github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-19 12:12:16 +00:00
Code Issues Projects Releases Wiki Activity

Enable FORTIFY and FORMAT SECURITY compile flags

Browse Source 
1. Enable below 2 defenses in Makefile
   "-O2 -D_FORTIFY_SOURCE=2"
   "-Wformat -Wformat-security"

2. Update related source code impacted by above 2 flags

Change-Id: Ib42214848f030b4cf508cd7c52a7e3cc809435d9
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang 2018-03-13 17:02:51 +08:00 committed by Jack Ren
parent 155be81dbf
commit b6d73be1a6
9 changed files with 81 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devicemodel/Makefile
View File

@ -17,6 +17,8 @@ CFLAGS += -DNO_OPENSSL
CFLAGS += -m64 CFLAGS += -m64
CFLAGS += -Wall -ffunction-sections CFLAGS += -Wall -ffunction-sections
CFLAGS += -Werror CFLAGS += -Werror
CFLAGS += -O2 -D_FORTIFY_SOURCE=2
CFLAGS += -Wformat -Wformat-security
CFLAGS += -I$(BASEDIR)/include CFLAGS += -I$(BASEDIR)/include
CFLAGS += -I$(BASEDIR)/include/public CFLAGS += -I$(BASEDIR)/include/public

13
devicemodel/core/consport.c
View File

@ -84,17 +84,20 @@ ttyread(void)
char rb; char rb;
if (tty_char_available()) { if (tty_char_available()) {
read(STDIN_FILENO, &rb, 1); if (read(STDIN_FILENO, &rb, 1) > 0)
return (rb & 0xff); return (rb & 0xff);
} else { }
return -1; return -1;
} }
}
static void
static int
ttywrite(unsigned char wb) ttywrite(unsigned char wb)
{ {
(void) write(STDOUT_FILENO, &wb, 1); if (write(STDOUT_FILENO, &wb, 1) > 0)
return 1;
return -1;
} }
static int static int

7
devicemodel/core/mevent.c
View File

@ -109,7 +109,8 @@ mevent_pipe_read(int fd, enum ev_type type, void *param)
} while (status == MEVENT_MAX); } while (status == MEVENT_MAX);
} }
void /*On error, -1 is returned, else return zero*/
int
mevent_notify(void) mevent_notify(void)
{ {
char c; char c;
@ -119,7 +120,9 @@ mevent_notify(void)
* pipe to force the i/o thread to exit the blocking epoll call. * pipe to force the i/o thread to exit the blocking epoll call.
*/ */
if (mevent_pipefd[1] != 0 && pthread_self() != mevent_tid) if (mevent_pipefd[1] != 0 && pthread_self() != mevent_tid)
write(mevent_pipefd[1], &c, 1); if (write(mevent_pipefd[1], &c, 1) <= 0)
return -1;
return 0;
} }
static int static int

