc - somehow we
did not launch\n"));
575
mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched = FALSE;
576 }
577 DEBUG ((EFI_D_ERROR, "%ld PostPeVmProc - Problem in SMI
during VM/PE\n", CpuIndex));
578 }
** CID 1434838: Null pointer dereferences (FORWARD_NULL)
/3rdparty/stm/Stm/StmPkg/Core/Init/StmInit.c: 759 in BspInit()
________________________________________________________________________________________________________
*** CID 1434838: Null pointer dereferences (FORWARD_NULL)
/3rdparty/stm/Stm/StmPkg/Core/Init/StmInit.c: 759 in BspInit()
753 Rsdp = FindAcpiRsdPtr ();
754 DEBUG ((EFI_D_INFO, "Rsdp - %08x\n", Rsdp));
755 if (Rsdp == NULL) {
756 DEBUG ((EFI_D_INFO, "Null Rsdp - Can not continue\n",
Rsdp));
757 CpuDeadLoop ();
758 }
>>> CID 1434838: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "Rsdp".
759 Rsdt = (EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)Rsdp->RsdtAddress;
760 DEBUG ((EFI_D_INFO, "Rsdt - %08x\n", Rsdt));
761 DEBUG ((EFI_D_INFO, "RsdtLen - %08x\n", Rsdt->Length));
762 if ((Rsdp->Revision >= 2) && (Rsdp->XsdtAddress <
(UINT64)(UINTN)-1)) {
763 Xsdt = (EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)Rsdp->XsdtAddress;
764 DEBUG ((EFI_D_INFO, "Xsdt - %016lx\n", Xsdt));
** CID 1434837: (SIZEOF_MISMATCH)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 227 in LaunchPeVm()
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 219 in LaunchPeVm()
________________________________________________________________________________________________________
*** CID 1434837: (SIZEOF_MISMATCH)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 227 in LaunchPeVm()
221
222 DEBUG((EFI_D_INFO,
223 "%ld LaunchPeVM - Initiating PE/VM run number: %d\n",
224 CpuIndex,
225 PeVmData[PeType].UserModule.RunCount));
226
>>> CID 1434837: (SIZEOF_MISMATCH)
>>> Adding "8UL /* sizeof (UINT64) */" to pointer
>>> "PeVmData[PeType].SharedPageStm" of type "UINTN *" is suspicious because
>>> adding an integral value to this pointer automatically scales that value by
>>> the size, 8 bytes, of the pointed-to type, "UINTN". Most likely, "sizeof
>>> (UINT64)" is extraneous and should be replaced with 1.
227 DEBUG((EFI_D_INFO,
228 "%ld LaunchPeVM - SharedPageStm 0x%016llx 0x%016llx\n",
229 CpuIndex,
230 *((UINT64 *)(PeVmData[PeType].SharedPageStm)),
231 *((UINT64 *)(PeVmData[PeType].SharedPageStm +
sizeof(UINT64)))));
232
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 219 in LaunchPeVm()
213
mGuestContextCommonSmm[PeType].GuestContextPerCpu[0].Register.Rcx,
214
mGuestContextCommonSmm[PeType].GuestContextPerCpu[0].Register.Rdx));
215
216 PeVmData[PeType].UserModule.RunCount++;
217 // set the runcount into the STM shared page
218
>>> CID 1434837: (SIZEOF_MISMATCH)
>>> Adding "8UL /* sizeof (UINT64) */" to pointer
>>> "PeVmData[PeType].SharedPageStm" of type "UINTN *" is suspicious because
>>> adding an integral value to this pointer automatically scales that value by
>>> the size, 8 bytes, of the pointed-to type, "UINTN". Most likely, "sizeof
>>> (UINT64)" is extraneous and should be replaced with 1.
