[PATCH v2 1/3] hw/cxl: Fix handling of component ID to not assume it is a string

Fri, 06 Mar 2026 02:16:04 -0800 

From: Shiju Jose <[email protected]>

Add following fixes,
1. Coverity reports a warning (CID 1645325) for use of strncpy() in
handling of component ID. In cxl_create_mem_sparing_event_records(),
fix handling of component ID to not assume it is a string by replacing
strncpy with memcpy to solve this warning and copy the entire component
ID data, which is 16 bytes.

2. In cxl_maintenance_insert(),
 - replace strncpy with memcpy to copy full data because component ID,
   which is 16 bytes data.
 - remove memset which is not required.

Fixes: 5e5a86bab830("hw/cxl: Add support for Maintenance command and Post 
Package Repair (PPR)")
Closes 
("https://lore.kernel.org/qemu-devel/cafeaca_csve4tuvm3o_-ba4hxvi2xathgx5t97amgtqkw_k...@mail.gmail.com/";)
Reported-by: Peter Maydell <[email protected]>
Signed-off-by: Shiju Jose <[email protected]>
---
 hw/cxl/cxl-mailbox-utils.c | 4 ++--
 hw/mem/cxl_type3.c         | 4 +---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index c83b5f90d4..9c99422cd4 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -1994,8 +1994,8 @@ static void 
cxl_create_mem_sparing_event_records(CXLType3Dev *ct3d,
         stw_le_p(&event_rec.column, ent->column);
         event_rec.sub_channel = ent->sub_channel;
         if (ent->validity_flags & CXL_MSER_VALID_COMP_ID) {
-            strncpy((char *)event_rec.component_id, (char *)ent->component_id,
-                    sizeof(event_rec.component_id));
+            memcpy(event_rec.component_id, ent->component_id,
+                   sizeof(event_rec.component_id));
         }
     } else if (sparing_pi) {
         event_rec.flags = CXL_MSER_FLAGS_QUERY_RESOURCES;
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 4739239da3..3cb1096e16 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -1767,7 +1767,6 @@ static void cxl_maintenance_insert(CXLType3Dev *ct3d, 
uint64_t dpa,
         }
     }
     m = g_new0(CXLMaintenance, 1);
-    memset(m, 0, sizeof(*m));
     m->dpa = dpa;
     m->validity_flags = 0;
 
@@ -1804,8 +1803,7 @@ static void cxl_maintenance_insert(CXLType3Dev *ct3d, 
uint64_t dpa,
         m->validity_flags |= CXL_MSER_VALID_SUB_CHANNEL;
     }
     if (component_id) {
-        strncpy((char *)m->component_id, component_id,
-                sizeof(m->component_id) - 1);
+        memcpy(m->component_id, component_id, sizeof(m->component_id));
         m->validity_flags |= CXL_MSER_VALID_COMP_ID;
         if (has_comp_id_pldm && is_comp_id_pldm) {
             m->validity_flags |= CXL_MSER_VALID_COMP_ID_FORMAT;
-- 
2.43.0

Reply via email to