From bfc2f7a6caa6843e50019ee2511ad11cd5582711 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron Date: Fri, 8 Mar 2024 14:38:31 +0000 Subject: hw/cxl: Fix missing reserved data in CXL Device DVSEC The r3.1 specification introduced a new 2 byte field, but to maintain DWORD alignment, a additional 2 reserved bytes were added. Forgot those in updating the structure definition but did include them in the size define leading to a buffer overrun. Also use the define so that we don't duplicate the value. Fixes: Coverity ID 1534095 buffer overrun Fixes: 8700ee15de ("hw/cxl: Standardize all references on CXL r3.1 and minor updates") Reported-by: Peter Maydell Signed-off-by: Jonathan Cameron Message-Id: <20240308143831.6256-1-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- include/hw/cxl/cxl_pci.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/hw/cxl/cxl_pci.h b/include/hw/cxl/cxl_pci.h index 265db6c..d0855ed 100644 --- a/include/hw/cxl/cxl_pci.h +++ b/include/hw/cxl/cxl_pci.h @@ -92,8 +92,9 @@ typedef struct CXLDVSECDevice { uint32_t range2_base_hi; uint32_t range2_base_lo; uint16_t cap3; + uint16_t resv; } QEMU_PACKED CXLDVSECDevice; -QEMU_BUILD_BUG_ON(sizeof(CXLDVSECDevice) != 0x3A); +QEMU_BUILD_BUG_ON(sizeof(CXLDVSECDevice) != PCIE_CXL_DEVICE_DVSEC_LENGTH); /* * CXL r3.1 Section 8.1.5: CXL Extensions DVSEC for Ports -- cgit v1.1