From 13228d910fef7dc73acb3d3400bcca2dbba1deb5 Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Mon, 17 Jun 2019 18:51:08 +0800
Subject: [PATCH] dm: refine 'assert' usage in irq.c and wdt_i6300esb.c

  cleanup 'assert' usage to avoid possible software vulnerabilities

Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
---
 devicemodel/hw/pci/irq.c          | 34 +++++++++++++++++--------------
 devicemodel/hw/pci/wdt_i6300esb.c | 10 ++++-----
 2 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/devicemodel/hw/pci/irq.c b/devicemodel/hw/pci/irq.c
index 1bc156a59..9d4ea323a 100644
--- a/devicemodel/hw/pci/irq.c
+++ b/devicemodel/hw/pci/irq.c
@@ -26,7 +26,6 @@
  */
 
 
-#include <assert.h>
 #include <pthread.h>
 #include <stdbool.h>
 #include <stdio.h>
@@ -80,7 +79,9 @@ pirq_valid_irq(int reg)
 uint8_t
 pirq_read(int pin)
 {
-	assert(pin > 0 && pin <= nitems(pirqs));
+	if (pin <= 0 || pin > nitems(pirqs))
+		return PIRQ_DIS;
+
 	return pirqs[pin - 1].reg;
 }
 
@@ -89,7 +90,9 @@ pirq_write(struct vmctx *ctx, int pin, uint8_t val)
 {
 	struct pirq *pirq;
 
-	assert(pin > 0 && pin <= nitems(pirqs));
+	if (pin <= 0 || pin > nitems(pirqs))
+		return;
+
 	pirq = &pirqs[pin - 1];
 	pthread_mutex_lock(&pirq->lock);
 	if (pirq->reg != (val & (PIRQ_DIS | PIRQ_IRQ))) {
@@ -103,21 +106,18 @@ pirq_write(struct vmctx *ctx, int pin, uint8_t val)
 }
 
 void
-pci_irq_reserve(int irq)
-{
-	assert(irq >= 0 && irq < nitems(irq_counts));
-	assert(pirq_cold);
-	assert(irq_counts[irq] == 0 || irq_counts[irq] == IRQ_DISABLED);
-	irq_counts[irq] = IRQ_DISABLED;
+pci_irq_reserve(int irq) {
+	if ((irq >= 0 && irq < nitems(irq_counts)) && pirq_cold
+		&& (irq_counts[irq] == 0 || irq_counts[irq] == IRQ_DISABLED))
+		irq_counts[irq] = IRQ_DISABLED;
 }
 
 void
 pci_irq_use(int irq)
 {
-	assert(irq >= 0 && irq < nitems(irq_counts));
-	assert(pirq_cold);
-	assert(irq_counts[irq] != IRQ_DISABLED);
-	irq_counts[irq]++;
+	if ((irq >= 0 && irq < nitems(irq_counts)) && pirq_cold
+		&& (irq_counts[irq] != IRQ_DISABLED))
+		irq_counts[irq]++;
 }
 
 void
@@ -186,7 +186,9 @@ pirq_alloc_pin(struct pci_vdev *dev)
 				best_count = irq_counts[irq];
 			}
 		}
-		assert(best_irq >= 0);
+		if (best_irq < 0)
+			return -1;
+
 		irq_counts[best_irq]++;
 		pirqs[best_pin].reg = best_irq;
 	}
@@ -197,7 +199,9 @@ pirq_alloc_pin(struct pci_vdev *dev)
 int
 pirq_irq(int pin)
 {
-	assert(pin > 0 && pin <= nitems(pirqs));
+	if (pin <= 0 || pin > nitems(pirqs))
+		return 0xFF;
+
 	return (pirqs[pin - 1].reg & PIRQ_IRQ);
 }
 
diff --git a/devicemodel/hw/pci/wdt_i6300esb.c b/devicemodel/hw/pci/wdt_i6300esb.c
index 8b395843b..ca60277a2 100644
--- a/devicemodel/hw/pci/wdt_i6300esb.c
+++ b/devicemodel/hw/pci/wdt_i6300esb.c
@@ -13,7 +13,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <stdbool.h>
 
 #include "vmmapi.h"
@@ -252,8 +251,6 @@ static void
 pci_wdt_bar_write(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 		  int baridx, uint64_t offset, int size, uint64_t value)
 {
-	assert(baridx == 0);
-
 	DPRINTF("%s: addr = 0x%x, val = 0x%x, size=%d\n",
 		__func__, (int) offset, (int)value, size);
 
@@ -269,7 +266,8 @@ pci_wdt_bar_write(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 			}
 		}
 	} else if (offset == ESB_RELOAD_REG) {
-		assert(size == 2);
+		if (size != 2)
+			return;
 
 		if (value == ESB_UNLOCK1)
 			wdt_state.unlock_state = 1;
@@ -306,7 +304,6 @@ pci_wdt_bar_read(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 {
 	uint64_t ret = 0;
 
-	assert(baridx == 0);
 	DPRINTF("%s: addr = 0x%x, size=%d\n\r", __func__, (int) offset, size);
 
 	if (offset == ESB_GIS_REG) {
@@ -315,7 +312,8 @@ pci_wdt_bar_read(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 			ret |= ESB_WDT_INT_ACT;
 
 	} else if (offset == ESB_RELOAD_REG) {
-		assert(size == 2);
+		if (size != 2)
+			return 0;
 
 		DPRINTF("%s: timeout: %d\n\r", __func__, wdt_timeout);
 		if (wdt_timeout != 0)