From b6d73be1a626ba8ac0ac33bf38b5b5780b5affee Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Tue, 13 Mar 2018 17:02:51 +0800
Subject: [PATCH] Enable FORTIFY and FORMAT SECURITY compile flags

1. Enable below 2 defenses in Makefile
   "-O2 -D_FORTIFY_SOURCE=2"
   "-Wformat -Wformat-security"

2. Update related source code impacted by above 2 flags

Change-Id: Ib42214848f030b4cf508cd7c52a7e3cc809435d9
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
---
 devicemodel/Makefile                   |  2 ++
 devicemodel/core/consport.c            | 15 +++++++-----
 devicemodel/core/mevent.c              |  7 ++++--
 devicemodel/hw/pci/core.c              | 34 +++++++++++++++-----------
 devicemodel/hw/pci/irq.c               | 21 +++++++++++++---
 devicemodel/hw/pci/lpc.c               | 10 ++++++--
 devicemodel/hw/pci/virtio/virtio_net.c | 13 +++++++---
 devicemodel/hw/platform/uart_core.c    | 14 +++++++----
 devicemodel/include/mevent.h           |  2 +-
 9 files changed, 81 insertions(+), 37 deletions(-)

diff --git a/devicemodel/Makefile b/devicemodel/Makefile
index cb0617e09..9c24dc9d3 100644
--- a/devicemodel/Makefile
+++ b/devicemodel/Makefile
@@ -17,6 +17,8 @@ CFLAGS += -DNO_OPENSSL
 CFLAGS += -m64
 CFLAGS += -Wall -ffunction-sections
 CFLAGS += -Werror
+CFLAGS += -O2 -D_FORTIFY_SOURCE=2
+CFLAGS += -Wformat -Wformat-security
 
 CFLAGS += -I$(BASEDIR)/include
 CFLAGS += -I$(BASEDIR)/include/public
diff --git a/devicemodel/core/consport.c b/devicemodel/core/consport.c
index 65f7e1e00..ac6bd41ec 100644
--- a/devicemodel/core/consport.c
+++ b/devicemodel/core/consport.c
@@ -84,17 +84,20 @@ ttyread(void)
 	char rb;
 
 	if (tty_char_available()) {
-		read(STDIN_FILENO, &rb, 1);
-		return (rb & 0xff);
-	} else {
-		return -1;
+		if (read(STDIN_FILENO, &rb, 1) > 0)
+			return (rb & 0xff);
 	}
+	return -1;
 }
 
-static void
+
+static	int
 ttywrite(unsigned char wb)
 {
-	(void) write(STDOUT_FILENO, &wb, 1);
+	if (write(STDOUT_FILENO, &wb, 1) > 0)
+		return 1;
+
+	return -1;
 }
 
 static int
diff --git a/devicemodel/core/mevent.c b/devicemodel/core/mevent.c
index 54c1c294e..d4db826b6 100644
--- a/devicemodel/core/mevent.c
+++ b/devicemodel/core/mevent.c
@@ -109,7 +109,8 @@ mevent_pipe_read(int fd, enum ev_type type, void *param)
 	} while (status == MEVENT_MAX);
 }
 
-void
+/*On error, -1 is returned, else return zero*/
+int
 mevent_notify(void)
 {
 	char c;
@@ -119,7 +120,9 @@ mevent_notify(void)
 	 * pipe to force the i/o thread to exit the blocking epoll call.
 	 */
 	if (mevent_pipefd[1] != 0 && pthread_self() != mevent_tid)
-		write(mevent_pipefd[1], &c, 1);
+		if (write(mevent_pipefd[1], &c, 1) <= 0)
+			return -1;
+	return 0;
 }
 
 static int
diff --git a/devicemodel/hw/pci/core.c b/devicemodel/hw/pci/core.c
index 73af37a2b..43e1db182 100644
--- a/devicemodel/hw/pci/core.c
+++ b/devicemodel/hw/pci/core.c
@@ -2032,6 +2032,7 @@ pci_emul_diow(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
 	      uint64_t offset, int size, uint64_t value)
 {
 	int i;
+	void *offset_ptr;
 	struct pci_emul_dummy *dummy = dev->arg;
 
 	if (baridx == 0) {
@@ -2041,12 +2042,13 @@ pci_emul_diow(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
 			return;
 		}
 