34
devicemodel/hw/pci/core.c
View File

@ -2032,6 +2032,7 @@ pci_emul_diow(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
uint64_t offset, int size, uint64_t value) uint64_t offset, int size, uint64_t value)
{ {
int i; int i;
void *offset_ptr;
struct pci_emul_dummy *dummy = dev->arg; struct pci_emul_dummy *dummy = dev->arg;
if (baridx == 0) { if (baridx == 0) {
@ -2041,12 +2042,13 @@ pci_emul_diow(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
return; return;
} }
offset_ptr = (void *) &dummy->ioregs[offset];
if (size == 1) if (size == 1)
dummy->ioregs[offset] = value & 0xff; *(uint8_t *)offset_ptr = value & 0xff;
else if (size == 2) else if (size == 2)
*(uint16_t *)&dummy->ioregs[offset] = value & 0xffff; *(uint16_t *)offset_ptr = value & 0xffff;
else if (size == 4) else if (size == 4)
*(uint32_t *)&dummy->ioregs[offset] = value; *(uint32_t *)offset = value;
else else
printf("diow: iow unknown size %d\n", size); printf("diow: iow unknown size %d\n", size);
@ -2071,14 +2073,15 @@ pci_emul_diow(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
i = baridx - 1; /* 'memregs' index */ i = baridx - 1; /* 'memregs' index */
offset_ptr = (void *) &dummy->memregs[i][offset];
if (size == 1) if (size == 1)
dummy->memregs[i][offset] = value; *(uint8_t *)offset_ptr = value;
else if (size == 2) else if (size == 2)
*(uint16_t *)&dummy->memregs[i][offset] = value; *(uint16_t *)offset_ptr = value;
else if (size == 4) else if (size == 4)
*(uint32_t *)&dummy->memregs[i][offset] = value; *(uint32_t *)offset_ptr = value;
else if (size == 8) else if (size == 8)
*(uint64_t *)&dummy->memregs[i][offset] = value; *(uint64_t *)offset_ptr = value;
else else
printf("diow: memw unknown size %d\n", size); printf("diow: memw unknown size %d\n", size);
@ -2098,6 +2101,7 @@ pci_emul_dior(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
struct pci_emul_dummy *dummy = dev->arg; struct pci_emul_dummy *dummy = dev->arg;
uint32_t value = 0; uint32_t value = 0;
int i; int i;
void *offset_ptr;
if (baridx == 0) { if (baridx == 0) {
if (offset + size > DIOSZ) { if (offset + size > DIOSZ) {
@ -2107,12 +2111,13 @@ pci_emul_dior(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
} }
value = 0; value = 0;
offset_ptr = (void *) &dummy->ioregs[offset];
if (size == 1) if (size == 1)
value = dummy->ioregs[offset]; value = *(uint8_t *)offset_ptr;
else if (size == 2) else if (size == 2)
value = *(uint16_t *) &dummy->ioregs[offset]; value = *(uint16_t *)offset_ptr;
else if (size == 4) else if (size == 4)
value = *(uint32_t *) &dummy->ioregs[offset]; value = *(uint32_t *)offset_ptr;
else else
printf("dior: ior unknown size %d\n", size); printf("dior: ior unknown size %d\n", size);
} }
@ -2126,14 +2131,15 @@ pci_emul_dior(struct vmctx *ctx, int vcpu, struct pci_vdev *dev, int baridx,
i = baridx - 1; /* 'memregs' index */ i = baridx - 1; /* 'memregs' index */
offset_ptr = (void *) &dummy->memregs[i][offset];
if (size == 1) if (size == 1)
value = dummy->memregs[i][offset]; value = *(uint8_t *)offset_ptr;
else if (size == 2) else if (size == 2)
value = *(uint16_t *) &dummy->memregs[i][offset]; value = *(uint16_t *)offset_ptr;
else if (size == 4) else if (size == 4)
value = *(uint32_t *) &dummy->memregs[i][offset]; value = *(uint32_t *)offset_ptr;
else if (size == 8) else if (size == 8)
value = *(uint64_t *) &dummy->memregs[i][offset]; value = *(uint64_t *)offset_ptr;
else else
printf("dior: ior unknown size %d\n", size); printf("dior: ior unknown size %d\n", size);
} }

21
devicemodel/hw/pci/irq.c
View File

@ -248,11 +248,24 @@ pirq_dsdt(void)
for (irq = 0; irq < nitems(irq_counts); irq++) { for (irq = 0; irq < nitems(irq_counts); irq++) {
if (!IRQ_PERMITTED(irq)) if (!IRQ_PERMITTED(irq))
continue; continue;
if (irq_prs == NULL) if (irq_prs == NULL) {
asprintf(&irq_prs, "%d", irq); if (asprintf(&irq_prs, "%d", irq) < 0) {
else { /*error*/
if (irq_prs != NULL)
free(irq_prs);
return;
}
} else {
old = irq_prs; old = irq_prs;
asprintf(&irq_prs, "%s,%d", old, irq); if (asprintf(&irq_prs, "%s,%d", old, irq) < 0) {
/*error*/
if (irq_prs != NULL)
free(irq_prs);
free(old);
return;
}
free(old); free(old);
} }
} }

