From nobody Mon Nov 25 04:47:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1717630695; cv=none; d=zohomail.com; s=zohoarc; b=dst5STKezK2QPgLhC+AnbwhZIBGDnmsIKHfq0+S8jZXlt/SvID56CJkq4W3RNU7V53T1GBxHTNWrrH3mk6tdzQOdseHbS10N5oSJ8aHt1BBzN/Li7cUz+GCeOrkXVEbieOeZtQ1fWvjHOIl6oABFMnZKkHF+Iim9j3L+Sfsr0Cc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1717630695; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=NEpjbSqv96acXddAF0b5elzpuXpH+2dtKbhhCEe0wtQ=; b=mzyrbnYn0Cir7qnW13D3LZJIyq0lnw0g1wz4NuU2MRt8zU8ak8wZYbcGCBLAApYGLv75JCJpVJpIG7sTs3IXfdDHAWu0vnTFzGplmQ6XRbmoGZa1tWmpAAvXePWsYJ9EuvtO0g91qxwtU1M9yZXQV0rF90uxQ/no0g1f4Kyuw44= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 171763069593136.624574374705276; Wed, 5 Jun 2024 16:38:15 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sF0C0-0004KY-Ve; Wed, 05 Jun 2024 19:37:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sF0Bz-0004Ck-Ct for qemu-devel@nongnu.org; Wed, 05 Jun 2024 19:37:19 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sF0Bx-000608-OT for qemu-devel@nongnu.org; Wed, 05 Jun 2024 19:37:19 -0400 Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-395-APeOamKoOwmtussc24GMpw-1; Wed, 05 Jun 2024 19:37:16 -0400 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-57a5af3e160so123053a12.2 for ; Wed, 05 Jun 2024 16:37:15 -0700 (PDT) Received: from redhat.com ([2.55.56.67]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57aae232981sm94523a12.83.2024.06.05.16.37.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 16:37:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717630637; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=NEpjbSqv96acXddAF0b5elzpuXpH+2dtKbhhCEe0wtQ=; b=dw6mLnElFjyzh2XFScvqDECHKhh0jp/2NSi0pxz6kjGMVYUaqebuh4LpWeUQfgcZDxc4dn N11zgTYdfpnaXk4O7Ishbhzmt/hliB3p7Z1roDgb799TUpMbw8t5G2P8bkztKT/xGox2le vKZctlUHg9OVmeLHEXahcdQBfNosa7E= X-MC-Unique: APeOamKoOwmtussc24GMpw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717630634; x=1718235434; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=NEpjbSqv96acXddAF0b5elzpuXpH+2dtKbhhCEe0wtQ=; b=X8ELUM5X8JYC/4jHL3OhZNimEWwwGzdqE3OAL1vfKoWzfb+AavGF6P0axZHCJjVBqq w2Dv6ePIjvS1gbO7MGTAFTlMUqTmLhCnklP/mPBB0FYOLNPJKFqTn8MFR0H2jZaXYklO XPFd8qMcAT2dcLstg6IERG4Om4srvpcvYj5lU7/fM7O6vAEhMnTMcordfhSaAbzyY8zZ 7OoGM2zWytKJcVQJDbaDcYR6R3dAz91X7E4XzLnOFQx5pAfGyEsO6O+TyrDDivBymp3h XcTVOUIz9tWAojEv5uOgBnjgELxPI/zp0CPfOXg8mekRcOlitSXumeuIV784JOf2JO3A bqSg== X-Gm-Message-State: AOJu0YzMTocPyXbo4XzCIiaghPiQ0V0csQ/qXFaLoVrZBgx+5c4cnjSt yMhy9HOqTaZ2O/OFl1kbo2xPG1PKPnRls7WEmatHTQQarh8JlJSLmzTK3O10rtutqfiHFz+ADh/ pJ1hXFYROdUUSDzuKbFp6lNqFX7A9OK6Sw2dBWH6vX+OyTQS9mFatNOhOSCnQYf513FgDXhQwXp F5CmLsNOH+Tak735EwaRDdz+iUTTI8cQ== X-Received: by 2002:a50:d65c:0:b0:578:6242:d4b0 with SMTP id 4fb4d7f45d1cf-57a8bcb4ca9mr2059814a12.40.1717630634418; Wed, 05 Jun 2024 16:37:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHhi2me5gPKMEG9l56JsDuYLeU4ReoKd1933zdsMlTCTE/dDagUJYZgm3KlVapvCJL3Qj72IQ== X-Received: by 2002:a50:d65c:0:b0:578:6242:d4b0 with SMTP id 4fb4d7f45d1cf-57a8bcb4ca9mr2059805a12.40.1717630633937; Wed, 05 Jun 2024 16:37:13 -0700 (PDT) Date: Wed, 5 Jun 2024 19:37:10 -0400 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Cc: Peter Maydell , Ira Weiny , Jonathan Cameron , Fan Ni Subject: [PULL v3 41/41] hw/cxl: Fix read from bogus memory Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1717630696203100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ira Weiny Peter and coverity report: We've passed '&data' to address_space_write(), which means "read from the address on the stack where the function argument 'data' lives", so instead of writing 64 bytes of data to the guest , we'll write 64 bytes which start with a host pointer value and then continue with whatever happens to be on the host stack after that. Indeed the intention was to write 64 bytes of data at the address given. Fix the parameter to address_space_write(). Reported-by: Peter Maydell Link: https://lore.kernel.org/all/CAFEAcA-u4sytGwTKsb__Y+_+0O2-WwARntm3x8WN= hvL1WfHOBg@mail.gmail.com/ Fixes: 6bda41a69bdc ("hw/cxl: Add clear poison mailbox command support.") Cc: Jonathan Cameron Signed-off-by: Ira Weiny Message-Id: <20240531-fix-poison-set-cacheline-v1-1-e3bc7e8f1158@intel.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/mem/cxl_type3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c index 5d4a1276be..3274e5dcbb 100644 --- a/hw/mem/cxl_type3.c +++ b/hw/mem/cxl_type3.c @@ -1292,7 +1292,7 @@ static bool set_cacheline(CXLType3Dev *ct3d, uint64_t= dpa_offset, uint8_t *data) dpa_offset -=3D (vmr_size + pmr_size); } =20 - address_space_write(as, dpa_offset, MEMTXATTRS_UNSPECIFIED, &data, + address_space_write(as, dpa_offset, MEMTXATTRS_UNSPECIFIED, data, CXL_CACHE_LINE_SIZE); return true; } --=20 MST