On Mon, Jun 03, 2024 at 02:53:35PM +0200, Philippe Mathieu-Daudé wrote: > On 31/5/24 18:22, Ira Weiny wrote: > > Peter and coverity report: > > > > We've passed '&data' to address_space_write(), which means "read > > from the address on the stack where the function argument 'data' > > lives", so instead of writing 64 bytes of data to the guest , > > we'll write 64 bytes which start with a host pointer value and > > then continue with whatever happens to be on the host stack > > after that. > > > > Indeed the intention was to write 64 bytes of data at the address given. > > > > Fix the parameter to address_space_write(). > > > > Reported-by: Peter Maydell <peter.mayd...@linaro.org> > > Link: > > https://lore.kernel.org/all/cafeaca-u4sytgwtksb__y+_+0o2-wwarntm3x8wnhvl1wfh...@mail.gmail.com/ > > Fixes: 6bda41a69bdc ("hw/cxl: Add clear poison mailbox command support.") > > Cc: Jonathan Cameron <jonathan.came...@huawei.com> > > Signed-off-by: Ira Weiny <ira.we...@intel.com> > > --- > > Compile tested only. Jonathan please double check me. > > --- > > hw/mem/cxl_type3.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Thanks, patch queued.
Had it queued too but sure, I can drop. -- MST
