From 4a7a119b91eedd16f52001b50df0fd5c223ada08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20Szcz=C4=99k?= Date: Tue, 20 Aug 2024 23:11:24 +0000 Subject: hw/i386/pc: Remove vmport value assertion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no need for this assertion here, as we only use vmport value for equality/inequality checks. This was originally prompted by the following Coverity report: >>> CID 1559533: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "pcms->vmport >= 0" is always true regardless of the values of >>> its operands. This occurs as the logical first operand of "&&". Signed-off-by: Kamil Szczęk Reported-By: Philippe Mathieu-Daudé Link: https://lore.kernel.org/r/ZwF9ZexNs1h-uC0MrbkgGtMtdyLinROjVSmMNVzNftjGVWgOiuzdD1dSXEtzNH7OHbBFY6GVDYVFIDBgc3lhGqCOb7kaNZolSBkVyl3rNr4=@szczek.dev Signed-off-by: Paolo Bonzini --- hw/i386/pc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index f9147fecbd..317aaca25a 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1228,7 +1228,6 @@ void pc_basic_device_init(struct PCMachineState *pcms, isa_realize_and_unref(pcms->pcspk, isa_bus, &error_fatal); } - assert(pcms->vmport >= 0 && pcms->vmport < ON_OFF_AUTO__MAX); if (pcms->vmport == ON_OFF_AUTO_AUTO) { pcms->vmport = (xen_enabled() || !pcms->i8042_enabled) ? ON_OFF_AUTO_OFF : ON_OFF_AUTO_ON; -- cgit v1.2.3 From 19d542cc0bce0b3641e80444374f9ffd8294a15b Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Wed, 23 Oct 2024 11:29:22 -0700 Subject: hvf: remove unused but set variable fixes associated warning when building on MacOS. Signed-off-by: Pierrick Bouvier Link: https://lore.kernel.org/r/20241023182922.1040964-1-pierrick.bouvier@linaro.org Signed-off-by: Paolo Bonzini --- target/i386/hvf/x86_task.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/target/i386/hvf/x86_task.c b/target/i386/hvf/x86_task.c index f09bfbdda5..cdea2ea69d 100644 --- a/target/i386/hvf/x86_task.c +++ b/target/i386/hvf/x86_task.c @@ -122,7 +122,6 @@ void vmx_handle_task_switch(CPUState *cpu, x68_segment_selector tss_sel, int rea load_regs(cpu); struct x86_segment_descriptor curr_tss_desc, next_tss_desc; - int ret; x68_segment_selector old_tss_sel = vmx_read_segment_selector(cpu, R_TR); uint64_t old_tss_base = vmx_read_segment_base(cpu, R_TR); uint32_t desc_limit; @@ -138,7 +137,7 @@ void vmx_handle_task_switch(CPUState *cpu, x68_segment_selector tss_sel, int rea if (reason == TSR_IDT_GATE && gate_valid) { int dpl; - ret = x86_read_call_gate(cpu, &task_gate_desc, gate); + x86_read_call_gate(cpu, &task_gate_desc, gate); dpl = task_gate_desc.dpl; x68_segment_selector cs = vmx_read_segment_selector(cpu, R_CS); @@ -167,11 +166,12 @@ void vmx_handle_task_switch(CPUState *cpu, x68_segment_selector tss_sel, int rea x86_write_segment_descriptor(cpu, &next_tss_desc, tss_sel); } - if (next_tss_desc.type & 8) - ret = task_switch_32(cpu, tss_sel, old_tss_sel, old_tss_base, &next_tss_desc); - else + if (next_tss_desc.type & 8) { + task_switch_32(cpu, tss_sel, old_tss_sel, old_tss_base, &next_tss_desc); + } else { //ret = task_switch_16(cpu, tss_sel, old_tss_sel, old_tss_base, &next_tss_desc); VM_PANIC("task_switch_16"); + } macvm_set_cr0(cpu->accel->fd, rvmcs(cpu->accel->fd, VMCS_GUEST_CR0) | CR0_TS_MASK); -- cgit v1.2.3 From 9c2644948c71db61a04f22398cde72224a98267a Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Sun, 10 Nov 2024 23:09:00 +0800 Subject: hw/core/machine-smp: Initialize caches_bitmap before reading MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The caches_bitmap is defined in machine_parse_smp_cache(), but it was not initialized. Initialize caches_bitmap by clearing all its bits to zero. Resolves: Coverity CID 1565389 Fixes: 4e88e7e3403d ("qapi/qom: Define cache enumeration and properties for machine") Reported-by: Peter Maydell Signed-off-by: Zhao Liu Reviewed-by: Philippe Mathieu-Daudé Link: https://lore.kernel.org/r/20241110150901.130647-2-zhao1.liu@intel.com Signed-off-by: Paolo Bonzini --- hw/core/machine-smp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/core/machine-smp.c b/hw/core/machine-smp.c index 640b2114b4..b87637c78f 100644 --- a/hw/core/machine-smp.c +++ b/hw/core/machine-smp.c @@ -290,6 +290,7 @@ bool machine_parse_smp_cache(MachineState *ms, const SmpCachePropertiesList *node; DECLARE_BITMAP(caches_bitmap, CACHE_LEVEL_AND_TYPE__MAX); + bitmap_zero(caches_bitmap, CACHE_LEVEL_AND_TYPE__MAX); for (node = caches; node; node = node->next) { /* Prohibit users from repeating settings. */ if (test_bit(node->value->cache, caches_bitmap)) { -- cgit v1.2.3 From 37ee17eebb93eb485fc122452a4c7e9202a8b449 Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Sun, 10 Nov 2024 23:09:01 +0800 Subject: hw/core/machine-smp: Fix error message parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the loop checking smp cache support, the error message should report the current cache level and type. Fix the parameter of error_setg() to ensure it reports the correct cache level and type. Resolves: Coverity CID 1565391 Fixes: f35c0221fef8 ("hw/core: Check smp cache topology support for machine") Reported-by: Peter Maydell Signed-off-by: Zhao Liu Reviewed-by: Philippe Mathieu-Daudé Link: https://lore.kernel.org/r/20241110150901.130647-3-zhao1.liu@intel.com Signed-off-by: Paolo Bonzini --- hw/core/machine-smp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/core/machine-smp.c b/hw/core/machine-smp.c index b87637c78f..b954eb8490 100644 --- a/hw/core/machine-smp.c +++ b/hw/core/machine-smp.c @@ -317,7 +317,7 @@ bool machine_parse_smp_cache(MachineState *ms, !mc->smp_props.cache_supported[props->cache]) { error_setg(errp, "%s cache topology not supported by this machine", - CacheLevelAndType_str(node->value->cache)); + CacheLevelAndType_str(props->cache)); return false; } -- cgit v1.2.3 From b73d7eff1eedb2399cd594bc872d5db13506d951 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 19 Nov 2024 22:31:22 +0100 Subject: scsi: fix allocation for s390x loadparm Coverity reports a possible buffer overrun due to a non-NUL-terminated string in scsi_property_set_loadparm(). While things are not so easy, because qdev_prop_sanitize_s390x_loadparm is designed to operate on a buffer that is not NUL-terminated, in this case the string *does* have to be NUL-terminated because it is read by scsi_property_get_loadparm and s390_build_iplb. Reviewed-by: jrossi@linux.ibm.com Cc: thuth@redhat.com Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18) Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-disk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 8e553487d5..7f13b0588f 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const char *value, return; } - lp_str = g_malloc0(strlen(value)); + lp_str = g_malloc0(strlen(value) + 1); if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) { g_free(lp_str); return; -- cgit v1.2.3