dm: refine 'assert' usage in irq.c and wdt_i6300esb.c

cleanup 'assert' usage to avoid possible software vulnerabilities

Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>

devicemodel/hw/pci/irq.c

@@ -26,7 +26,6 @@
  */
 
 
-#include <assert.h>
 #include <pthread.h>
 #include <stdbool.h>
 #include <stdio.h>
@@ -80,7 +79,9 @@ pirq_valid_irq(int reg)
 uint8_t
 pirq_read(int pin)
 {
-	assert(pin > 0 && pin <= nitems(pirqs));
+	if (pin <= 0 || pin > nitems(pirqs))
+		return PIRQ_DIS;
+
 	return pirqs[pin - 1].reg;
 }
 
@@ -89,7 +90,9 @@ pirq_write(struct vmctx *ctx, int pin, uint8_t val)
 {
 	struct pirq *pirq;
 
-	assert(pin > 0 && pin <= nitems(pirqs));
+	if (pin <= 0 || pin > nitems(pirqs))
+		return;
+
 	pirq = &pirqs[pin - 1];
 	pthread_mutex_lock(&pirq->lock);
 	if (pirq->reg != (val & (PIRQ_DIS | PIRQ_IRQ))) {
@@ -103,21 +106,18 @@ pirq_write(struct vmctx *ctx, int pin, uint8_t val)
 }
 
 void
-pci_irq_reserve(int irq)
+pci_irq_reserve(int irq) {
-{
+	if ((irq >= 0 && irq < nitems(irq_counts)) && pirq_cold
-	assert(irq >= 0 && irq < nitems(irq_counts));
+		&& (irq_counts[irq] == 0 || irq_counts[irq] == IRQ_DISABLED))
-	assert(pirq_cold);
+		irq_counts[irq] = IRQ_DISABLED;
-	assert(irq_counts[irq] == 0 || irq_counts[irq] == IRQ_DISABLED);
-	irq_counts[irq] = IRQ_DISABLED;
 }
 
 void
 pci_irq_use(int irq)
 {
-	assert(irq >= 0 && irq < nitems(irq_counts));
+	if ((irq >= 0 && irq < nitems(irq_counts)) && pirq_cold
-	assert(pirq_cold);
+		&& (irq_counts[irq] != IRQ_DISABLED))
-	assert(irq_counts[irq] != IRQ_DISABLED);
+		irq_counts[irq]++;
-	irq_counts[irq]++;
 }
 
 void
@@ -186,7 +186,9 @@ pirq_alloc_pin(struct pci_vdev *dev)
 				best_count = irq_counts[irq];
 			}
 		}
-		assert(best_irq >= 0);
+		if (best_irq < 0)
+			return -1;
+
 		irq_counts[best_irq]++;
 		pirqs[best_pin].reg = best_irq;
 	}
@@ -197,7 +199,9 @@ pirq_alloc_pin(struct pci_vdev *dev)
 int
 pirq_irq(int pin)
 {
-	assert(pin > 0 && pin <= nitems(pirqs));
+	if (pin <= 0 || pin > nitems(pirqs))
+		return 0xFF;
+
 	return (pirqs[pin - 1].reg & PIRQ_IRQ);
 }
 

devicemodel/hw/pci/wdt_i6300esb.c

@@ -13,7 +13,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <stdbool.h>
 
 #include "vmmapi.h"
@@ -252,8 +251,6 @@ static void
 pci_wdt_bar_write(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 		  int baridx, uint64_t offset, int size, uint64_t value)
 {
-	assert(baridx == 0);
-
 	DPRINTF("%s: addr = 0x%x, val = 0x%x, size=%d\n",
 		__func__, (int) offset, (int)value, size);
 
@@ -269,7 +266,8 @@ pci_wdt_bar_write(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 			}
 		}
 	} else if (offset == ESB_RELOAD_REG) {
-		assert(size == 2);
+		if (size != 2)
+			return;
 
 		if (value == ESB_UNLOCK1)
 			wdt_state.unlock_state = 1;
@@ -306,7 +304,6 @@ pci_wdt_bar_read(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 {
 	uint64_t ret = 0;
 
-	assert(baridx == 0);
 	DPRINTF("%s: addr = 0x%x, size=%d\n\r", __func__, (int) offset, size);
 
 	if (offset == ESB_GIS_REG) {
@@ -315,7 +312,8 @@ pci_wdt_bar_read(struct vmctx *ctx, int vcpu, struct pci_vdev *dev,
 			ret |= ESB_WDT_INT_ACT;
 
 	} else if (offset == ESB_RELOAD_REG) {
-		assert(size == 2);
+		if (size != 2)
+			return 0;
 
 		DPRINTF("%s: timeout: %d\n\r", __func__, wdt_timeout);
 		if (wdt_timeout != 0)