Palacios Public Git Repository

To checkout Palacios execute 

  git clone http://v3vee.org/palacios/palacios.web/palacios.git
This will give you the master branch. You probably want the devel branch or one of the release branches. To switch to the devel branch, simply execute 
  cd palacios
  git checkout --track -b devel origin/devel
The other branches are similar.

projects / palacios.git / commitdiff
? search: re
summary | shortlog | log | commit | commitdiff | tree
raw (parent: fc4b729)
Cleanup and sanity-checking of explicit null derefs (Coverity static analysis)
Peter Dinda [Tue, 1 Sep 2015 19:11:36 +0000 (14:11 -0500)]
palacios/src/palacios/mmu/vmm_shdw_pg_tlb_32pae.h patch | blob | history
palacios/src/palacios/vmm.c patch | blob | history
palacios/src/palacios/vmm_debug.c patch | blob | history
palacios/src/palacios/vmm_mem.c patch | blob | history

diff --git a/palacios/src/palacios/mmu/vmm_shdw_pg_tlb_32pae.h b/palacios/src/palacios/mmu/vmm_shdw_pg_tlb_32pae.h
index d5e75a1..dd2f88b 100644 (file)
--- a/palacios/src/palacios/mmu/vmm_shdw_pg_tlb_32pae.h
+++ b/palacios/src/palacios/mmu/vmm_shdw_pg_tlb_32pae.h
@@ -73,7 +73,7 @@ static inline int handle_shadow_pagefault_32pae(struct guest_info * info, addr_t
     PrintDebug(info->vm_info, info, "32 bit PAE shadow paging page fault handler: %p\n", (void*)fault_addr);
     PrintDebug(info->vm_info, info, "Handling PDP fault\n");
     
-    if (v3_gpa_to_hva(info, guest_cr3, (addr_t*)guest_pdp) ==  -1) {
+    if (v3_gpa_to_hva(info, guest_cr3, (addr_t*)&guest_pdp) ==  -1) {
         PrintError(info->vm_info, info, "Invalid Guest PDPE Address: 0x%p\n", (void *)guest_cr3);
         return -1;
         
diff --git a/palacios/src/palacios/vmm.c b/palacios/src/palacios/vmm.c
index b0e973f..dbb1b8d 100644 (file)
--- a/palacios/src/palacios/vmm.c
+++ b/palacios/src/palacios/vmm.c
@@ -750,6 +750,8 @@ int v3_move_vm_mem(struct v3_vm_info * vm, void *gpa, int target_cpu) {
     }
 
     // Note, assumes virtual contiguity in the host OS... 
+    // A null deref here can only happen if the host does not provide the
+    // physical_to_virtual functions or if they do not work
     memcpy(V3_VAddr((void*)new_hpa), V3_VAddr((void*)(reg->host_addr)), num_pages*PAGE_SIZE);
 
     old_hpa = (void*)(reg->host_addr);
diff --git a/palacios/src/palacios/vmm_debug.c b/palacios/src/palacios/vmm_debug.c
index c2401e8..85bd8d2 100644 (file)
--- a/palacios/src/palacios/vmm_debug.c
+++ b/palacios/src/palacios/vmm_debug.c
@@ -406,17 +406,21 @@ void v3_print_backtrace(struct guest_info * core) {
                tmp_ptr += 3; // pass over symbol type
 
                if (sym_offset > rip_val) {
-                   char * end_ptr = strchr(sym_ptr, '\n');
-
-                   if (end_ptr) {
-                       *end_ptr = 0; // null terminate symbol...
+                   if (sym_ptr) {
+                       char * end_ptr = strchr(sym_ptr, '\n');
+                       
+                       if (end_ptr) {
+                           *end_ptr = 0; // null terminate symbol...
+                       }
+                       sym_name = sym_ptr;
+                   } else {
+                       sym_name = NULL;
                    }
-
-                   sym_name = sym_ptr;
                    break;
                }
 
                sym_ptr = tmp_ptr;
+
                { 
                    char * end_ptr2 = strchr(tmp_ptr, '\n');
 
diff --git a/palacios/src/palacios/vmm_mem.c b/palacios/src/palacios/vmm_mem.c
index ac91eeb..238fdc5 100644 (file)
--- a/palacios/src/palacios/vmm_mem.c
+++ b/palacios/src/palacios/vmm_mem.c
@@ -524,7 +524,7 @@ static struct v3_mem_region * get_next_mem_region( struct v3_vm_info * vm, uint1
     }
 
 
-    if (parent->guest_start > guest_addr) {
+    if (!parent || parent->guest_start > guest_addr) {
        return parent;
     } else if (parent->guest_end < guest_addr) {
        struct rb_node * node = &(parent->tree_node);
Public Palacios Development Repository for the V3VEE Project