+		offset_ptr = (void *) &dummy->ioregs[offset];
 		if (size == 1)
-			dummy->ioregs[offset] = value & 0xff;
+			*(uint8_t *)offset_ptr = value & 0xff;
 		else if (size == 2)
-			*(uint16_t *)&dummy->ioregs[offset] = value & 0xffff;
+			*(uint16_t *)offset_ptr = value & 0xffff;
 		else if (size == 4)
-			*(uint32_t *)&dummy->ioregs[offset] = value;
+			*(uint32_t *)offset = value;
 		else
 			printf("diow: iow unknown size %d\n", size);
 
@@ -2071,14 +2073,15 @@ pci_emul_diow(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
 
 		i = baridx - 1;		/* 'memregs' index */
 
+		offset_ptr = (void *) &dummy->memregs[i][offset];
 		if (size == 1)
-			dummy->memregs[i][offset] = value;
+			*(uint8_t *)offset_ptr = value;
 		else if (size == 2)
-			*(uint16_t *)&dummy->memregs[i][offset] = value;
+			*(uint16_t *)offset_ptr = value;
 		else if (size == 4)
-			*(uint32_t *)&dummy->memregs[i][offset] = value;
+			*(uint32_t *)offset_ptr = value;
 		else if (size == 8)
-			*(uint64_t *)&dummy->memregs[i][offset] = value;
+			*(uint64_t *)offset_ptr = value;
 		else
 			printf("diow: memw unknown size %d\n", size);
 
@@ -2098,6 +2101,7 @@ pci_emul_dior(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
 	struct pci_emul_dummy *dummy = dev->arg;
 	uint32_t value = 0;
 	int i;
+	void *offset_ptr;
 
 	if (baridx == 0) {
 		if (offset + size > DIOSZ) {
@@ -2107,12 +2111,13 @@ pci_emul_dior(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
 		}
 
 		value = 0;
+		offset_ptr = (void *) &dummy->ioregs[offset];
 		if (size == 1)
-			value = dummy->ioregs[offset];
+			value = *(uint8_t *)offset_ptr;
 		else if (size == 2)
-			value = *(uint16_t *) &dummy->ioregs[offset];
+			value = *(uint16_t *)offset_ptr;
 		else if (size == 4)
-			value = *(uint32_t *) &dummy->ioregs[offset];
+			value = *(uint32_t *)offset_ptr;
 		else
 			printf("dior: ior unknown size %d\n", size);
 	}
@@ -2126,14 +2131,15 @@ pci_emul_dior(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
 
 		i = baridx - 1;		/* 'memregs' index */
 
+		offset_ptr = (void *) &dummy->memregs[i][offset];
 		if (size == 1)
-			value = dummy->memregs[i][offset];
+			value = *(uint8_t *)offset_ptr;
 		else if (size == 2)
-			value = *(uint16_t *) &dummy->memregs[i][offset];
+			value = *(uint16_t *)offset_ptr;
 		else if (size == 4)
-			value = *(uint32_t *) &dummy->memregs[i][offset];
+			value = *(uint32_t *)offset_ptr;
 		else if (size == 8)
-			value = *(uint64_t *) &dummy->memregs[i][offset];
+			value = *(uint64_t *)offset_ptr;
 		else
 			printf("dior: ior unknown size %d\n", size);
 	}
diff --git a/devicemodel/hw/pci/irq.c b/devicemodel/hw/pci/irq.c
index b7fb269d1..f09af70bc 100644
--- a/devicemodel/hw/pci/irq.c
+++ b/devicemodel/hw/pci/irq.c
@@ -248,11 +248,24 @@ pirq_dsdt(void)
 	for (irq = 0; irq < nitems(irq_counts); irq++) {
 		if (!IRQ_PERMITTED(irq))
 			continue;
-		if (irq_prs == NULL)
-			asprintf(&irq_prs, "%d", irq);
-		else {
+		if (irq_prs == NULL) {
+			if (asprintf(&irq_prs, "%d", irq) < 0) {
+				/*error*/
+				if (irq_prs != NULL)
+					free(irq_prs);
+
+				return;
+			}
+		} else {
 			old = irq_prs;
-			asprintf(&irq_prs, "%s,%d", old, irq);
+			if (asprintf(&irq_prs, "%s,%d", old, irq) < 0) {
+				/*error*/
+				if (irq_prs != NULL)
+					free(irq_prs);
+
+				free(old);
+				return;
+			}
 			free(old);
 		}
 	}
diff --git a/devicemodel/hw/pci/lpc.c b/devicemodel/hw/pci/lpc.c
index cd1d25e1a..d193dbff8 100644
--- a/devicemodel/hw/pci/lpc.c
+++ b/devicemodel/hw/pci/lpc.c
@@ -421,11 +421,17 @@ pci_lpc_deinit(struct vmctx *ctx, struct pci_vdev *pi, char *opts)
 char *
 lpc_pirq_name(int pin)
 {
-	char *name;
+	char *name = NULL;
 
