diff mbox series

[for-5.2,2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member

Message ID 20201104102248.32168-3-its@irrelevant.dk
State New
Headers show
Series [for-5.2,1/3] hw/block/nvme: fix null ns in register namespace | expand

Commit Message

Klaus Jensen Nov. 4, 2020, 10:22 a.m. UTC 
From: Klaus Jensen <k.jensen@samsung.com>

nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
uint16_t.

Reported-by: Coverity (CID 1436129)
Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
 hw/block/nvme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Max Reitz Nov. 4, 2020, 10:58 a.m. UTC | #1 
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>

> 

> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a

> uint16_t.

> 

> Reported-by: Coverity (CID 1436129)

> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")

> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>

> ---

>  hw/block/nvme.c | 2 +-

>  1 file changed, 1 insertion(+), 1 deletion(-)


Reviewed-by: Max Reitz <mreitz@redhat.com>
Philippe Mathieu-Daudé Nov. 4, 2020, 11:09 a.m. UTC | #2 
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
> 
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
> 
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
>  hw/block/nvme.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index 080d782f1c2b..2bdc50eb6fce 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
>               * segments and/or descriptors. The controller might accept
>               * ignoring the rest of the SGL.
>               */
> -            uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
> +            uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
>              if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {

I'm surprise the compiler doesn't warn here.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

>                  break;
>              }
>
diff mbox series

Patch

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 080d782f1c2b..2bdc50eb6fce 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -452,7 +452,7 @@  static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
              * segments and/or descriptors. The controller might accept
              * ignoring the rest of the SGL.
              */
-            uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
+            uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
             if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {
                 break;
             }