On Fri, 31 May 2024 at 17:22, Ira Weiny <ira.we...@intel.com> wrote: > > Peter and coverity report: > > We've passed '&data' to address_space_write(), which means "read > from the address on the stack where the function argument 'data' > lives", so instead of writing 64 bytes of data to the guest , > we'll write 64 bytes which start with a host pointer value and > then continue with whatever happens to be on the host stack > after that. > > Indeed the intention was to write 64 bytes of data at the address given. > > Fix the parameter to address_space_write(). >
Coverity CID: 1544772 > Reported-by: Peter Maydell <peter.mayd...@linaro.org> > Link: > https://lore.kernel.org/all/cafeaca-u4sytgwtksb__y+_+0o2-wwarntm3x8wnhvl1wfh...@mail.gmail.com/ > Fixes: 6bda41a69bdc ("hw/cxl: Add clear poison mailbox command support.") > Cc: Jonathan Cameron <jonathan.came...@huawei.com> > Signed-off-by: Ira Weiny <ira.we...@intel.com> > --- > Compile tested only. Jonathan please double check me. > --- > hw/mem/cxl_type3.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c > index 3e42490b6ce8..582412d9925f 100644 > --- a/hw/mem/cxl_type3.c > +++ b/hw/mem/cxl_type3.c > @@ -1025,7 +1025,7 @@ static bool set_cacheline(CXLType3Dev *ct3d, uint64_t > dpa_offset, uint8_t *data) > as = &ct3d->hostpmem_as; > } > > - address_space_write(as, dpa_offset, MEMTXATTRS_UNSPECIFIED, &data, > + address_space_write(as, dpa_offset, MEMTXATTRS_UNSPECIFIED, data, > CXL_CACHE_LINE_SIZE); > return true; > } Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> thanks -- PMM