10
devicemodel/hw/pci/lpc.c
View File

@ -421,11 +421,17 @@ pci_lpc_deinit(struct vmctx *ctx, struct pci_vdev *pi, char *opts)
char * char *
lpc_pirq_name(int pin) lpc_pirq_name(int pin)
{ {
char *name; char *name = NULL;
if (lpc_bridge == NULL) if (lpc_bridge == NULL)
return NULL; return NULL;
asprintf(&name, "\\_SB.PCI0.ISA.LNK%c,", 'A' + pin - 1);
if (asprintf(&name, "\\_SB.PCI0.ISA.LNK%c,", 'A' + pin - 1) < 0) {
if (name != NULL)
free(name);
return NULL;
}
return name; return name;
} }

13
devicemodel/hw/pci/virtio/virtio_net.c
View File

@ -280,6 +280,7 @@ virtio_net_tap_tx(struct virtio_net *net, struct iovec *iov, int iovcnt,
int len) int len)
{ {
static char pad[60]; /* all zero bytes */ static char pad[60]; /* all zero bytes */
ssize_t ret;
if (net->tapfd == -1) if (net->tapfd == -1)
return; return;
@ -294,7 +295,8 @@ virtio_net_tap_tx(struct virtio_net *net, struct iovec *iov, int iovcnt,
iov[iovcnt].iov_len = 60 - len; iov[iovcnt].iov_len = 60 - len;
iovcnt++; iovcnt++;
} }
(void) writev(net->tapfd, iov, iovcnt); ret = writev(net->tapfd, iov, iovcnt);
(void)ret; /*avoid compiler warning*/
} }
/* /*
@ -335,6 +337,7 @@ virtio_net_tap_rx(struct virtio_net *net)
void *vrx; void *vrx;
int len, n; int len, n;
uint16_t idx; uint16_t idx;
ssize_t ret;
/* /*
* Should never be called without a valid tap fd * Should never be called without a valid tap fd
@ -349,7 +352,9 @@ virtio_net_tap_rx(struct virtio_net *net)
/* /*
* Drop the packet and try later. * Drop the packet and try later.
*/ */
(void) read(net->tapfd, dummybuf, sizeof(dummybuf)); ret = read(net->tapfd, dummybuf, sizeof(dummybuf));
(void)ret; /*avoid compiler warning*/
return; return;
} }
@ -362,7 +367,9 @@ virtio_net_tap_rx(struct virtio_net *net)
* Drop the packet and try later. Interrupt on * Drop the packet and try later. Interrupt on
* empty, if that's negotiated. * empty, if that's negotiated.
*/ */
(void) read(net->tapfd, dummybuf, sizeof(dummybuf)); ret = read(net->tapfd, dummybuf, sizeof(dummybuf));
(void)ret; /*avoid compiler warning*/
vq_endchains(vq, 1); vq_endchains(vq, 1);
return; return;
} }

12
devicemodel/hw/platform/uart_core.c
View File

@ -148,16 +148,20 @@ ttyread(struct ttyfd *tf)
{ {
unsigned char rb; unsigned char rb;
if (read(tf->fd, &rb, 1) == 1) if (read(tf->fd, &rb, 1) > 0)
return rb; return rb;
else
return -1; return -1;
} }
static void static int
ttywrite(struct ttyfd *tf, unsigned char wb) ttywrite(struct ttyfd *tf, unsigned char wb)
{ {
(void)write(tf->fd, &wb, 1);
if (write(tf->fd, &wb, 1) > 0)
return 1;
return -1;
} }
static void static void

2
devicemodel/include/mevent.h
View File

@ -46,7 +46,7 @@ int mevent_enable(struct mevent *evp);
int mevent_disable(struct mevent *evp); int mevent_disable(struct mevent *evp);
int mevent_delete(struct mevent *evp); int mevent_delete(struct mevent *evp);
int mevent_delete_close(struct mevent *evp); int mevent_delete_close(struct mevent *evp);
void mevent_notify(void); int mevent_notify(void);
void mevent_dispatch(void); void mevent_dispatch(void);