219 *((UINT64 *)(PeVmData[PeType].SharedPageStm + sizeof(UINT64))) =
220 PeVmData[PeType].UserModule.RunCount;
221
222 DEBUG((EFI_D_INFO,
223 "%ld LaunchPeVM - Initiating PE/VM run number: %d\n",
224 CpuIndex,
** CID 1434836: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434836: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmiVmcallHandler.c: 1010 in
SmiVmcallHandler()
1004 DEBUG ((EFI_D_ERROR,
1005 "%ld SmiVmcallHandler - GetSmiVmcallHandlerByIndex-
Invalid API entry - %x!\n",
1006 Index,
1007 (UINTN)ReadUnaligned32 ((UINT32 *)&Reg->Rax)));
1008 Status = ERROR_INVALID_API;
1009 } else {
>>> CID 1434836: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rcx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
1010 AddressParameter = ReadUnaligned32 ((UINT32 *)&Reg->Rbx) +
LShiftU64 (ReadUnaligned32 ((UINT32 *)&Reg->Rcx), 32);
1011
1012 Status = StmVmcallHandler (Index, AddressParameter);
1013 }
1014
1015 if (Status == STM_SUCCESS) {
** CID 1434835: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434835: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmMsrHandler.c: 41 in SmmReadMsrHandler()
35 STM_SMM_CPU_STATE *SmmCpuState;
36 UINT32 VmType = SMI_HANDLER;
37 BOOLEAN Result;
38
39 SmmCpuState =
mGuestContextCommonSmi.GuestContextPerCpu[Index].SmmCpuState;
40 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[Index].Register;
>>> CID 1434835: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rcx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
41 MsrIndex = ReadUnaligned32 ((UINT32 *)&Reg->Rcx);
42
43 MsrDesc = GetStmResourceMsr
(mHostContextCommon.MleProtectedResource.Base, MsrIndex);
44 if ((MsrDesc != NULL) && (MsrDesc->ReadMask != 0)) {
45 DEBUG ((EFI_D_ERROR, "RDMSR (%x) violation!\n", MsrIndex));
46 AddEventLogForResource (EvtHandledProtectionException, (STM_RSC
*)MsrDesc);
** CID 1434834: Incorrect expression (ASSERT_SIDE_EFFECT)
/3rdparty/stm/Stm/StmPkg/Library/SimpleSynchronizationLib/SynchronizationGcc.c:
143 in AcquireSpinLockOrFail()
________________________________________________________________________________________________________
*** CID 1434834: Incorrect expression (ASSERT_SIDE_EFFECT)
/3rdparty/stm/Stm/StmPkg/Library/SimpleSynchronizationLib/SynchronizationGcc.c:
143 in AcquireSpinLockOrFail()
137 SPIN_LOCK LockValue;
138 VOID *Result;
139
140 ASSERT (SpinLock != NULL);
141
142 LockValue = *SpinLock;
>>> CID 1434834: Incorrect expression (ASSERT_SIDE_EFFECT)
>>> Argument "LockValue" of ASSERT() has a side effect because the variable
>>> is volatile. The containing function might work differently in a non-debug
>>> build.
143 ASSERT (LockValue == SPIN_LOCK_ACQUIRED || LockValue ==
SPIN_LOCK_RELEASED);
144
145 _ReadWriteBarrier ();
146 Result = InterlockedCompareExchangePointer (
147 (VOID**)SpinLock,
148 (VOID*)SPIN_LOCK_RELEASED,
** CID 1434833: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434833: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Init/StmInit.c: 1087 in CommonInit()
1081 AsmWriteCr4 (AsmReadCr4 () | CR4_OSFXSR | CR4_OSXMMEXCPT);
1082 if (IsXStateSupoprted()) {
1083 AsmWriteCr4 (AsmReadCr4 () | CR4_OSXSAVE);
1084 }
1085
1086 VmxMisc.Uint64 = AsmReadMsr64 (IA32_VMX_MISC_MSR_INDEX);
>>> CID 1434833: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer
>>> "&mGuestContextCommonSmi.GuestContextPerCpu[Index].Register.Rdx" points to
>>> an object whose effective type is "unsigned long long" (64 bits, unsigned)
>>> but is dereferenced as a narrower "unsigned int" (32 bits, unsigned). This
>>> may lead to unexpected results depending on machine endianness.
