[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 35/65] hw/cxl: Fix uint32 overflow cxl-mailbox-utils.c
|
From: |
Michael S. Tsirkin |
|
Subject: |
[PULL 35/65] hw/cxl: Fix uint32 overflow cxl-mailbox-utils.c |
|
Date: |
Mon, 4 Nov 2024 16:07:54 -0500 |
From: Dmitry Frolov <frolov@swemel.ru>
The sum offset + length may overflow uint32. Since this sum is
compared with uint64_t return value of get_lsa_size(), it makes
sense to choose uint64_t type for offset and length.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 3ebe676a3463 ("hw/cxl/device: Implement get/set Label Storage Area
(LSA)")
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Link: https://lore.kernel.org/r/20240917080925.270597-2-frolov@swemel.ru
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20241014121902.2146424-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/cxl/cxl-mailbox-utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 9258e48f95..9f794e4655 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -1445,7 +1445,7 @@ static CXLRetCode cmd_ccls_get_lsa(const struct cxl_cmd
*cmd,
} QEMU_PACKED *get_lsa;
CXLType3Dev *ct3d = CXL_TYPE3(cci->d);
CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d);
- uint32_t offset, length;
+ uint64_t offset, length;
get_lsa = (void *)payload_in;
offset = get_lsa->offset;
--
MST
- [PULL 27/65] tests/acpi: pc: update golden masters for DSDT, (continued)
- [PULL 27/65] tests/acpi: pc: update golden masters for DSDT, Michael S. Tsirkin, 2024/11/04
- [PULL 28/65] amd_iommu: Rename variable mmio to mr_mmio, Michael S. Tsirkin, 2024/11/04
- [PULL 30/65] amd_iommu: Use shared memory region for Interrupt Remapping, Michael S. Tsirkin, 2024/11/04
- [PULL 31/65] amd_iommu: Send notification when invalidate interrupt entry cache, Michael S. Tsirkin, 2024/11/04
- [PULL 32/65] amd_iommu: Check APIC ID > 255 for XTSup, Michael S. Tsirkin, 2024/11/04
- [PULL 34/65] virtio/vhost-user: fix qemu abort when hotunplug vhost-user-net device, Michael S. Tsirkin, 2024/11/04
- [PULL 33/65] virtio-pci: fix memory_region_find for VirtIOPCIRegion's MR, Michael S. Tsirkin, 2024/11/04
- [PULL 35/65] hw/cxl: Fix uint32 overflow cxl-mailbox-utils.c,
Michael S. Tsirkin <=
- [PULL 37/65] mem/cxl_type3: Fix overlapping region validation error, Michael S. Tsirkin, 2024/11/04
- [PULL 38/65] hw/mem/cxl_type3: Fix More flag setting for dynamic capacity event records, Michael S. Tsirkin, 2024/11/04
- [PULL 39/65] hw/cxl/cxl-mailbox-utils: Fix for device DDR5 ECS control feature tables, Michael S. Tsirkin, 2024/11/04
- [PULL 40/65] hw/cxl: Fix indent of structure member, Michael S. Tsirkin, 2024/11/04
- [PULL 36/65] hw/cxl: Fix background completion percentage calculation, Michael S. Tsirkin, 2024/11/04
- [PULL 41/65] hw/pci-bridge: Make pxb_dev_realize_common() return if it succeeded, Michael S. Tsirkin, 2024/11/04
- [PULL 42/65] vhost-user: fix shared object return values, Michael S. Tsirkin, 2024/11/04
- [PULL 44/65] pcie: enable Extended tag field support, Michael S. Tsirkin, 2024/11/04
- [PULL 45/65] cxl/cxl-mailbox-utils: Fix size check for cmd_firmware_update_get_info, Michael S. Tsirkin, 2024/11/04
- [PULL 46/65] hw/cxl/cxl-mailbox-util: Fix output buffer index update when retrieving DC extents, Michael S. Tsirkin, 2024/11/04