Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-14 Thread Michael Tokarev
14.09.2023 15:59, Philippe Mathieu-Daudé wrote: Cc: qemu-sta...@nongnu.org for stable-8.1. [not related to this particular patch] Maybe this can help if we specify the releases range as a comment in the Cc tag, for example here: Cc: qemu-sta...@nongnu.org # v8.1 and if it were a range: Cc:

Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-14 Thread Philippe Mathieu-Daudé
On 14/9/23 14:38, Michael Tokarev wrote: 14.09.2023 15:37, Michael Tokarev: 13.09.2023 13:10, Dmitry Frolov wrote: According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But

Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-14 Thread Michael Tokarev
14.09.2023 15:37, Michael Tokarev: 13.09.2023 13:10, Dmitry Frolov wrote: According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But it is staticaly declared of length 8. Thus

Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-14 Thread Michael Tokarev
13.09.2023 13:10, Dmitry Frolov wrote: According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But it is staticaly declared of length 8. Thus, out of bound array access may occu

Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-13 Thread Jonathan Cameron via
On Wed, 13 Sep 2023 13:36:46 +0200 Philippe Mathieu-Daudé wrote: > Hi Dmitry, > > On 13/9/23 12:10, Dmitry Frolov wrote: > > According to cxl_interleave_ways_enc(), > > fw->num_targets is allowed to be up to 16. > > This also corresponds to CXL specs. > > So, the fw->target_hbs[] array is iterat

Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-13 Thread Philippe Mathieu-Daudé
Hi Dmitry, On 13/9/23 12:10, Dmitry Frolov wrote: According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But it is staticaly declared of length 8. "statically" Thus, out o

Re: [PATCH] hw/cxl: Fix out of bound array access

2023-09-13 Thread Jonathan Cameron via
On Wed, 13 Sep 2023 13:10:56 +0300 Dmitry Frolov wrote: > According to cxl_interleave_ways_enc(), > fw->num_targets is allowed to be up to 16. > This also corresponds to CXL specs. > So, the fw->target_hbs[] array is iterated from 0 to 15. > But it is staticaly declared of length 8. > Thus, out o

[PATCH] hw/cxl: Fix out of bound array access

2023-09-13 Thread Dmitry Frolov
According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But it is staticaly declared of length 8. Thus, out of bound array access may occur. Fixes: c28db9e000 ("hw/pci-bridge: Ma