1087 RegEdx = ReadUnaligned32 ((UINT32
*)&mGuestContextCommonSmi.GuestContextPerCpu[Index].Register.Rdx);
1088 if ((RegEdx & STM_CONFIG_SMI_UNBLOCKING_BY_VMX_OFF) != 0) {
1089 if (VmxMisc.Bits.VmxOffUnblockSmiSupport != 0) {
1090 AsmWriteMsr64 (IA32_SMM_MONITOR_CTL_MSR_INDEX,
AsmReadMsr64(IA32_SMM_MONITOR_CTL_MSR_INDEX) |
IA32_SMM_MONITOR_SMI_UNBLOCKING_BY_VMX_OFF);
1091 }
1092 }
** CID 1434832: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434832: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeSmmMsrHandler.c: 111 in
PeWriteMsrHandler()
105
106 SmmCpuState =
mGuestContextCommonSmi.GuestContextPerCpu[Index].SmmCpuState;
107
108 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[Index].Register;
109 MsrIndex = ReadUnaligned32 ((UINT32 *)&Reg->Rcx);
110
>>> CID 1434832: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rdx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
111 Data64 = LShiftU64 ((UINT64)ReadUnaligned32 ((UINT32 *)&Reg->Rdx),
32) | (UINT64)ReadUnaligned32 ((UINT32 *)&Reg->Rax);
112 DEBUG ((EFI_D_INFO, "%ld PeWriteMsrHandler - 0x%llx 0x%llx\n",
CpuIndex, MsrIndex, Data64));
113
114 switch (MsrIndex) {
115 case IA32_EFER_MSR_INDEX:
116 #if 0
** CID 1434831: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434831: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmVmcallHandler.c: 435 in
SmmVmcallHandler()
429 if (StmVmcallHandler == NULL) {
430 DEBUG((EFI_D_INFO, "%ld SmmVmcallHandler -
GetSmmVmcallHandlerByIndex - %x!\n", Index, (UINTN)ReadUnaligned32 ((UINT32
*)&Reg->Rax)));
431 // Should not happen
432 CpuDeadLoop ();
433 Status = ERROR_INVALID_API;
434 } else {
>>> CID 1434831: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rcx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
435 AddressParameter = ReadUnaligned32 ((UINT32 *)&Reg->Rbx) +
LShiftU64 (ReadUnaligned32 ((UINT32 *)&Reg->Rcx), 32);
436 Status = StmVmcallHandler (Index, AddressParameter);
437 }
438
439 WriteUnaligned32 ((UINT32 *)&Reg->Rax, Status);
440 if (Status == STM_SUCCESS) {
** CID 1434830: (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434830: (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Init/StmInit.c: 1237 in LaunchBack()
1231
1232 if(!IsResourceListValid ((STM_RSC
*)(UINTN)mHostContextCommon.HostContextPerCpu[Index].TxtProcessorSmmDescriptor->BiosHwResourceRequirementsPtr,
FALSE)) {
1233 DEBUG ((EFI_D_INFO, "%ld LaunchBack - ValidateBiosResourceList
fail!\n", Index));
1234 WriteUnaligned32 ((UINT32 *)&Reg->Rax,
ERROR_STM_MALFORMED_RESOURCE_LIST);
1235 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) | RFLAGS_CF);
1236 } else {
>>> CID 1434830: (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
1237 WriteUnaligned32 ((UINT32 *)&Reg->Rax, STM_SUCCESS);
1238 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) & ~RFLAGS_CF);
1239 }
1240 WriteUnaligned32 ((UINT32 *)&Reg->Rbx, 0); // Not support
STM_RSC_BGM or STM_RSC_BGI or STM_RSC_MSR
1241
1242 DEBUG ((EFI_D_INFO, "%ld !!!LaunchBack!!!\n", (UINTN)Index));
/3rdparty/stm/Stm/StmPkg/Core/Init/StmInit.c: 1226 in LaunchBack()
1220 //
1221 if ((Index == 0) && (ReadUnaligned32 ((UINT32 *)&Reg->Rax) ==
STM_API_INITIALIZE_PROTECTION)) {
