cxl: Check the length of data requested fits in get_log()

Jonathan Cameron via Fri, 01 Nov 2024 06:42:20 -0700

Checking offset + length is of no relevance when verifying the CEL
data will fit in the mailbox payload. Only the length is is relevant.


Note that this removes a potential overflow.

Reported-by: Esifiel <esif...@gmail.com>
Signed-off-by: Jonathan Cameron <jonathan.came...@huawei.com>
---
 hw/cxl/cxl-mailbox-utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 27fadc4fa8..2aa7ffed84 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -947,7 +947,7 @@ static CXLRetCode cmd_logs_get_log(const struct cxl_cmd 
*cmd,
      * the only possible failure would be if the mailbox itself isn't big
      * enough.
      */
-    if (get_log->offset + get_log->length > cci->payload_max) {
+    if (get_log->length > cci->payload_max) {
         return CXL_MBOX_INVALID_INPUT;
     }
 
-- 
2.43.0

[PATCH qemu 05/10] hw/cxl: Check the length of data requested fits in get_log()

Reply via email to