coverity-model: model address_space_read/write

Commit eb7eeb8 ("memory: split address_space_read and address_space_write", 2015-12-17) made address_space_rw dispatch to one of address_space_read or address_space_write, rather than vice versa. For callers of address_space_read and address_space_write this causes false positive defects when Coverity sees a length-8 write in address_space_read and a length-4 (e.g. int*) buffer to read into. As long as the size of the buffer is okay, this is a false positive. Reflect the code change into the model. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20170315081641.20588-1-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2017-03-15 09:16:41 +01:00 · 2017-03-15 09:16:41 +01:00 · 4d0e72396b
commit 4d0e72396b
parent 157db293eb
1 changed files with 14 additions and 5 deletions
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@ -67,18 +67,27 @@ static void __bufread(uint8_t *buf, ssize_t len)
    int last = buf[len-1];
 }

-MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
-                             uint8_t *buf, int len, bool is_write)
+MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
+                               MemTxAttrs attrs,
+                               uint8_t *buf, int len)
 {
    MemTxResult result;
-
    // TODO: investigate impact of treating reads as producing
    // tainted data, with __coverity_tainted_data_argument__(buf).
-    if (is_write) __bufread(buf, len); else __bufwrite(buf, len);
-
+    __bufwrite(buf, len);
    return result;
 }

+MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
+                                MemTxAttrs attrs,
+                                const uint8_t *buf, int len)
+{
+    MemTxResult result;
+    __bufread(buf, len);
+    return result;
+}
+
+
 /* Tainting */

 typedef struct {} name2keysym_t;