diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2019-03-06 14:15:26 +1100 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2019-03-12 14:33:04 +1100 |
commit | e075623aa517b0690ec978772df008d7e00ebce5 (patch) | |
tree | d0b587c2cfa1e04bb07f10ea4b2976bcd55d6a6d | |
parent | 176dcceedd084bc2db0a3e92123e2cfb453336e7 (diff) | |
download | qemu-e075623aa517b0690ec978772df008d7e00ebce5.zip qemu-e075623aa517b0690ec978772df008d7e00ebce5.tar.gz qemu-e075623aa517b0690ec978772df008d7e00ebce5.tar.bz2 |
spapr: Force SPAPR_MEMORY_BLOCK_SIZE to be a hwaddr (64-bit)
SPAPR_MEMORY_BLOCK_SIZE is logically a difference in memory addresses, and
hence of type hwaddr which is 64-bit. Previously it wasn't marked as such
which means that it could be treated as 32-bit. That will work in some
circumstances but if multiplied by another 32-bit value it could lead to
a 32-bit overflow and an incorrect result.
One specific instance of this in spapr_lmb_dt_populate() was spotted by
Coverity (CID 1399145).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | include/hw/ppc/spapr.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index ff1bd60..1311ebe 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -792,7 +792,7 @@ int spapr_rtc_import_offset(sPAPRRTCState *rtc, int64_t legacy_offset); #define TYPE_SPAPR_RNG "spapr-rng" -#define SPAPR_MEMORY_BLOCK_SIZE (1 << 28) /* 256MB */ +#define SPAPR_MEMORY_BLOCK_SIZE ((hwaddr)1 << 28) /* 256MB */ /* * This defines the maximum number of DIMM slots we can have for sPAPR |