Hi Matthew,
On 10/7/25 23:20, Matthew Rosato wrote:
On 7/10/25 12:15 PM, Peter Maydell wrote:
The s390-pci-bus.c code, Coverity complains about a possible overflow
because get_table_index() can return -1 if the ett value passed in is
not one of the three permitted ZPCI_ETT_PT, ZPCI_ETT_ST, ZPCI_ETT_RT,
but the caller in table_translate() doesn't check this and instead
uses the return value directly in a calculation of the guest address
to read from.
In fact this case cannot happen, because:
* get_table_index() is called only from table_translate()
* the only caller of table_translate() loops through the ett values
in the order RT, ST, PT until table_translate() returns 0
* table_translate() will return 0 for the error cases and when
translate_iscomplete() returns true
* translate_iscomplete() is always true for ZPCI_ETT_PT
So table_translate() is always called with a valid ett value.
Instead of having the various functions called from table_translate()
return a default or dummy value when the ett argument is out of range,
use g_assert_not_reached() to indicate that this is impossible.
Coverity: CID 1547609
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
Disclaimer: only tested with 'make check/make check-functional'
Reviewed-by: Matthew Rosato <mjros...@linux.ibm.com>
Also to sanity check I ran various tests with s390x guests and a few different
PCI passthrough devices using a guest IOMMU to drive table_translate frequently.
Does that mean we can include your Tested-by: tag?
