coverity-model: update address_space_read/write models

Use void * for consistency with the actual function; provide a model for MemoryRegionCache functions and for address_space_rw. These let Coverity understand the bounds of the data that various functions read and write even at very high levels of inlining (e.g. pci_dma_read). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-27 17:50:09 +02:00 · 2021-07-27 17:50:09 +02:00 · d4b3d152ee
parent e4383ca240
commit d4b3d152ee
1 changed files with 45 additions and 3 deletions
--- a/scripts/coverity-scan/model.c
+++ b/scripts/coverity-scan/model.c
@ -45,9 +45,10 @@ typedef struct va_list_str *va_list;
 /* exec.c */

 typedef struct AddressSpace AddressSpace;
+typedef struct MemoryRegionCache MemoryRegionCache;
 typedef uint64_t hwaddr;
 typedef uint32_t MemTxResult;
-typedef uint64_t MemTxAttrs;
+typedef struct MemTxAttrs {} MemTxAttrs;

 static void __bufwrite(uint8_t *buf, ssize_t len)
 {
@ -67,9 +68,40 @@ static void __bufread(uint8_t *buf, ssize_t len)
    int last = buf[len-1];
 }

+MemTxResult address_space_read_cached(MemoryRegionCache *cache, hwaddr addr,
+                                      MemTxAttrs attrs,
+                                      void *buf, int len)
+{
+    MemTxResult result;
+    // TODO: investigate impact of treating reads as producing
+    // tainted data, with __coverity_tainted_data_argument__(buf).
+    __bufwrite(buf, len);
+    return result;
+}
+
+MemTxResult address_space_write_cached(MemoryRegionCache *cache, hwaddr addr,
+                                MemTxAttrs attrs,
+                                const void *buf, int len)
+{
+    MemTxResult result;
+    __bufread(buf, len);
+    return result;
+}
+
+MemTxResult address_space_rw_cached(MemoryRegionCache *cache, hwaddr addr,
+                                    MemTxAttrs attrs,
+                                    void *buf, int len, bool is_write)
+{
+    if (is_write) {
+        return address_space_write_cached(cache, addr, attrs, buf, len);
+    } else {
+        return address_space_read_cached(cache, addr, attrs, buf, len);
+    }
+}
+
 MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
                               MemTxAttrs attrs,
-                               uint8_t *buf, int len)
+                               void *buf, int len)
 {
    MemTxResult result;
    // TODO: investigate impact of treating reads as producing
@ -80,13 +112,23 @@ MemTxResult address_space_read(AddressSpace *as, hwaddr addr,

 MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
                                MemTxAttrs attrs,
-                                const uint8_t *buf, int len)
+                                const void *buf, int len)
 {
    MemTxResult result;
    __bufread(buf, len);
    return result;
 }

+MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
+                             MemTxAttrs attrs,
+                             void *buf, int len, bool is_write)
+{
+    if (is_write) {
+        return address_space_write(as, addr, attrs, buf, len);
+    } else {
+        return address_space_read(as, addr, attrs, buf, len);
+    }
+}

 /* Tainting */