From: David Gibson <david@gibson.dropbear.id.au>
To: "Cédric Le Goater" <clg@kaod.org>
Cc: qemu-ppc@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [PATCH 2/2] ppc/pnv: fix check on return value of blk_getlength()
Date: Wed, 8 Jan 2020 12:01:46 +1100 [thread overview]
Message-ID: <20200108010146.GF2137@umbus.fritz.box> (raw)
In-Reply-To: <20200107171809.15556-3-clg@kaod.org>
[-- Attachment #1: Type: text/plain, Size: 1668 bytes --]
On Tue, Jan 07, 2020 at 06:18:09PM +0100, Cédric Le Goater wrote:
> blk_getlength() returns an int64_t but the result is stored in a
> uint32_t. Errors (negative values) won't be caught by the check in
> pnv_pnor_realize() and blk_blockalign() will allocate a very large
> buffer in such cases.
>
> Fixes Coverity issue CID 1412226.
>
> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Applied to ppc-for-5.0.
> ---
> include/hw/ppc/pnv_pnor.h | 2 +-
> hw/ppc/pnv_pnor.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/hw/ppc/pnv_pnor.h b/include/hw/ppc/pnv_pnor.h
> index c3dd28643cae..4f96abdfb402 100644
> --- a/include/hw/ppc/pnv_pnor.h
> +++ b/include/hw/ppc/pnv_pnor.h
> @@ -23,7 +23,7 @@ typedef struct PnvPnor {
> BlockBackend *blk;
>
> uint8_t *storage;
> - uint32_t size;
> + int64_t size;
> MemoryRegion mmio;
> } PnvPnor;
>
> diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c
> index 0e86ae2feae6..b061106d1c0c 100644
> --- a/hw/ppc/pnv_pnor.c
> +++ b/hw/ppc/pnv_pnor.c
> @@ -111,7 +111,7 @@ static void pnv_pnor_realize(DeviceState *dev, Error **errp)
> }
>
> static Property pnv_pnor_properties[] = {
> - DEFINE_PROP_UINT32("size", PnvPnor, size, 128 << 20),
> + DEFINE_PROP_INT64("size", PnvPnor, size, 128 << 20),
> DEFINE_PROP_DRIVE("drive", PnvPnor, blk),
> DEFINE_PROP_END_OF_LIST(),
> };
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2020-01-08 1:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-07 17:18 [PATCH 0/2] ppc/pnv: PNOR fixes Cédric Le Goater
2020-01-07 17:18 ` [PATCH 1/2] ppc/pnv: check return value of blk_pwrite() Cédric Le Goater
2020-01-07 17:40 ` Greg Kurz
2020-01-07 18:22 ` Philippe Mathieu-Daudé
2020-01-08 0:56 ` David Gibson
2020-01-07 17:18 ` [PATCH 2/2] ppc/pnv: fix check on return value of blk_getlength() Cédric Le Goater
2020-01-07 17:42 ` Greg Kurz
2020-01-07 18:23 ` Philippe Mathieu-Daudé
2020-01-08 1:01 ` David Gibson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200108010146.GF2137@umbus.fritz.box \
--to=david@gibson.dropbear.id.au \
--cc=clg@kaod.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.