* [PATCH v2 1/3] hw/cxl: Fix handling of component ID to not assume it is a string
2026-03-06 10:14 [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records shiju.jose
@ 2026-03-06 10:14 ` shiju.jose
2026-03-06 10:14 ` [PATCH v2 2/3] hw/cxl: Add fixes in Post Package Repair (PPR) shiju.jose
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: shiju.jose @ 2026-03-06 10:14 UTC (permalink / raw)
To: qemu-devel, linux-cxl, mst, peter.maydell, jonathan.cameron, dave
Cc: linuxarm, shiju.jose
From: Shiju Jose <shiju.jose@huawei.com>
Add following fixes,
1. Coverity reports a warning (CID 1645325) for use of strncpy() in
handling of component ID. In cxl_create_mem_sparing_event_records(),
fix handling of component ID to not assume it is a string by replacing
strncpy with memcpy to solve this warning and copy the entire component
ID data, which is 16 bytes.
2. In cxl_maintenance_insert(),
- replace strncpy with memcpy to copy full data because component ID,
which is 16 bytes data.
- remove memset which is not required.
Fixes: 5e5a86bab830("hw/cxl: Add support for Maintenance command and Post Package Repair (PPR)")
Closes ("https://lore.kernel.org/qemu-devel/CAFEAcA_CsVe4TUVm3o_-BA4hXvi2xAThGX5T97amgTQKW_kiYA@mail.gmail.com/")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Shiju Jose <shiju.jose@huawei.com>
---
hw/cxl/cxl-mailbox-utils.c | 4 ++--
hw/mem/cxl_type3.c | 4 +---
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index c83b5f90d4..9c99422cd4 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -1994,8 +1994,8 @@ static void cxl_create_mem_sparing_event_records(CXLType3Dev *ct3d,
stw_le_p(&event_rec.column, ent->column);
event_rec.sub_channel = ent->sub_channel;
if (ent->validity_flags & CXL_MSER_VALID_COMP_ID) {
- strncpy((char *)event_rec.component_id, (char *)ent->component_id,
- sizeof(event_rec.component_id));
+ memcpy(event_rec.component_id, ent->component_id,
+ sizeof(event_rec.component_id));
}
} else if (sparing_pi) {
event_rec.flags = CXL_MSER_FLAGS_QUERY_RESOURCES;
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 4739239da3..3cb1096e16 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -1767,7 +1767,6 @@ static void cxl_maintenance_insert(CXLType3Dev *ct3d, uint64_t dpa,
}
}
m = g_new0(CXLMaintenance, 1);
- memset(m, 0, sizeof(*m));
m->dpa = dpa;
m->validity_flags = 0;
@@ -1804,8 +1803,7 @@ static void cxl_maintenance_insert(CXLType3Dev *ct3d, uint64_t dpa,
m->validity_flags |= CXL_MSER_VALID_SUB_CHANNEL;
}
if (component_id) {
- strncpy((char *)m->component_id, component_id,
- sizeof(m->component_id) - 1);
+ memcpy(m->component_id, component_id, sizeof(m->component_id));
m->validity_flags |= CXL_MSER_VALID_COMP_ID;
if (has_comp_id_pldm && is_comp_id_pldm) {
m->validity_flags |= CXL_MSER_VALID_COMP_ID_FORMAT;
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH v2 2/3] hw/cxl: Add fixes in Post Package Repair (PPR)
2026-03-06 10:14 [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records shiju.jose
2026-03-06 10:14 ` [PATCH v2 1/3] hw/cxl: Fix handling of component ID to not assume it is a string shiju.jose
@ 2026-03-06 10:14 ` shiju.jose
2026-03-06 10:14 ` [PATCH v2 3/3] hw/cxl/events: Fix handling of component ID in event records generation to not assume it is a string shiju.jose
2026-03-17 16:45 ` [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records Jonathan Cameron
3 siblings, 0 replies; 5+ messages in thread
From: shiju.jose @ 2026-03-06 10:14 UTC (permalink / raw)
To: qemu-devel, linux-cxl, mst, peter.maydell, jonathan.cameron, dave
Cc: linuxarm, shiju.jose
From: Shiju Jose <shiju.jose@huawei.com>
Add following fixes to the commit: hw/cxl: Add support for Maintenance
command and Post Package Repair (PPR).
In cxl_perform_ppr(), remove and free the maintenance entry from QLIST
if match is found and PPR operation is performed.
Fixes: 5e5a86bab830("hw/cxl: Add support for Maintenance command and Post Package Repair (PPR)")
Signed-off-by: Shiju Jose <shiju.jose@huawei.com>
---
hw/cxl/cxl-mailbox-utils.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 9c99422cd4..66a58396ee 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -2068,6 +2068,8 @@ static void cxl_perform_ppr(CXLType3Dev *ct3d, uint64_t dpa)
CXL_MEMDEV_MAINT_SUBCLASS_CACHELINE_SPARING,
ent, NULL);
}
+ QLIST_REMOVE(ent, node);
+ g_free(ent);
break;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH v2 3/3] hw/cxl/events: Fix handling of component ID in event records generation to not assume it is a string
2026-03-06 10:14 [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records shiju.jose
2026-03-06 10:14 ` [PATCH v2 1/3] hw/cxl: Fix handling of component ID to not assume it is a string shiju.jose
2026-03-06 10:14 ` [PATCH v2 2/3] hw/cxl: Add fixes in Post Package Repair (PPR) shiju.jose
@ 2026-03-06 10:14 ` shiju.jose
2026-03-17 16:45 ` [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records Jonathan Cameron
3 siblings, 0 replies; 5+ messages in thread
From: shiju.jose @ 2026-03-06 10:14 UTC (permalink / raw)
To: qemu-devel, linux-cxl, mst, peter.maydell, jonathan.cameron, dave
Cc: linuxarm, shiju.jose
From: Shiju Jose <shiju.jose@huawei.com>
Fix handling of component ID in event records generation to not assume it
is a string. Component ID in CXL events is 16 bytes data, but event record
generation copy 15 bytes only from the qmp "component-id" field using
strncpy. Replace strncpy with memcpy and copy the entire component ID
data.
