On 23/10/25 12:13, Peter Maydell wrote:
Before commit f76cee647c ("target/arm: Introduce mmu indexes for GCS") it was impossible for arm_to_core_mmu_idx() to return an invalid core MMU index, because NB_MMU_MODES was 16 and ARM_MMU_IDX_COREIDX_MASK was 0xf.That commit raises ARM_MMU_IDX_COREIDX_MASK to 0x1f and NB_MMU_MODES to 22, so it's now possible for a bogus Arm mmu index to result in an out of range core mmu index (which can then get used as an array index in the CPUTLB struct arrays). Coverity complains that this might result in an out-of-bounds access. The out-of-bounds access can't happen because we construct all the ARMMMUIdx values we will use for TLBs to have valid core MMU indexes in the COREIDX field. But we can add an assert() so that if we ever do end up operating on a corrupted or wrong ARMMMUIdx value we get an assert rather than silently indexing off the end of an array. This should also make Coverity happier. Coverity: CID 1641404 Signed-off-by: Peter Maydell <[email protected]> --- target/arm/internals.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