1222 DEBUG ((EFI_D_INFO, "BIOS resource:\n"));
1223 DumpStmResource ((STM_RSC
*)(UINTN)mHostContextCommon.HostContextPerCpu[0].TxtProcessorSmmDescriptor->BiosHwResourceRequirementsPtr);
1224 }
1225 #endif
>>> CID 1434830: (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
1226 if (ReadUnaligned32 ((UINT32 *)&Reg->Rax) == STM_API_START) {
1227 // We need do additional thing for STM_API_START
1228
mGuestContextCommonSmm[SMI_HANDLER].GuestContextPerCpu[Index].Actived = TRUE;
1229 SmmSetup (Index);
1230 }
1231
/3rdparty/stm/Stm/StmPkg/Core/Init/StmInit.c: 1234 in LaunchBack()
1228
mGuestContextCommonSmm[SMI_HANDLER].GuestContextPerCpu[Index].Actived = TRUE;
1229 SmmSetup (Index);
1230 }
1231
1232 if(!IsResourceListValid ((STM_RSC
*)(UINTN)mHostContextCommon.HostContextPerCpu[Index].TxtProcessorSmmDescriptor->BiosHwResourceRequirementsPtr,
FALSE)) {
1233 DEBUG ((EFI_D_INFO, "%ld LaunchBack - ValidateBiosResourceList
fail!\n", Index));
>>> CID 1434830: (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
1234 WriteUnaligned32 ((UINT32 *)&Reg->Rax,
ERROR_STM_MALFORMED_RESOURCE_LIST);
1235 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) | RFLAGS_CF);
1236 } else {
1237 WriteUnaligned32 ((UINT32 *)&Reg->Rax, STM_SUCCESS);
1238 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) & ~RFLAGS_CF);
1239 }
** CID 1434829: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434829: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmCpuidHandler.c: 36 in SmmCpuidHandler()
30 X86_REGISTER *Reg;
31 UINT32 VmType = SMI_HANDLER;
32
33 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[Index].Register;
34
35 AsmCpuidEx (
>>> CID 1434829: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
36 ReadUnaligned32 ((UINT32 *)&Reg->Rax),
37 ReadUnaligned32 ((UINT32 *)&Reg->Rcx),
38 (UINT32 *)&Reg->Rax,
39 (UINT32 *)&Reg->Rbx,
40 (UINT32 *)&Reg->Rcx,
41 (UINT32 *)&Reg->Rdx
42 );
43 VmWriteN (VMCS_N_GUEST_RIP_INDEX, VmReadN(VMCS_N_GUEST_RIP_INDEX) +
VmRead32(VMCS_32_RO_VMEXIT_INSTRUCTION_LENGTH_INDEX));
44 return ;
** CID 1434828: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434828: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmiVmcallHandler.c: 1010 in
SmiVmcallHandler()
1004 DEBUG ((EFI_D_ERROR,
1005 "%ld SmiVmcallHandler - GetSmiVmcallHandlerByIndex-
Invalid API entry - %x!\n",
1006 Index,
1007 (UINTN)ReadUnaligned32 ((UINT32 *)&Reg->Rax)));
1008 Status = ERROR_INVALID_API;
1009 } else {
>>> CID 1434828: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rbx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
1010 AddressParameter = ReadUnaligned32 ((UINT32 *)&Reg->Rbx) +
LShiftU64 (ReadUnaligned32 ((UINT32 *)&Reg->Rcx), 32);
1011
1012 Status = StmVmcallHandler (Index, AddressParameter);
1013 }
1014
1015 if (Status == STM_SUCCESS) {
** CID 1434827: (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434827: (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeSmmVmcallHandler.c: 309 in
PeSmmVmcallHandler()
303 Status = ERROR_INVALID_API;
304 } else {
305 AddressParameter = ReadUnaligned32 ((UINT32
*)&Reg->Rbx) + LShiftU64 (ReadUnaligned32 ((UINT32 *)&Reg->Rcx), 32);
306 Status = StmVmcallHandler (Index, AddressParameter);
