diff options
| author | David Woodhouse <dwmw2@infradead.org> | 2024-06-19 14:03:08 +0100 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2024-07-03 18:14:06 -0400 |
| commit | 93c76555d842b5d84b95f66abecb6b19545338d9 (patch) | |
| tree | 9a03bf9e127b98ed016f6f3979b08a33bd13b54b /target/i386 | |
| parent | e9fd827711ed47edfe8cf23036a56e5a83f2bfda (diff) | |
hw/i386/fw_cfg: Add etc/e820 to fw_cfg late
In e820_add_entry() the e820_table is reallocated with g_renew() to make
space for a new entry. However, fw_cfg_arch_create() just uses the
existing e820_table pointer. This leads to a use-after-free if anything
adds a new entry after fw_cfg is set up.
Shift the addition of the etc/e820 file to the machine done notifier, via
a new fw_cfg_add_e820() function.
Also make e820_table private and use an e820_get_table() accessor function
for it, which sets a flag that will trigger an assert() for any *later*
attempts to add to the table.
Make e820_add_entry() return void, as most callers don't check for error
anyway.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Message-Id: <a2708734f004b224f33d3b4824e9a5a262431568.camel@infradead.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'target/i386')
| -rw-r--r-- | target/i386/kvm/kvm.c | 6 | ||||
| -rw-r--r-- | target/i386/kvm/xen-emu.c | 7 |
2 files changed, 2 insertions, 11 deletions
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index dd8b0f3313..bf182570fe 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2706,11 +2706,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) } /* Tell fw_cfg to notify the BIOS to reserve the range. */ - ret = e820_add_entry(identity_base, 0x4000, E820_RESERVED); - if (ret < 0) { - fprintf(stderr, "e820_add_entry() table is full\n"); - return ret; - } + e820_add_entry(identity_base, 0x4000, E820_RESERVED); shadow_mem = object_property_get_int(OBJECT(s), "kvm-shadow-mem", &error_abort); if (shadow_mem != -1) { diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c index fc2c2321ac..2f89dc628e 100644 --- a/target/i386/kvm/xen-emu.c +++ b/target/i386/kvm/xen-emu.c @@ -176,12 +176,7 @@ int kvm_xen_init(KVMState *s, uint32_t hypercall_msr) s->xen_caps = xen_caps; /* Tell fw_cfg to notify the BIOS to reserve the range. */ - ret = e820_add_entry(XEN_SPECIAL_AREA_ADDR, XEN_SPECIAL_AREA_SIZE, - E820_RESERVED); - if (ret < 0) { - fprintf(stderr, "e820_add_entry() table is full\n"); - return ret; - } + e820_add_entry(XEN_SPECIAL_AREA_ADDR, XEN_SPECIAL_AREA_SIZE, E820_RESERVED); /* The pages couldn't be overlaid until KVM was initialized */ xen_primary_console_reset(); |