[v1] hw/block/nvme: coverity fixes

[PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member

Posted by Klaus Jensen 5 years ago

From: Klaus Jensen <k.jensen@samsung.com>

nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
uint16_t.

Reported-by: Coverity (CID 1436129)
Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
 hw/block/nvme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 080d782f1c2b..2bdc50eb6fce 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
              * segments and/or descriptors. The controller might accept
              * ignoring the rest of the SGL.
              */
-            uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
+            uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
             if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {
                 break;
             }
-- 
2.29.1

Re: [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member

Posted by Max Reitz 5 years ago

On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
> 
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
> 
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
>  hw/block/nvme.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Max Reitz <mreitz@redhat.com>

Re: [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member

Posted by Philippe Mathieu-Daudé 5 years ago

On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
> 
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
> 
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
>  hw/block/nvme.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index 080d782f1c2b..2bdc50eb6fce 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
>               * segments and/or descriptors. The controller might accept
>               * ignoring the rest of the SGL.
>               */
> -            uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
> +            uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
>              if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {

I'm surprise the compiler doesn't warn here.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

>                  break;
>              }
>

[PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
[PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
[PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value