c1c4d6b38b13 added the same offset + length validation twice in cmd_features_set_feature(), once for patrol scrub and once for ECS.
Factor that logic into a small helper so later patches can reuse the same check for the other Set Feature write-attribute branches. No functional change intended. Signed-off-by: Jia Jia <[email protected]> --- hw/cxl/cxl-mailbox-utils.c | 40 ++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c index d8ba7e8625..2e4cc5824d 100644 --- a/hw/cxl/cxl-mailbox-utils.c +++ b/hw/cxl/cxl-mailbox-utils.c @@ -1702,6 +1702,21 @@ static CXLRetCode cmd_features_get_feature(const struct cxl_cmd *cmd, return CXL_MBOX_SUCCESS; } +static CXLRetCode cxl_set_feature_copy(void *write_attrs, + size_t write_attrs_size, + uint16_t offset, + const void *payload, + uint16_t bytes_to_copy) +{ + if ((uint32_t)offset + bytes_to_copy > write_attrs_size) { + return CXL_MBOX_INVALID_PAYLOAD_LENGTH; + } + + memcpy((uint8_t *)write_attrs + offset, payload, bytes_to_copy); + + return CXL_MBOX_SUCCESS; +} + /* CXL r3.1 section 8.2.9.6.3: Set Feature (Opcode 0502h) */ static CXLRetCode cmd_features_set_feature(const struct cxl_cmd *cmd, uint8_t *payload_in, @@ -1713,6 +1728,7 @@ static CXLRetCode cmd_features_set_feature(const struct cxl_cmd *cmd, CXLSetFeatureInHeader *hdr = (void *)payload_in; CXLSetFeatureInfo *set_feat_info; uint16_t bytes_to_copy = 0; + CXLRetCode ret; uint8_t data_transfer_flag; CXLType3Dev *ct3d; uint16_t count; @@ -1760,13 +1776,13 @@ static CXLRetCode cmd_features_set_feature(const struct cxl_cmd *cmd, return CXL_MBOX_UNSUPPORTED; } - if ((uint32_t)hdr->offset + bytes_to_copy > - sizeof(ct3d->patrol_scrub_wr_attrs)) { - return CXL_MBOX_INVALID_PAYLOAD_LENGTH; + ret = cxl_set_feature_copy(&ct3d->patrol_scrub_wr_attrs, + sizeof(ct3d->patrol_scrub_wr_attrs), + hdr->offset, ps_write_attrs, + bytes_to_copy); + if (ret) { + return ret; } - memcpy((uint8_t *)&ct3d->patrol_scrub_wr_attrs + hdr->offset, - ps_write_attrs, - bytes_to_copy); set_feat_info->data_size += bytes_to_copy; if (data_transfer_flag == CXL_SET_FEATURE_FLAG_FULL_DATA_TRANSFER || @@ -1787,13 +1803,13 @@ static CXLRetCode cmd_features_set_feature(const struct cxl_cmd *cmd, return CXL_MBOX_UNSUPPORTED; } - if ((uint32_t)hdr->offset + bytes_to_copy > - sizeof(ct3d->ecs_wr_attrs)) { - return CXL_MBOX_INVALID_PAYLOAD_LENGTH; + ret = cxl_set_feature_copy(&ct3d->ecs_wr_attrs, + sizeof(ct3d->ecs_wr_attrs), + hdr->offset, ecs_write_attrs, + bytes_to_copy); + if (ret) { + return ret; } - memcpy((uint8_t *)&ct3d->ecs_wr_attrs + hdr->offset, - ecs_write_attrs, - bytes_to_copy); set_feat_info->data_size += bytes_to_copy; if (data_transfer_flag == CXL_SET_FEATURE_FLAG_FULL_DATA_TRANSFER || -- 2.34.1
