git.ipfire.org Git - thirdparty/qemu.git/commit

author	Peter Maydell <peter.maydell@linaro.org>
	Thu, 26 Mar 2020 10:53:49 +0000 (10:53 +0000)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Wed, 10 Jun 2020 02:00:52 +0000 (21:00 -0500)
commit	33be7aa9b6bea692e7ba615db1c97820051dc435
tree	5e9448f9de9ca54937ff1a9878c0b4b032bea7e4	tree
parent	8f5728cb97f25c9bfe86dc4b2eaa2156ebcc0c15	commit \| diff

hw/i386/amd_iommu.c: Fix corruption of log events passed to guest

In the function amdvi_log_event(), we write an event log buffer
entry into guest ram, whose contents are passed to the function
via the "uint64_t *evt" argument. Unfortunately, a spurious
'&' in the call to dma_memory_write() meant that instead of
writing the event to the guest we would write the literal value
of the pointer, plus whatever was in the following 8 bytes
on the stack. This error was spotted by Coverity.

Fix the bug by removing the '&'.

Fixes: CID 1421945
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200326105349.24588-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 32a2d6b1f6b4405f0fc20c031e61d5d48e3d9cd1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>