From nobody Sun May 11 05:49:03 2025 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1719952350; cv=none; d=zohomail.com; s=zohoarc; b=LjuDM5VBbWbetgpMK43JB4BRvUe8qwk66OMhhog1G3ZxF3PF3qUrYOeRG9Ugs1bNPblyFEneZBJAGqpbbEBevGtiPrAeX9dFzxrazdd7KovQ5E1cAxGapuNUauqZXbQo8UOuCWSbkMGrSLhCUW3qjusW6bLxxnoAZIGDurUz8Rk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1719952350; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=3jl4Qu4kLpM2wQ0qiu2Lf05x2qWhSbW1JbTTyjioPSc=; b=Tkon2v8E7g8O1fuxqhltJmxmZEBEZAuEFSQ7MvAspP8g+phZDeFPuzjstNA/yPfyC5YoTApN/pZBH8VX54DfdI7rqXA29vrcfprG4sI+KS+QbvXaihqffqfRM9b0nOGlcEPTX51/Ks7QqSvzYfX3e25iMUCssXaoxJ5+4a5333U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1719952350661345.6962914979399; Tue, 2 Jul 2024 13:32:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sOjxm-0005OF-2q; Tue, 02 Jul 2024 16:18:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sOjx7-0004gv-00 for qemu-devel@nongnu.org; Tue, 02 Jul 2024 16:18:13 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sOjwq-00007I-Do for qemu-devel@nongnu.org; Tue, 02 Jul 2024 16:18:12 -0400 Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-304-AQmG2dZiPvSvuie1NwPVbA-1; Tue, 02 Jul 2024 16:17:54 -0400 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-425657ac234so31671225e9.1 for ; Tue, 02 Jul 2024 13:17:48 -0700 (PDT) Received: from redhat.com ([2a02:14f:1f5:eadd:8c31:db01:9d01:7604]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3675a1030dfsm14065950f8f.100.2024.07.02.13.17.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Jul 2024 13:17:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1719951475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3jl4Qu4kLpM2wQ0qiu2Lf05x2qWhSbW1JbTTyjioPSc=; b=cEH5UZDXa4JLnp9tmixD6y3U1Z9uTw/7B5Py80sBEZFyxH2I/fUa2OdCG/V4QXFp8XyGQr EfnzYGyMBoRG6zTyF/mk4VE7MtT6isKRBzVW6oOrubXFdUjxR0ZNk10ou7wlDz8Z14r33I C3hp4HID/aH5DUWr5S7ycHJTwEwg8Nk= X-MC-Unique: AQmG2dZiPvSvuie1NwPVbA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719951467; x=1720556267; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=3jl4Qu4kLpM2wQ0qiu2Lf05x2qWhSbW1JbTTyjioPSc=; b=KWfVnNcy58hMjF6/JMSTIUNBBeGwmMjTYCUzScBd995N0qpIf0jgJuSMz8OiYPgq2Q CZNN0wq1uS9IQC3bdXWeCTbtWYmAlypFRZse1GG4zviZtZzSGaZX3yvVRXMdLoKJOG+Y 8yROiGstVEG3QnxxhxwbuR23mX4W5d2sT8Y9zv40cZ9NcdR8QscQvEgOe+MKduOapHAs LSJzYAfypGsm2kmfdmZxpULg/BtEO18JXOAOdUtcT+5z517IR+NN7h3bO2DXf/wbXMbS YYhcOv2C5U9j3yppCA+2JYZ1hCsSmd6F82hFyDx+FDv+wi9ahIic9jb0ajvAwMc4PRqI IEow== X-Gm-Message-State: AOJu0Yy9l40ghsQ2/jeV1js2Hb9kRytoZlC+12I/62zzT2K64rg4esLa VoL1y9sZCA566HDvmjKuaN6QF69fbUy5AZ4oBi1/GqIlkmyLwvJYwpqaLwTsdi6yoFWf2axjYH1 Q7zNHYeljkOODbAZEwkcUNjeYKplTDtrOtmvbXkWpGKa2rsJwVQcWTjr+AE1yalqpiihHBWPRHi hLdi+GOlVMfgQBU2tYInd5igHdtDnSmw== X-Received: by 2002:a5d:47aa:0:b0:366:eb00:9dd6 with SMTP id ffacd0b85a97d-367756a3585mr9265107f8f.1.1719951467170; Tue, 02 Jul 2024 13:17:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEp14eLJ8dlhh1KHCfCwQQZcy5wYS3hrtHsPaI4ICLq0U5CTu7sYEGsfZuQEkbc+Q1X2hNvVA== X-Received: by 2002:a5d:47aa:0:b0:366:eb00:9dd6 with SMTP id ffacd0b85a97d-367756a3585mr9265077f8f.1.1719951466528; Tue, 02 Jul 2024 13:17:46 -0700 (PDT) Date: Tue, 2 Jul 2024 16:17:43 -0400 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Cc: Peter Maydell , Ira Weiny , Jonathan Cameron , Fan Ni Subject: [PULL v2 38/88] hw/cxl: Fix read from bogus memory Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1719952352561100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ira Weiny Peter and coverity report: We've passed '&data' to address_space_write(), which means "read from the address on the stack where the function argument 'data' lives", so instead of writing 64 bytes of data to the guest , we'll write 64 bytes which start with a host pointer value and then continue with whatever happens to be on the host stack after that. Indeed the intention was to write 64 bytes of data at the address given. Fix the parameter to address_space_write(). Reported-by: Peter Maydell Link: https://lore.kernel.org/all/CAFEAcA-u4sytGwTKsb__Y+_+0O2-WwARntm3x8WN= hvL1WfHOBg@mail.gmail.com/ Fixes: 6bda41a69bdc ("hw/cxl: Add clear poison mailbox command support.") Cc: Jonathan Cameron Signed-off-by: Ira Weiny Message-Id: <20240531-fix-poison-set-cacheline-v1-1-e3bc7e8f1158@intel.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Jonathan Cameron --- hw/mem/cxl_type3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c index 5d4a1276be..3274e5dcbb 100644 --- a/hw/mem/cxl_type3.c +++ b/hw/mem/cxl_type3.c @@ -1292,7 +1292,7 @@ static bool set_cacheline(CXLType3Dev *ct3d, uint64_t= dpa_offset, uint8_t *data) dpa_offset -=3D (vmr_size + pmr_size); } =20 - address_space_write(as, dpa_offset, MEMTXATTRS_UNSPECIFIED, &data, + address_space_write(as, dpa_offset, MEMTXATTRS_UNSPECIFIED, data, CXL_CACHE_LINE_SIZE); return true; } --=20 MST