1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than the used size

Igor Mammedov posted 1 patch 5 years ago
Test docker-mingw@fedora passed
Test docker-clang@ubuntu passed
Test checkpatch passed
Test asan passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1554982098-336210-1-git-send-email-imammedo@redhat.com
hw/core/loader.c | 1 +
1 file changed, 1 insertion(+)
[Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than the used size
Posted by Igor Mammedov 5 years ago 
It would ensure that we would notice attempt to write beyond
the allocated buffer. In case of MemoryRegion backed ROM it's
the host buffer and the guest RAM otherwise.

assert can be triggered with:
  dd if=/dev/zero of=/tmp/blob bs=63k count=1
  qemu-system-x86_64 `for  i in {1..33}; do echo -n " -acpitable /tmp/blob"; done`

Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)

Reported-by: Wei Yang <richardw.yang@linux.intel.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
---
 hw/core/loader.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index fe5cb24..a097bbe 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len,
     rom->addr     = addr;
     rom->romsize  = max_len ? max_len : len;
     rom->datasize = len;
+    g_assert(rom->romsize >= rom->datasize);
     rom->data     = g_malloc0(rom->datasize);
     memcpy(rom->data, blob, len);
     rom_insert(rom);
-- 
2.7.4
Re: [Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than the used size
Posted by Stefano Garzarella 5 years ago 
On Thu, Apr 11, 2019 at 01:28:18PM +0200, Igor Mammedov wrote:
> It would ensure that we would notice attempt to write beyond
> the allocated buffer. In case of MemoryRegion backed ROM it's
> the host buffer and the guest RAM otherwise.
> 
> assert can be triggered with:
>   dd if=/dev/zero of=/tmp/blob bs=63k count=1
>   qemu-system-x86_64 `for  i in {1..33}; do echo -n " -acpitable /tmp/blob"; done`
> 
> Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)
> 
> Reported-by: Wei Yang <richardw.yang@linux.intel.com>
> Signed-off-by: Igor Mammedov <imammedo@redhat.com>
> ---
>  hw/core/loader.c | 1 +
>  1 file changed, 1 insertion(+)
> 

Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Tested-by: Stefano Garzarella <sgarzare@redhat.com>

Thanks,
Stefano
Re: [Qemu-devel] [PATCH for-4.1] roms: assert if max rom size is less than the used size
Posted by Paolo Bonzini 5 years ago 
On 12/04/19 10:02, Stefano Garzarella wrote:
> On Thu, Apr 11, 2019 at 01:28:18PM +0200, Igor Mammedov wrote:
>> It would ensure that we would notice attempt to write beyond
>> the allocated buffer. In case of MemoryRegion backed ROM it's
>> the host buffer and the guest RAM otherwise.
>>
>> assert can be triggered with:
>>   dd if=/dev/zero of=/tmp/blob bs=63k count=1
>>   qemu-system-x86_64 `for  i in {1..33}; do echo -n " -acpitable /tmp/blob"; done`
>>
>> Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)
>>
>> Reported-by: Wei Yang <richardw.yang@linux.intel.com>
>> Signed-off-by: Igor Mammedov <imammedo@redhat.com>
>> ---
>>  hw/core/loader.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
> 
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> Tested-by: Stefano Garzarella <sgarzare@redhat.com>
> 
> Thanks,
> Stefano
> 

Queued, thanks.

Paolo

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.