diff options
| author | David Gibson | 2019-03-06 04:15:26 +0100 |
|---|---|---|
| committer | David Gibson | 2019-03-12 04:33:04 +0100 |
| commit | e075623aa517b0690ec978772df008d7e00ebce5 (patch) | |
| tree | d0b587c2cfa1e04bb07f10ea4b2976bcd55d6a6d /include/hw/ppc | |
| parent | target/ppc/spapr: Clear partition table entry when allocating hash table (diff) | |
| download | qemu-e075623aa517b0690ec978772df008d7e00ebce5.tar.gz qemu-e075623aa517b0690ec978772df008d7e00ebce5.tar.xz qemu-e075623aa517b0690ec978772df008d7e00ebce5.zip | |
spapr: Force SPAPR_MEMORY_BLOCK_SIZE to be a hwaddr (64-bit)
SPAPR_MEMORY_BLOCK_SIZE is logically a difference in memory addresses, and
hence of type hwaddr which is 64-bit. Previously it wasn't marked as such
which means that it could be treated as 32-bit. That will work in some
circumstances but if multiplied by another 32-bit value it could lead to
a 32-bit overflow and an incorrect result.
One specific instance of this in spapr_lmb_dt_populate() was spotted by
Coverity (CID 1399145).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'include/hw/ppc')
| -rw-r--r-- | include/hw/ppc/spapr.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index ff1bd60615..1311ebe28e 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -792,7 +792,7 @@ int spapr_rtc_import_offset(sPAPRRTCState *rtc, int64_t legacy_offset); #define TYPE_SPAPR_RNG "spapr-rng" -#define SPAPR_MEMORY_BLOCK_SIZE (1 << 28) /* 256MB */ +#define SPAPR_MEMORY_BLOCK_SIZE ((hwaddr)1 << 28) /* 256MB */ /* * This defines the maximum number of DIMM slots we can have for sPAPR |