From dbff52633a6edb8f69a69fc7040a93ff388083a1 Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Tue, 23 Jul 2019 09:45:18 +0100 Subject: [PATCH 1/4] Fix Coverity #342970, Uninitialized scalar variable This ensures that probe_data starts with a reasonable default, as opposed to whatever was left on the stack. Change-Id: I5550efea5e2bec7717f9fa063cb11e6a7005cce5 Signed-off-by: Justin Chadwell --- lib/extensions/ras/ras_common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/extensions/ras/ras_common.c b/lib/extensions/ras/ras_common.c index be8beceeb..64a48524b 100644 --- a/lib/extensions/ras/ras_common.c +++ b/lib/extensions/ras/ras_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -83,7 +83,8 @@ static int ras_interrupt_handler(uint32_t intr_raw, uint32_t flags, { struct ras_interrupt *ras_inrs = ras_interrupt_mappings.intrs; struct ras_interrupt *selected = NULL; - int start, end, mid, probe_data, ret __unused; + int probe_data = 0; + int start, end, mid, ret __unused; const struct err_handler_data err_data = { .version = ERR_HANDLER_VERSION, From 4249e8b94fde3dc41e867563f13b21f6b8296509 Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Tue, 23 Jul 2019 09:48:38 +0100 Subject: [PATCH 2/4] Fix Coverity #343008, Side affect in assertion This patch simply splits off the increment of next_xlat into a separate statement to ensure consistent behaviour if the assert was to ever be removed. Change-Id: I827f601ccea55f4da9442048419c9b8cc0c5d22e Signed-off-by: Justin Chadwell --- lib/xlat_tables/aarch32/nonlpae_tables.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/xlat_tables/aarch32/nonlpae_tables.c b/lib/xlat_tables/aarch32/nonlpae_tables.c index e31f9d840..bd6b152ef 100644 --- a/lib/xlat_tables/aarch32/nonlpae_tables.c +++ b/lib/xlat_tables/aarch32/nonlpae_tables.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2016-2017, Linaro Limited. All rights reserved. - * Copyright (c) 2014-2017, Arm Limited. All rights reserved. + * Copyright (c) 2014-2019, Arm Limited. All rights reserved. * Copyright (c) 2014, STMicroelectronics International N.V. * All rights reserved. * @@ -445,7 +445,8 @@ static mmap_region_t *init_xlation_table_inner(mmap_region_t *mm, } else { xlat_table = (unsigned long)mmu_l2_base + next_xlat * MMU32B_L2_TABLE_SIZE; - assert(++next_xlat <= MAX_XLAT_TABLES); + next_xlat++; + assert(next_xlat <= MAX_XLAT_TABLES); memset((char *)xlat_table, 0, MMU32B_L2_TABLE_SIZE); From fc6b626c6b6d17993764db9bc14c7c8457835854 Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Tue, 23 Jul 2019 09:54:07 +0100 Subject: [PATCH 3/4] Fix Coverity #343017, Missing unlock All other returns from this function unlock the responses_lock, so we also should release the lock in this case. Change-Id: Ie2cfa8755723fed79e809f9480190d11f373a217 Signed-off-by: Justin Chadwell --- services/std_svc/spm/spm_buffers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/std_svc/spm/spm_buffers.c b/services/std_svc/spm/spm_buffers.c index 3e0c9496f..79398ba15 100644 --- a/services/std_svc/spm/spm_buffers.c +++ b/services/std_svc/spm/spm_buffers.c @@ -38,6 +38,8 @@ int spm_response_add(uint16_t client_id, uint16_t handle, uint32_t token, struct sprt_response *resp = &(responses[i]); if ((resp->is_valid == 1) && (resp->token == token)) { + spin_unlock(&responses_lock); + return -1; } } From 9624c0a9e03ea01d3015beafb0a90cd9afd97eb0 Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Tue, 23 Jul 2019 14:56:48 +0100 Subject: [PATCH 4/4] Fix Coverity #261967, Infinite loop Coverity has identified that the __aeabi_imod function will loop forever if the denominator is not a power of 2, which is probably not the desired behaviour. The functions in the rest of the file are compiler implementations of division if ARMv7 does not implement division which is permitted by the spec. However, while most of the functions in the file are documented and referenced in other places online, __aeabi_uimod and __aeabi_imod are not. For this reason, these functions have been removed from the code base, which also removes the Coverity error. Change-Id: I20066d72365329a8b03a5536d865c4acaa2139ae Signed-off-by: Justin Chadwell --- lib/aarch32/arm32_aeabi_divmod.c | 47 -------------------------------- 1 file changed, 47 deletions(-) diff --git a/lib/aarch32/arm32_aeabi_divmod.c b/lib/aarch32/arm32_aeabi_divmod.c index 0b36cb6cf..ea8e2bbca 100644 --- a/lib/aarch32/arm32_aeabi_divmod.c +++ b/lib/aarch32/arm32_aeabi_divmod.c @@ -33,13 +33,11 @@ static void uint_div_qr(unsigned int numerator, unsigned int denominator, unsigned int __aeabi_uidivmod(unsigned int numerator, unsigned int denominator); unsigned int __aeabi_uidiv(unsigned int numerator, unsigned int denominator); -unsigned int __aeabi_uimod(unsigned int numerator, unsigned int denominator); /* returns in R0 and R1 by tail calling an asm function */ signed int __aeabi_idivmod(signed int numerator, signed int denominator); signed int __aeabi_idiv(signed int numerator, signed int denominator); -signed int __aeabi_imod(signed int numerator, signed int denominator); /* * __ste_idivmod_ret_t __aeabi_idivmod(signed numerator, signed denominator) @@ -106,15 +104,6 @@ unsigned int __aeabi_uidiv(unsigned int numerator, unsigned int denominator) return qr.q; } -unsigned int __aeabi_uimod(unsigned int numerator, unsigned int denominator) -{ - struct qr qr = { .q_n = 0, .r_n = 0 }; - - uint_div_qr(numerator, denominator, &qr); - - return qr.r; -} - unsigned int __aeabi_uidivmod(unsigned int numerator, unsigned int denominator) { struct qr qr = { .q_n = 0, .r_n = 0 }; @@ -145,42 +134,6 @@ signed int __aeabi_idiv(signed int numerator, signed int denominator) return qr.q; } -signed int __aeabi_imod(signed int numerator, signed int denominator) -{ - signed int s; - signed int i; - signed int j; - signed int h; - struct qr qr = { .q_n = 0, .r_n = 0 }; - - /* in case modulo of a power of 2 */ - for (i = 0, j = 0, h = 0, s = denominator; (s != 0) || (h > 1); i++) { - if (s & 1) { - j = i; - h++; - } - s = s >> 1; - } - if (h == 1) - return numerator >> j; - - if (((numerator < 0) && (denominator > 0)) || - ((numerator > 0) && (denominator < 0))) - qr.q_n = 1; /* quotient shall be negate */ - - if (numerator < 0) { - numerator = -numerator; - qr.r_n = 1; /* remainder shall be negate */ - } - - if (denominator < 0) - denominator = -denominator; - - uint_div_qr(numerator, denominator, &qr); - - return qr.r; -} - signed int __aeabi_idivmod(signed int numerator, signed int denominator) { struct qr qr = { .q_n = 0, .r_n = 0 };