307 }
308
>>> CID 1434827: (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
309 WriteUnaligned32 ((UINT32 *)&Reg->Rax, Status);
310 if (Status == STM_SUCCESS) {
311 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) & ~RFLAGS_CF);
312 } else {
313 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) | RFLAGS_CF);
314 }
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeSmmVmcallHandler.c: 298 in
PeSmmVmcallHandler()
292
293 //DEBUG((EFI_D_INFO, "%ld PeSmmVmcallHandler - start\n",
Index));
294 VmType =
mHostContextCommon.HostContextPerCpu[Index].GuestVmType;
295
296 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[0].Register;
297
>>> CID 1434827: (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
298 StmVmcallHandler = GetPeSmmVmcallHandlerByIndex
(ReadUnaligned32 ((UINT32 *)&Reg->Rax));
299 if (StmVmcallHandler == NULL) {
300 DEBUG ((EFI_D_ERROR, "%ld PeSmmVmcallHandler -
GetPeSmmVmcallHandlerByIndex (no handler) - 0x%llx!\n",
301 Index,
302 ReadUnaligned32 ((UINT32 *)&Reg->Rax)));
303 Status = ERROR_INVALID_API;
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeSmmVmcallHandler.c: 300 in
PeSmmVmcallHandler()
294 VmType =
mHostContextCommon.HostContextPerCpu[Index].GuestVmType;
295
296 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[0].Register;
297
298 StmVmcallHandler = GetPeSmmVmcallHandlerByIndex
(ReadUnaligned32 ((UINT32 *)&Reg->Rax));
299 if (StmVmcallHandler == NULL) {
>>> CID 1434827: (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
300 DEBUG ((EFI_D_ERROR, "%ld PeSmmVmcallHandler -
GetPeSmmVmcallHandlerByIndex (no handler) - 0x%llx!\n",
301 Index,
302 ReadUnaligned32 ((UINT32 *)&Reg->Rax)));
303 Status = ERROR_INVALID_API;
304 } else {
305 AddressParameter = ReadUnaligned32 ((UINT32
*)&Reg->Rbx) + LShiftU64 (ReadUnaligned32 ((UINT32 *)&Reg->Rcx), 32);
** CID 1434826: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434826: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmCpuidHandler.c: 37 in SmmCpuidHandler()
31 UINT32 VmType = SMI_HANDLER;
32
33 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[Index].Register;
34
35 AsmCpuidEx (
36 ReadUnaligned32 ((UINT32 *)&Reg->Rax),
>>> CID 1434826: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rcx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
37 ReadUnaligned32 ((UINT32 *)&Reg->Rcx),
38 (UINT32 *)&Reg->Rax,
39 (UINT32 *)&Reg->Rbx,
40 (UINT32 *)&Reg->Rcx,
41 (UINT32 *)&Reg->Rdx
42 );
43 VmWriteN (VMCS_N_GUEST_RIP_INDEX, VmReadN(VMCS_N_GUEST_RIP_INDEX) +
VmRead32(VMCS_32_RO_VMEXIT_INSTRUCTION_LENGTH_INDEX));
44 return ;
** CID 1434825: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434825: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmMsrHandler.c: 139 in
SmmWriteMsrHandler()
133 STM_SMM_CPU_STATE *SmmCpuState;
134 UINT32 VmType = SMI_HANDLER;
135
136 SmmCpuState =
mGuestContextCommonSmi.GuestContextPerCpu[Index].SmmCpuState;
137
138 Reg =
&mGuestContextCommonSmm[VmType].GuestContextPerCpu[Index].Register;
>>> CID 1434825: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rcx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
139 MsrIndex = ReadUnaligned32 ((UINT32 *)&Reg->Rcx);
140
