[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 4/6] ppc/spapr: Fix possible pa_features memory overflow
From: |
Nicholas Piggin |
Subject: |
[PATCH 4/6] ppc/spapr: Fix possible pa_features memory overflow |
Date: |
Mon, 17 Mar 2025 15:23:36 +1000 |
Coverity reports a possible memory overflow in spapr_dt_pa_features().
This should not be a true bug since DAWR1 cap is only be true for
CPU_POWERPC_LOGICAL_3_10. Add an assertion to ensure any bug there is
caught.
Resolves: Coverity CID 1593722
Fixes: 5f361ea187ba ("ppc: spapr: Enable 2nd DAWR on Power10 pSeries machine")
Cc: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Cc: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
hw/ppc/spapr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index a415e51d077..9865d7147ff 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -296,6 +296,7 @@ static void spapr_dt_pa_features(SpaprMachineState *spapr,
pa_features[40 + 2] &= ~0x80; /* Radix MMU */
}
if (spapr_get_cap(spapr, SPAPR_CAP_DAWR1)) {
+ g_assert(pa_size > 66);
pa_features[66] |= 0x80;
}
--
2.47.1
- [PATCH 0/6] ppc small fixes for 10.0, Nicholas Piggin, 2025/03/17
- [PATCH 2/6] pnv/xive: Fix possible undefined shift error in group size calculation, Nicholas Piggin, 2025/03/17
- [PATCH 1/6] ppc/xive: Fix typo in crowd block level calculation, Nicholas Piggin, 2025/03/17
- [PATCH 3/6] ppc/xive2: Fix logical / bitwise comparison typo, Nicholas Piggin, 2025/03/17
- [PATCH 4/6] ppc/spapr: Fix possible pa_features memory overflow,
Nicholas Piggin <=
- [PATCH 5/6] ppc/pnv: Move the PNOR LPC address into struct PnvPnor, Nicholas Piggin, 2025/03/17
- [PATCH 6/6] ppc/pnv: Fix system symbols in HOMER structure definitions, Nicholas Piggin, 2025/03/17