Whilst the spec doesn't speak to it directly my assumption is that
a request for more operations than exist should result in an invalid
input error return.
Fixes: 77a8e9fe0ecb ("hw/cxl/cxl-mailbox-utils: Add support for Media
operations discovery commands cxl r3.2 (8.2.10.9.5.3)")
Closes:
https://lore.kernel.org/qemu-devel/cafeaca-p5wzknxk7wnvq_3pazee-muod1def-0o-fspck4d...@mail.gmail.com/
Reported-by: Peter Maydell <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
---
hw/cxl/cxl-mailbox-utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index d8f62a13a8ec..2f449980cdc0 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -2547,7 +2547,7 @@ static CXLRetCode media_operations_discovery(uint8_t
*payload_in,
* sub class command.
*/
if (media_op_in_disc_pl->dpa_range_count ||
- start_index > ARRAY_SIZE(media_op_matrix)) {
+ start_index + num_ops > ARRAY_SIZE(media_op_matrix)) {
return CXL_MBOX_INVALID_INPUT;
}
--
2.48.1