 	if (lpc_bridge == NULL)
 		return NULL;
-	asprintf(&name, "\\_SB.PCI0.ISA.LNK%c,", 'A' + pin - 1);
+
+	if (asprintf(&name, "\\_SB.PCI0.ISA.LNK%c,", 'A' + pin - 1) < 0) {
+		if (name != NULL)
+			free(name);
+
+		return NULL;
+	}
 	return name;
 }
 
diff --git a/devicemodel/hw/pci/virtio/virtio_net.c b/devicemodel/hw/pci/virtio/virtio_net.c
index e231d530e..eeaf7a92b 100644
--- a/devicemodel/hw/pci/virtio/virtio_net.c
+++ b/devicemodel/hw/pci/virtio/virtio_net.c
@@ -280,6 +280,7 @@ virtio_net_tap_tx(struct virtio_net *net, struct iovec *iov, int iovcnt,
 		  int len)
 {
 	static char pad[60]; /* all zero bytes */
+	ssize_t ret;
 
 	if (net->tapfd == -1)
 		return;
@@ -294,7 +295,8 @@ virtio_net_tap_tx(struct virtio_net *net, struct iovec *iov, int iovcnt,
 		iov[iovcnt].iov_len = 60 - len;
 		iovcnt++;
 	}
-	(void) writev(net->tapfd, iov, iovcnt);
+	ret = writev(net->tapfd, iov, iovcnt);
+	(void)ret; /*avoid compiler warning*/
 }
 
 /*
@@ -335,6 +337,7 @@ virtio_net_tap_rx(struct virtio_net *net)
 	void *vrx;
 	int len, n;
 	uint16_t idx;
+	ssize_t ret;
 
 	/*
 	 * Should never be called without a valid tap fd
@@ -349,7 +352,9 @@ virtio_net_tap_rx(struct virtio_net *net)
 		/*
 		 * Drop the packet and try later.
 		 */
-		(void) read(net->tapfd, dummybuf, sizeof(dummybuf));
+		ret = read(net->tapfd, dummybuf, sizeof(dummybuf));
+		(void)ret; /*avoid compiler warning*/
+
 		return;
 	}
 
@@ -362,7 +367,9 @@ virtio_net_tap_rx(struct virtio_net *net)
 		 * Drop the packet and try later.  Interrupt on
 		 * empty, if that's negotiated.
 		 */
-		(void) read(net->tapfd, dummybuf, sizeof(dummybuf));
+		ret = read(net->tapfd, dummybuf, sizeof(dummybuf));
+		(void)ret; /*avoid compiler warning*/
+
 		vq_endchains(vq, 1);
 		return;
 	}
diff --git a/devicemodel/hw/platform/uart_core.c b/devicemodel/hw/platform/uart_core.c
index c542aaa04..a808691d0 100644
--- a/devicemodel/hw/platform/uart_core.c
+++ b/devicemodel/hw/platform/uart_core.c
@@ -148,16 +148,20 @@ ttyread(struct ttyfd *tf)
 {
 	unsigned char rb;
 
-	if (read(tf->fd, &rb, 1) == 1)
+	if (read(tf->fd, &rb, 1) > 0)
 		return rb;
-	else
-		return -1;
+
+	return -1;
 }
 
-static void
+static int
 ttywrite(struct ttyfd *tf, unsigned char wb)
 {
-	(void)write(tf->fd, &wb, 1);
+
+	if (write(tf->fd, &wb, 1) > 0)
+		return 1;
+
+	return -1;
 }
 
 static void
diff --git a/devicemodel/include/mevent.h b/devicemodel/include/mevent.h
index 67d68a9a3..e578e7f4a 100644
--- a/devicemodel/include/mevent.h
+++ b/devicemodel/include/mevent.h
@@ -46,7 +46,7 @@ int	mevent_enable(struct mevent *evp);
 int	mevent_disable(struct mevent *evp);
 int	mevent_delete(struct mevent *evp);
 int	mevent_delete_close(struct mevent *evp);
-void	mevent_notify(void);
+int	mevent_notify(void);
 
 void	mevent_dispatch(void);