OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity

security: fix issues reported by Klocwork 

- NULL pointer reference risk
 - buffer overflow risk

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang 2018-05-03 19:28:17 +08:00 committed by Jack Ren
parent b61e6af228
commit 85716e8b01
3 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hypervisor/arch/x86/assign.c
View File

@ -488,9 +488,7 @@ add_msix_remapping(struct vm *vm, uint16_t virt_bdf, uint16_t phys_bdf,
entry_id_from_msix(phys_bdf, msix_entry_index));
if (!entry) {
if (_lookup_entry_by_vmsi(vm, virt_bdf, msix_entry_index)) {
pr_err("MSIX re-add vbdf%x idx=%d to vm%d",
virt_bdf, entry->msi.msix_entry_index,
entry->vm->attr.id);
pr_err("MSIX re-add vbdf%x", virt_bdf);
spinlock_release(&ptdev_lock);
return &invalid_entry;
@ -566,8 +564,7 @@ add_intx_remapping(struct vm *vm, uint8_t virt_pin,
entry = _lookup_entry_by_id(entry_id_from_intx(phys_pin));
if (!entry) {
if (_lookup_entry_by_vintx(vm, virt_pin, vpin_src)) {
pr_err("INTX re-add vpin %d to vm%d",
virt_pin, entry->vm->attr.id);
pr_err("INTX re-add vpin %d", virt_pin);
spinlock_release(&ptdev_lock);
return &invalid_entry;
}

10
hypervisor/arch/x86/trusty.c
View File

@ -107,6 +107,11 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig,
void *sub_table_addr = NULL, *pml4_base = NULL;
struct vm *vm0 = get_vm_from_vmid(0);
if (vm0 == NULL) {
pr_err("Parse vm0 context failed.");
return;
}
if (!vm->sworld_control.sworld_enabled
|| vm->arch_vm.sworld_eptp != 0) {
pr_err("Sworld is not enabled or Sworld eptp is not NULL");
@ -182,6 +187,11 @@ void destroy_secure_world(struct vm *vm)
struct map_params map_params;
struct vm *vm0 = get_vm_from_vmid(0);
if (vm0 == NULL) {
pr_err("Parse vm0 context failed.");
return;
}
/* clear trusty memory space */
memset(HPA2HVA(vm->sworld_control.sworld_memory.base_hpa),
0, vm->sworld_control.sworld_memory.length);

20
hypervisor/debug/shell_internal.c
View File

@ -460,7 +460,7 @@ int shell_cmd_help(struct shell *p_shell,
/* Calculate spaces needed for alignment */
spaces = MAX_INDENT_LEN - strnlen_s(p_cmd->str,
MAX_INDENT_LEN) + 1;
MAX_INDENT_LEN - 1);
space_buf[spaces] = '\0';
shell_puts(p_shell, space_buf);
@ -913,6 +913,9 @@ int shell_show_cpu_int(struct shell *p_shell,
{
char *temp_str = alloc_page();
if (temp_str == NULL)
return -ENOMEM;
get_cpu_interrupt_info(temp_str, CPU_PAGE_SIZE);
shell_puts(p_shell, temp_str);
@ -926,6 +929,9 @@ int shell_show_ptdev_info(struct shell *p_shell,
{
char *temp_str = alloc_page();
if (temp_str == NULL)
return -ENOMEM;
get_ptdev_info(temp_str, CPU_PAGE_SIZE);
shell_puts(p_shell, temp_str);
@ -939,6 +945,9 @@ int shell_show_req_info(struct shell *p_shell,
{
char *temp_str = alloc_page();
if (temp_str == NULL)
return -ENOMEM;
get_req_info(temp_str, CPU_PAGE_SIZE);
shell_puts(p_shell, temp_str);
@ -952,6 +961,9 @@ int shell_show_vioapic_info(struct shell *p_shell, int argc, char **argv)
char *temp_str = alloc_page();
uint32_t vmid;
if (temp_str == NULL)
return -ENOMEM;
/* User input invalidation */
if (argc != 2) {
snprintf(temp_str, CPU_PAGE_SIZE, "\r\nvmid param needed\r\n");
@ -972,6 +984,9 @@ int shell_show_ioapic_info(struct shell *p_shell,
{
char *temp_str = alloc_pages(2);
if (temp_str == NULL)
return -ENOMEM;
get_ioapic_info(temp_str, 2 * CPU_PAGE_SIZE);
shell_puts(p_shell, temp_str);
@ -985,6 +1000,9 @@ int shell_show_vmexit_profile(struct shell *p_shell,
{
char *temp_str = alloc_pages(2);
if (temp_str == NULL)
return -ENOMEM;
get_vmexit_profile(temp_str, 2*CPU_PAGE_SIZE);
shell_puts(p_shell, temp_str);