From 885d503a60e791cd99b573bba3da9605a4c17b6a Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Mon, 17 Jun 2019 18:39:24 +0800
Subject: [PATCH] dm: refine 'assert' in hugetlb.c and mem.c

  cleanup 'assert' usage to avoid possible software vulnerabilities.

Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
---
 devicemodel/core/hugetlb.c |  5 -----
 devicemodel/core/mem.c     | 10 +++++-----
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/devicemodel/core/hugetlb.c b/devicemodel/core/hugetlb.c
index c111e4f4c..5b1e812af 100644
--- a/devicemodel/core/hugetlb.c
+++ b/devicemodel/core/hugetlb.c
@@ -36,7 +36,6 @@
 #include <sys/types.h>
 #include <fcntl.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "vmmapi.h"
 
@@ -267,7 +266,6 @@ static int mmap_hugetlbfs(struct vmctx *ctx, size_t offset,
 		pg_size = hugetlb_priv[level].pg_size;
 
 		while (len > 0) {
-			assert((offset & (pg_size - 1)) == 0);
 			ret = mmap_hugetlbfs_from_level(ctx, level, len, offset, skip);
 
 			if (ret < 0 && level > HUGETLB_LV1) {
@@ -297,7 +295,6 @@ static void get_lowmem_param(struct hugetlb_info *htlb,
 static size_t adj_lowmem_param(struct hugetlb_info *htlb,
 		struct hugetlb_info *htlb_prev, int adj_size)
 {
-	assert(htlb->lowmem >= adj_size);
 	htlb->lowmem -= adj_size;
 	htlb_prev->lowmem += adj_size;
 
@@ -314,7 +311,6 @@ static void get_highmem_param(struct hugetlb_info *htlb,
 static size_t adj_highmem_param(struct hugetlb_info *htlb,
 		struct hugetlb_info *htlb_prev, int adj_size)
 {
-	assert(htlb->highmem >= adj_size);
 	htlb->highmem -= adj_size;
 	htlb_prev->highmem += adj_size;
 
@@ -331,7 +327,6 @@ static void get_biosmem_param(struct hugetlb_info *htlb,
 static size_t adj_biosmem_param(struct hugetlb_info *htlb,
 		struct hugetlb_info *htlb_prev, int adj_size)
 {
-	assert(htlb->biosmem >= adj_size);
 	htlb->biosmem -= adj_size;
 	htlb_prev->biosmem += adj_size;
 
diff --git a/devicemodel/core/mem.c b/devicemodel/core/mem.c
index 9d2f4235c..432e4da2a 100644
--- a/devicemodel/core/mem.c
+++ b/devicemodel/core/mem.c
@@ -35,7 +35,6 @@
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <assert.h>
 #include <string.h>
 #include <pthread.h>
 
@@ -178,7 +177,8 @@ emulate_mem(struct vmctx *ctx, struct mmio_request *mmio_req)
 
 	pthread_rwlock_unlock(&mmio_rwlock);
 
-	assert(entry != NULL);
+	if (entry == NULL)
+		return -EINVAL;
 
 	if (mmio_req->direction == REQUEST_READ)
 		err = mem_read(ctx, 0, paddr, (uint64_t *)&mmio_req->value,
@@ -238,11 +238,11 @@ unregister_mem_int(struct mmio_rb_tree *rbt, struct mem_range *memp)
 	err = mmio_rb_lookup(rbt, memp->base, &entry);
 	if (err == 0) {
 		mr = &entry->mr_param;
-		if (strncmp(mr->name, memp->name, MEMNAMESZ)) {
+		if (strncmp(mr->name, memp->name, MEMNAMESZ)
+			|| (mr->base != memp->base) || (mr->size != memp->size)
+			|| ((mr->flags & MEM_F_IMMUTABLE) != 0)) {
 			err = -1;
 		} else {
-			assert(mr->base == memp->base && mr->size == memp->size);
-			assert((mr->flags & MEM_F_IMMUTABLE) == 0);
 			RB_REMOVE(mmio_rb_tree, rbt, entry);
 
 			/* flush Per-VM cache */