fc2527fb02
blk_getlength() returns an int64_t but the result is stored in a uint32_t. Errors (negative values) won't be caught by the check in pnv_pnor_realize() and blk_blockalign() will allocate a very large buffer in such cases. Fixes Coverity issue CID 1412226. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20200107171809.15556-3-clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
31 lines
648 B
C
31 lines
648 B
C
/*
|
|
* QEMU PowerNV PNOR simple model
|
|
*
|
|
* Copyright (c) 2019, IBM Corporation.
|
|
*
|
|
* This code is licensed under the GPL version 2 or later. See the
|
|
* COPYING file in the top-level directory.
|
|
*/
|
|
#ifndef _PPC_PNV_PNOR_H
|
|
#define _PPC_PNV_PNOR_H
|
|
|
|
/*
|
|
* PNOR offset on the LPC FW address space
|
|
*/
|
|
#define PNOR_SPI_OFFSET 0x0c000000UL
|
|
|
|
#define TYPE_PNV_PNOR "pnv-pnor"
|
|
#define PNV_PNOR(obj) OBJECT_CHECK(PnvPnor, (obj), TYPE_PNV_PNOR)
|
|
|
|
typedef struct PnvPnor {
|
|
SysBusDevice parent_obj;
|
|
|
|
BlockBackend *blk;
|
|
|
|
uint8_t *storage;
|
|
int64_t size;
|
|
MemoryRegion mmio;
|
|
} PnvPnor;
|
|
|
|
#endif /* _PPC_PNV_PNOR_H */
|