Google Git
Sign in
qemu / qemu / e6c9c9e7f46a9ecaf1d90a68595915d65cd9d72d
commite6c9c9e7f46a9ecaf1d90a68595915d65cd9d72d[log] [tgz]
authorIra Weiny <ira.weiny@intel.com>Fri May 31 11:22:05 2024 -0500
committerMichael S. Tsirkin <mst@redhat.com>Mon Jul 01 17:16:05 2024 -0400
treed88084b94f3cf139a3cb35f0eaafe853abfdbdc1
parenta113d041e8d0b152d72a7c2bf47dd09aabf9ade2 [diff]
hw/cxl: Fix read from bogus memory

Peter and coverity report:

	We've passed '&data' to address_space_write(), which means "read
	from the address on the stack where the function argument 'data'
	lives", so instead of writing 64 bytes of data to the guest ,
	we'll write 64 bytes which start with a host pointer value and
	then continue with whatever happens to be on the host stack
	after that.

Indeed the intention was to write 64 bytes of data at the address given.

Fix the parameter to address_space_write().

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Link: https://lore.kernel.org/all/CAFEAcA-u4sytGwTKsb__Y+_+0O2-WwARntm3x8WNhvL1WfHOBg@mail.gmail.com/
Fixes: 6bda41a69bdc ("hw/cxl: Add clear poison mailbox command support.")
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Message-Id: <20240531-fix-poison-set-cacheline-v1-1-e3bc7e8f1158@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
1 file changed
tree: d88084b94f3cf139a3cb35f0eaafe853abfdbdc1
  1. .github/
  2. .gitlab/
  3. .gitlab-ci.d/
  4. accel/
  5. audio/
  6. authz/
  7. backends/
  8. block/
  9. bsd-user/
  10. chardev/
  11. common-user/
  12. configs/
  13. contrib/
  14. crypto/
  15. disas/
  16. docs/
  17. dump/
  18. ebpf/
  19. fpu/
  20. fsdev/
  21. gdb-xml/
  22. gdbstub/
  23. host/
  24. hw/
  25. include/
  26. io/
  27. libdecnumber/
  28. linux-headers/
  29. linux-user/
  30. migration/
  31. monitor/
  32. nbd/
  33. net/
  34. pc-bios/
  35. plugins/
  36. po/
  37. python/
  38. qapi/
  39. qga/
  40. qobject/
  41. qom/
  42. replay/
  43. roms/
  44. scripts/
  45. scsi/
  46. semihosting/
  47. stats/
  48. storage-daemon/
  49. stubs/
  50. subprojects/
  51. system/
  52. target/
  53. tcg/
  54. tests/
  55. tools/
  56. trace/
  57. ui/
  58. util/
  59. .dir-locals.el
  60. .editorconfig
  61. .exrc
  62. .gdbinit
  63. .git-blame-ignore-revs
  64. .gitattributes
  65. .gitignore
  66. .gitlab-ci.yml
  67. .gitmodules
  68. .gitpublish
  69. .mailmap
  70. .patchew.yml
  71. .readthedocs.yml
  72. .travis.yml
  73. block.c
  74. blockdev-nbd.c
  75. blockdev.c
  76. blockjob.c
  77. configure
  78. COPYING
  79. COPYING.LIB
  80. cpu-common.c
  81. cpu-target.c
  82. event-loop-base.c
  83. gitdm.config
  84. hmp-commands-info.hx
  85. hmp-commands.hx
  86. iothread.c
  87. job-qmp.c
  88. job.c
  89. Kconfig
  90. Kconfig.host
  91. LICENSE
  92. MAINTAINERS
  93. Makefile
  94. meson.build
  95. meson_options.txt
  96. module-common.c
  97. os-posix.c
  98. os-win32.c
  99. page-target.c
  100. page-vary-common.c
  101. page-vary-target.c
  102. pythondeps.toml
  103. qemu-bridge-helper.c
  104. qemu-edid.c
  105. qemu-img-cmds.hx
  106. qemu-img.c
  107. qemu-io-cmds.c
  108. qemu-io.c
  109. qemu-keymap.c
  110. qemu-nbd.c
  111. qemu-options.hx
  112. qemu.nsi
  113. qemu.sasl
  114. README.rst
  115. replication.c
  116. trace-events
  117. VERSION
  118. version.rc