Fixes: ea9b6d647f2f("hw/cxl/events: Add injection of General Media Events")
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Shiju Jose <shiju.jose@huawei.com>
---
hw/mem/cxl_type3.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 3cb1096e16..03a5d1751f 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -1895,8 +1895,7 @@ void qmp_cxl_inject_general_media_event(const char *path, CxlEventLog log,
}
if (component_id) {
- strncpy((char *)gem.component_id, component_id,
- sizeof(gem.component_id) - 1);
+ memcpy(gem.component_id, component_id, sizeof(gem.component_id));
valid_flags |= CXL_GMER_VALID_COMPONENT;
if (has_comp_id_pldm && is_comp_id_pldm) {
valid_flags |= CXL_GMER_VALID_COMPONENT_ID_FORMAT;
@@ -2066,8 +2065,7 @@ void qmp_cxl_inject_dram_event(const char *path, CxlEventLog log,
}
if (component_id) {
- strncpy((char *)dram.component_id, component_id,
- sizeof(dram.component_id) - 1);
+ memcpy(dram.component_id, component_id, sizeof(dram.component_id));
valid_flags |= CXL_DRAM_VALID_COMPONENT;
if (has_comp_id_pldm && is_comp_id_pldm) {
valid_flags |= CXL_DRAM_VALID_COMPONENT_ID_FORMAT;
@@ -2185,8 +2183,7 @@ void qmp_cxl_inject_memory_module_event(const char *path, CxlEventLog log,
corrected_persist_error_count);
if (component_id) {
- strncpy((char *)module.component_id, component_id,
- sizeof(module.component_id) - 1);
+ memcpy(module.component_id, component_id, sizeof(module.component_id));
valid_flags |= CXL_MMER_VALID_COMPONENT;
if (has_comp_id_pldm && is_comp_id_pldm) {
valid_flags |= CXL_MMER_VALID_COMPONENT_ID_FORMAT;
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records
2026-03-06 10:14 [PATCH v2 0/3] hw/cxl: Add fixes in maintenance, PPR and event records shiju.jose
` (2 preceding siblings ...)
2026-03-06 10:14 ` [PATCH v2 3/3] hw/cxl/events: Fix handling of component ID in event records generation to not assume it is a string shiju.jose
@ 2026-03-17 16:45 ` Jonathan Cameron
3 siblings, 0 replies; 5+ messages in thread
From: Jonathan Cameron @ 2026-03-17 16:45 UTC (permalink / raw)
To: shiju.jose; +Cc: qemu-devel, linux-cxl, mst, peter.maydell, dave, linuxarm
On Fri, 6 Mar 2026 10:14:19 +0000
<shiju.jose@huawei.com> wrote:
> From: Shiju Jose <shiju.jose@huawei.com>
>
> Add few fixes in CXL maintenance, PPR and event records generation.
All 3 of these look good to me.
Michael, please pick these up directly (assuming you think
they look good as well1)
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
Thanks,
Jonathan
>
> 1. In cxl_create_mem_sparing_event_records(), replace strncpy with memcpy
> to solve coverity warning (CID 1645325) to copy the entire component ID
> data, which is 16 bytes data, not a string.
>
> 2. In cxl_maintenance_insert(),
> - replace strncpy with memcpy to copy full data because component ID is
> 16 bytes data, not a string.
> - remove memset which is not required.
>
> 3. In cxl_perform_ppr(), remove and free the maintenance entry from QLIST
> if match is found and PPR operation is performed.
>
> 4. Component ID in CXL events is 16 bytes data, not a string, but event
> record generation copy 15 bytes only from the qmp "component-id" field
> using strncpy. Replace strncpy with memcpy and copy the entire component
> ID data.
>
> Changes:
> v1 -> v2
> 1. Fix for the feedback from Jonathan.
> - Modified title of patch[1] & patch[3].
> - Added fixes tags to all 3 patche's header.
>
> Shiju Jose (3):
> hw/cxl: Fix handling of component ID to not assume it is a string
> hw/cxl: Add fixes in Post Package Repair (PPR)
> hw/cxl/events: Fix handling of component ID in event records
> generation to not assume it is a string
>
> hw/cxl/cxl-mailbox-utils.c | 6 ++++--
> hw/mem/cxl_type3.c | 13 ++++---------
> 2 files changed, 8 insertions(+), 11 deletions(-)
>
^ permalink raw reply [flat|nested] 5+ messages in thread