From 81966c1801b8fb04bca451819f16ca92120ba970 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Fri, 30 Oct 2020 08:40:42 +0800 Subject: linux-user/mips/cpu_loop: silence the compiler warnings When using -Wimplicit-fallthrough in our CFLAGS, the compiler showed warning: linux-user/mips/cpu_loop.c: In function ‘cpu_loop’: linux-user/mips/cpu_loop.c:104:24: warning: this statement may fall through [-Wimplicit-fallthrough=] 104 | if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) { | ^ linux-user/mips/cpu_loop.c:107:17: note: here 107 | case 7: | ^~~~ linux-user/mips/cpu_loop.c:108:24: warning: this statement may fall through [-Wimplicit-fallthrough=] 108 | if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) { | ^ linux-user/mips/cpu_loop.c:111:17: note: here 111 | case 6: | ^~~~ linux-user/mips/cpu_loop.c:112:24: warning: this statement may fall through [-Wimplicit-fallthrough=] 112 | if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) { | ^ linux-user/mips/cpu_loop.c:115:17: note: here 115 | case 5: | ^~~~ Add the corresponding "fall through" comment to fix it. Reported-by: Euler Robot Signed-off-by: Chen Qun Reviewed-by: Thomas Huth Reviewed-by: Laurent Vivier Message-Id: <20201030004046.2191790-5-kuhn.chenqun@huawei.com> Signed-off-by: Laurent Vivier --- linux-user/mips/cpu_loop.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c index 553e8ca7f5..cfe7ba5c47 100644 --- a/linux-user/mips/cpu_loop.c +++ b/linux-user/mips/cpu_loop.c @@ -104,18 +104,22 @@ void cpu_loop(CPUMIPSState *env) if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) { goto done_syscall; } + /* fall through */ case 7: if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) { goto done_syscall; } + /* fall through */ case 6: if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) { goto done_syscall; } + /* fall through */ case 5: if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) { goto done_syscall; } + /* fall through */ default: break; } -- cgit v1.2.3-55-g7522 From 36d2dbc72df682df49c94a7a55f1e483f4f029a2 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 3 Nov 2020 14:26:36 +0000 Subject: linux-user: Use "!= 0" when checking if MAP_FIXED_NOREPLACE is non-zero In pgd_find_hole_fallback(), Coverity doesn't like the use of "if (MAP_FIXED_NOREPLACE || ...)" because it's using a logical operator on a constant other than 0 or 1 and its heuristic thinks we might have intended a bitwise operator instead. The logic is correct (we are checking whether the host really has a MAP_FIXED_NOREPLACE or whether we fell back to the "#define as 0 to ignore" from osdep.h); make Coverity happier by explicitly writing out the comparison with zero. Fixes: Coverity CID 1431059 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20201103142636.21125-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier --- linux-user/elfload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index bf8c1bd253..cae41d504d 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -2188,7 +2188,8 @@ static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk, PROT_NONE, flags, -1, 0); if (mmap_start != MAP_FAILED) { munmap((void *) align_start, guest_size); - if (MAP_FIXED_NOREPLACE || mmap_start == (void *) align_start) { + if (MAP_FIXED_NOREPLACE != 0 || + mmap_start == (void *) align_start) { return (uintptr_t) mmap_start + offset; } } -- cgit v1.2.3-55-g7522 From e4ce178b6153205c2e17a9b719287c83e1e67a72 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Tue, 3 Nov 2020 11:48:44 -0800 Subject: linux-user/syscall: Fix missing target_to_host_timespec64() check Coverity pointed out (CID 1432339) that target_to_host_timespec64() can fail with -TARGET_EFAULT but we never check the return value. This patch checks the return value and handles the error. Signed-off-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 6fef8181e7..3160a9ba06 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7592,7 +7592,9 @@ static int do_futex_time64(target_ulong uaddr, int op, int val, target_ulong tim case FUTEX_WAIT_BITSET: if (timeout) { pts = &ts; - target_to_host_timespec64(pts, timeout); + if (target_to_host_timespec64(pts, timeout)) { + return -TARGET_EFAULT; + } } else { pts = NULL; } -- cgit v1.2.3-55-g7522 From 022625a8ade3005addb42700a145bae6a1653240 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 3 Nov 2020 14:15:32 +0000 Subject: linux-user: Check copy_from_user() return value in vma_dump_size() Coverity points out that we don't check the return value from copy_from_user() in vma_dump_size(). This is to some extent a "can't happen" error since we've already checked the page with an access_ok() call earlier, but it's simple enough to handle the error anyway. Fixes: Coverity CID 1432362 Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier Message-Id: <20201103141532.19912-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier --- linux-user/elfload.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index cae41d504d..0b02a92602 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -3485,7 +3485,9 @@ static abi_ulong vma_dump_size(const struct vm_area_struct *vma) if (vma->vma_flags & PROT_EXEC) { char page[TARGET_PAGE_SIZE]; - copy_from_user(page, vma->vma_start, sizeof (page)); + if (copy_from_user(page, vma->vma_start, sizeof (page))) { + return 0; + } if ((page[EI_MAG0] == ELFMAG0) && (page[EI_MAG1] == ELFMAG1) && (page[EI_MAG2] == ELFMAG2) && -- cgit v1.2.3-55-g7522