141 MsrDesc = GetStmResourceMsr
(mHostContextCommon.MleProtectedResource.Base, MsrIndex);
142 if ((MsrDesc != NULL) && (MsrDesc->WriteMask != 0)) {
143 DEBUG ((EFI_D_ERROR, "WRMSR (%x) violation!\n", MsrIndex));
144 AddEventLogForResource (EvtHandledProtectionException, (STM_RSC
*)MsrDesc);
** CID 1434824: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434824: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeSmmIoHandler.c: 64 in PeIoHandler()
58
59 if((PortNumber == 0x3D8)||(PortNumber == 0x3F8))
60 {
61 UINT64 AddressSpaceStart =
PeVmData[VmType].UserModule.AddressSpaceStart;
62 UINT64 AddressSpaceEnd =
PeVmData[VmType].UserModule.AddressSpaceStart +
PeVmData[VmType].UserModule.AddressSpaceSize;
63 GuestAddress = ReadUnaligned64((UINT64 *) &Reg->Rsi); // assume
that DS Base is zero
>>> CID 1434824: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rcx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
64 DataSize = ReadUnaligned32((UINT32 *) &Reg->Rcx);
65 //DEBUG((EFI_D_INFO, "%ld PeIoHandler - GuestAddress: 0x%016llx
DataSize: 0x%016llx \n", CpuIndex, GuestAddress, DataSize));
66 GuestAddressEnd = GuestAddress + DataSize;
67
68 // make sure the GuestAddress fits in the block that is within
69 // SMRAM
** CID 1434823: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________
*** CID 1434823: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 631 in PostPeVmProc()
625 if(PeVmData[PeType].StartMode == PEVM_START_VMCALL)
626 {
627 // setup the return codes
628
629 Reg =
&mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Register;
630
>>> CID 1434823: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer "&Reg->Rax" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
631 WriteUnaligned32 ((UINT32 *)&Reg->Rax, rc);
632 if (rc == PE_SUCCESS)
633 {
634 VmWriteN (VMCS_N_GUEST_RFLAGS_INDEX,
635 VmReadN(VMCS_N_GUEST_RFLAGS_INDEX) &
~RFLAGS_CF);
636 }
** CID 1434822: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/stm/Stm/StmPkg/Core/StmResource.c: 308 in IsResourceNodeValid()
________________________________________________________________________________________________________
*** CID 1434822: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/stm/Stm/StmPkg/Core/StmResource.c: 308 in IsResourceNodeValid()
302 }
303 break;
304 case MEM_RANGE:
305 if (ResourceNode->Header.Length != sizeof(STM_RSC_MEM_DESC)) {
306 goto CheckFail;
307 }
>>> CID 1434822: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "ResourceNode->Mem.RWXAttributes & -8 /* ~((1 | 2) | 4) */" is always 0
>>> regardless of the values of its operands. This occurs as a value.
308 if ((ResourceNode->Mem.RWXAttributes & ~(STM_RSC_MEM_R |
STM_RSC_MEM_W | STM_RSC_MEM_X)) != 0) {
309 goto CheckFail;
310 }
311 if (ResourceNode->Mem.Reserved != 0) {
312 goto CheckFail;
313 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dhv7l_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3SEjNL7ZcJJp-2B0ChkVAURTZQXyHUYuTN1uJMpi4oNSyTCP4eEJguMZSEWu9vQ9kv3G-2BJjmdN-2B-2B-2FF7jz8-2F7PfOXJR3aozEcYkQj3NCWk2aLfQuzC-2FWn7S6b-2FDvpbOEKntg-2FOdqs2Q-2BsFcMMqs8rvHdkRSgOToR2MniWWq1J73JOULNy5qqdpiO9K3HEkRbnMCs-3D
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
