Peter Maydell <peter.maydell@xxxxxxxxxx> writes:
> On Tue, 13 Jul 2021 at 17:19, Eduardo Habkost <ehabkost@xxxxxxxxxx> wrote:
>>
>> From: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
>>
>> To make Hyper-V features appear in e.g. QMP query-cpu-model-expansion we
>> need to expand and set the corresponding CPUID leaves early. Modify
>> x86_cpu_get_supported_feature_word() to call newly intoduced Hyper-V
>> specific kvm_hv_get_supported_cpuid() instead of
>> kvm_arch_get_supported_cpuid(). We can't use kvm_arch_get_supported_cpuid()
>> as Hyper-V specific CPUID leaves intersect with KVM's.
>>
>> Note, early expansion will only happen when KVM supports system wide
>> KVM_GET_SUPPORTED_HV_CPUID ioctl (KVM_CAP_SYS_HYPERV_CPUID).
>>
>> Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
>> Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
>> Message-Id: <20210608120817.1325125-6-vkuznets@xxxxxxxxxx>
>> Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
>
> Hi; Coverity reports an issue in this code (CID 1458243):
>
>> -static bool hyperv_expand_features(CPUState *cs, Error **errp)
>> +bool kvm_hyperv_expand_features(X86CPU *cpu, Error **errp)
>> {
>> - X86CPU *cpu = X86_CPU(cs);
>> + CPUState *cs = CPU(cpu);
>>
>> if (!hyperv_enabled(cpu))
>> return true;
>>
>> + /*
>> + * When kvm_hyperv_expand_features is called at CPU feature expansion
>> + * time per-CPU kvm_state is not available yet so we can only proceed
>> + * when KVM_CAP_SYS_HYPERV_CPUID is supported.
>> + */
>> + if (!cs->kvm_state &&
>> + !kvm_check_extension(kvm_state, KVM_CAP_SYS_HYPERV_CPUID))
>> + return true;
>
> Here we check whether cs->kvm_state is NULL, but even if it is
> NULL we can still continue execution further through the function.
>
> Later in the function we call hv_cpuid_get_host(), which in turn
> can call get_supported_hv_cpuid_legacy(), which can dereference
> cs->kvm_state without checking it.
get_supported_hv_cpuid_legacy() is only called when KVM_CAP_HYPERV_CPUID
is not supported and this is not possible with
KVM_CAP_SYS_HYPERV_CPUID. Coverity, of course, can't know that.
>
> So either the check on cs->kvm_state above is unnecessary, or we
> need to handle it being NULL in some way other than falling through.
It seems an assert(cs) before calling get_supported_hv_cpuid_legacy()
(with a proper comment) should do the job.
>
> Side note: this change isn't in line with our coding style, which
> requires braces around the body of the if().
My bad, will fix.
--
Vitaly
