1. Patchew
  2. QEMU
  3. [Qemu-devel] [PULL 00/62] ppc-for-4.0 queue 20190312
  4. View patch

[Qemu-devel] [PULL 18/62] spapr: Force SPAPR_MEMORY_BLOCK_SIZE to be a hwaddr (64-bit)

David Gibson posted 62 patches 6 years, 11 months ago
Maintainers: Thomas Huth <thuth@redhat.com>, David Gibson <david@gibson.dropbear.id.au>, Fam Zheng <fam@euphon.net>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, "Cédric Le Goater" <clg@kaod.org>, Jason Wang <jasowang@redhat.com>, Laurent Vivier <lvivier@redhat.com>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, Alex Williamson <alex.williamson@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>
[Qemu-devel] [PULL 18/62] spapr: Force SPAPR_MEMORY_BLOCK_SIZE to be a hwaddr (64-bit)
Posted by David Gibson 6 years, 11 months ago 
SPAPR_MEMORY_BLOCK_SIZE is logically a difference in memory addresses, and
hence of type hwaddr which is 64-bit.  Previously it wasn't marked as such
which means that it could be treated as 32-bit.  That will work in some
circumstances but if multiplied by another 32-bit value it could lead to
a 32-bit overflow and an incorrect result.

One specific instance of this in spapr_lmb_dt_populate() was spotted by
Coverity (CID 1399145).

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 include/hw/ppc/spapr.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index ff1bd60615..1311ebe28e 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -792,7 +792,7 @@ int spapr_rtc_import_offset(sPAPRRTCState *rtc, int64_t legacy_offset);
 
 #define TYPE_SPAPR_RNG "spapr-rng"
 
-#define SPAPR_MEMORY_BLOCK_SIZE (1 << 28) /* 256MB */
+#define SPAPR_MEMORY_BLOCK_SIZE ((hwaddr)1 << 28) /* 256MB */
 
 /*
  * This defines the maximum number of DIMM slots we can have for sPAPR
-- 
2.20.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.