1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH 0/3] i386: fix handling of multiboot modules
  4. View patch

[Qemu-devel] [PATCH 1/3] i386: fix regression parsing multiboot initrd modules

Daniel P. Berrangé posted 3 patches 7 years, 5 months ago
[Qemu-devel] [PATCH 1/3] i386: fix regression parsing multiboot initrd modules
Posted by Daniel P. Berrangé 7 years, 5 months ago 
The logic for parsing the multiboot initrd modules was messed up in

  commit 950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Mon Apr 16 12:17:43 2018 +0100

    opts: don't silently truncate long option values

Causing the length to be undercounter, and the number of modules over
counted. It also passes NULL to get_opt_value() which was not robust
at accepting a NULL value.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 hw/i386/multiboot.c | 3 +--
 util/qemu-option.c  | 4 +++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 7a2953e26f..8e26545814 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -292,8 +292,7 @@ int load_multiboot(FWCfgState *fw_cfg,
     cmdline_len += strlen(kernel_cmdline) + 1;
     if (initrd_filename) {
         const char *r = get_opt_value(initrd_filename, NULL);
-        cmdline_len += strlen(r) + 1;
-        mbs.mb_mods_avail = 1;
+        cmdline_len += strlen(initrd_filename) + 1;
         while (1) {
             mbs.mb_mods_avail++;
             r = get_opt_value(r, NULL);
diff --git a/util/qemu-option.c b/util/qemu-option.c
index 58d1c23893..8a68bc2314 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -75,7 +75,9 @@ const char *get_opt_value(const char *p, char **value)
     size_t capacity = 0, length;
     const char *offset;
 
-    *value = NULL;
+    if (value) {
+        *value = NULL;
+    }
     while (1) {
         offset = strchr(p, ',');
         if (!offset) {
-- 
2.17.0
Re: [Qemu-devel] [PATCH 1/3] i386: fix regression parsing multiboot initrd modules
Posted by Peter Maydell 7 years, 5 months ago 
On 14 May 2018 at 18:19, Daniel P. Berrangé <berrange@redhat.com> wrote:
> The logic for parsing the multiboot initrd modules was messed up in
>
>   commit 950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a
>   Author: Daniel P. Berrangé <berrange@redhat.com>
>   Date:   Mon Apr 16 12:17:43 2018 +0100
>
>     opts: don't silently truncate long option values
>
> Causing the length to be undercounter, and the number of modules over
> counted. It also passes NULL to get_opt_value() which was not robust
> at accepting a NULL value.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  hw/i386/multiboot.c | 3 +--
>  util/qemu-option.c  | 4 +++-
>  2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
> index 7a2953e26f..8e26545814 100644
> --- a/hw/i386/multiboot.c
> +++ b/hw/i386/multiboot.c
> @@ -292,8 +292,7 @@ int load_multiboot(FWCfgState *fw_cfg,
>      cmdline_len += strlen(kernel_cmdline) + 1;
>      if (initrd_filename) {
>          const char *r = get_opt_value(initrd_filename, NULL);
> -        cmdline_len += strlen(r) + 1;
> -        mbs.mb_mods_avail = 1;
> +        cmdline_len += strlen(initrd_filename) + 1;
>          while (1) {
>              mbs.mb_mods_avail++;
>              r = get_opt_value(r, NULL);
> diff --git a/util/qemu-option.c b/util/qemu-option.c
> index 58d1c23893..8a68bc2314 100644
> --- a/util/qemu-option.c
> +++ b/util/qemu-option.c
> @@ -75,7 +75,9 @@ const char *get_opt_value(const char *p, char **value)
>      size_t capacity = 0, length;
>      const char *offset;
>
> -    *value = NULL;
> +    if (value) {
> +        *value = NULL;
> +    }
>      while (1) {
>          offset = strchr(p, ',');
>          if (!offset) {

Don't we delete this check again in patch 3? If we're
going to fix this by making multiboot.c not pass in NULL pointers,
is there a reason not to simply do that?

thanks
-- PMM
Re: [Qemu-devel] [PATCH 1/3] i386: fix regression parsing multiboot initrd modules
Posted by Daniel P. Berrangé 7 years, 5 months ago 
On Fri, May 18, 2018 at 06:54:48PM +0100, Peter Maydell wrote:
> On 14 May 2018 at 18:19, Daniel P. Berrangé <berrange@redhat.com> wrote:
> > The logic for parsing the multiboot initrd modules was messed up in
> >
> >   commit 950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a
> >   Author: Daniel P. Berrangé <berrange@redhat.com>
> >   Date:   Mon Apr 16 12:17:43 2018 +0100
> >
> >     opts: don't silently truncate long option values
> >
> > Causing the length to be undercounter, and the number of modules over
> > counted. It also passes NULL to get_opt_value() which was not robust
> > at accepting a NULL value.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> >  hw/i386/multiboot.c | 3 +--
> >  util/qemu-option.c  | 4 +++-
> >  2 files changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
> > index 7a2953e26f..8e26545814 100644
> > --- a/hw/i386/multiboot.c
> > +++ b/hw/i386/multiboot.c
> > @@ -292,8 +292,7 @@ int load_multiboot(FWCfgState *fw_cfg,
> >      cmdline_len += strlen(kernel_cmdline) + 1;
> >      if (initrd_filename) {
> >          const char *r = get_opt_value(initrd_filename, NULL);
> > -        cmdline_len += strlen(r) + 1;
> > -        mbs.mb_mods_avail = 1;
> > +        cmdline_len += strlen(initrd_filename) + 1;
> >          while (1) {
> >              mbs.mb_mods_avail++;
> >              r = get_opt_value(r, NULL);
> > diff --git a/util/qemu-option.c b/util/qemu-option.c
> > index 58d1c23893..8a68bc2314 100644
> > --- a/util/qemu-option.c
> > +++ b/util/qemu-option.c
> > @@ -75,7 +75,9 @@ const char *get_opt_value(const char *p, char **value)
> >      size_t capacity = 0, length;
> >      const char *offset;
> >
> > -    *value = NULL;
> > +    if (value) {
> > +        *value = NULL;
> > +    }
> >      while (1) {
> >          offset = strchr(p, ',');
> >          if (!offset) {
> 
> Don't we delete this check again in patch 3? If we're
> going to fix this by making multiboot.c not pass in NULL pointers,
> is there a reason not to simply do that?

That is correct, however, I wanted to do a really simple fix that addressed
the crasher regression, so that aspect of the fix wasn't obscured by the
bigger refactoring I do in 2 & 3.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [PATCH 1/3] i386: fix regression parsing multiboot initrd modules
Posted by Eduardo Habkost 7 years, 3 months ago 
On Mon, May 14, 2018 at 06:19:11PM +0100, Daniel P. Berrangé wrote:
> The logic for parsing the multiboot initrd modules was messed up in
> 
>   commit 950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a
>   Author: Daniel P. Berrangé <berrange@redhat.com>
>   Date:   Mon Apr 16 12:17:43 2018 +0100
> 
>     opts: don't silently truncate long option values
> 
> Causing the length to be undercounter, and the number of modules over
> counted. It also passes NULL to get_opt_value() which was not robust
> at accepting a NULL value.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

Queueing on x86-next.  Thanks.

-- 
Eduardo

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.