diff options
| author | Jonathan Cameron <Jonathan.Cameron@huawei.com> | 2024-03-08 14:38:31 +0000 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2024-03-12 17:59:48 -0400 |
| commit | bfc2f7a6caa6843e50019ee2511ad11cd5582711 (patch) | |
| tree | f58274f157f06411c9f2ba4a2b144f6c7efa743d /include | |
| parent | 74e2845c5f95b0c139c79233ddb65bb17f2dd679 (diff) | |
| download | qemu-bfc2f7a6caa6843e50019ee2511ad11cd5582711.zip qemu-bfc2f7a6caa6843e50019ee2511ad11cd5582711.tar.gz qemu-bfc2f7a6caa6843e50019ee2511ad11cd5582711.tar.bz2 | |
hw/cxl: Fix missing reserved data in CXL Device DVSEC
The r3.1 specification introduced a new 2 byte field, but
to maintain DWORD alignment, a additional 2 reserved bytes
were added. Forgot those in updating the structure definition
but did include them in the size define leading to a buffer
overrun.
Also use the define so that we don't duplicate the value.
Fixes: Coverity ID 1534095 buffer overrun
Fixes: 8700ee15de ("hw/cxl: Standardize all references on CXL r3.1 and minor updates")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240308143831.6256-1-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/hw/cxl/cxl_pci.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/hw/cxl/cxl_pci.h b/include/hw/cxl/cxl_pci.h index 265db6c..d0855ed 100644 --- a/include/hw/cxl/cxl_pci.h +++ b/include/hw/cxl/cxl_pci.h @@ -92,8 +92,9 @@ typedef struct CXLDVSECDevice { uint32_t range2_base_hi; uint32_t range2_base_lo; uint16_t cap3; + uint16_t resv; } QEMU_PACKED CXLDVSECDevice; -QEMU_BUILD_BUG_ON(sizeof(CXLDVSECDevice) != 0x3A); +QEMU_BUILD_BUG_ON(sizeof(CXLDVSECDevice) != PCIE_CXL_DEVICE_DVSEC_LENGTH); /* * CXL r3.1 Section 8.1.5: CXL Extensions DVSEC for Ports |