[Qemu-devel] [PULL 47/47] acpi: fix assert failure caused by commit 35c5

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 47/47] acpi: fix assert failure caused by commit 35c5

From:	Michael S. Tsirkin
Subject:	[Qemu-devel] [PULL 47/47] acpi: fix assert failure caused by commit 35c5a52d
Date:	Sun, 30 Oct 2016 23:25:30 +0200

From: Haozhong Zhang <address@hidden>

Commit 35c5a52d "acpi: do not use TARGET_PAGE_SIZE" changed struct
NvdimmDsmIn from a variable-size structure to a fixed-size structure of
4096 bytes. It forgot to adjust an assert in
nvdimm_dsm_set_label_data(..., NvdimmDsmIn *in, ...):
    assert(sizeof(*in) + sizeof(*set_label_data) + set_label_data->length <=
           4096);
which could crash QEMU when guest writes NVDIMM labels.

Fix it by replacing sizeof(*in) by offsetof(NvdimmDsmIn, arg3).

Signed-off-by: Haozhong Zhang <address@hidden>
Reported-by: Dan Williams <address@hidden>
Tested-by: Dan Williams <address@hidden>
Reviewed-by: Xiao Guangrong <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
 hw/acpi/nvdimm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index fc1a012..602ec54 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -757,8 +757,8 @@ static void nvdimm_dsm_set_label_data(NVDIMMDevice *nvdimm, 
NvdimmDsmIn *in,
         return;
     }
 
-    assert(sizeof(*in) + sizeof(*set_label_data) + set_label_data->length <=
-           4096);
+    assert(offsetof(NvdimmDsmIn, arg3) +
+           sizeof(*set_label_data) + set_label_data->length <= 4096);
 
     nvc->write_label_data(nvdimm, set_label_data->in_buf,
                           set_label_data->length, set_label_data->offset);
-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PULL 37/47] nvdimm acpi: introduce fit buffer, (continued)
- [Qemu-devel] [PULL 38/47] nvdimm acpi: introduce _FIT, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 39/47] pc: memhp: enable nvdimm device hotplug, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 40/47] ipmi: Remove hotplug from IPMI BMCs, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 41/47] ipmi_bmc_sim: Remove an unnecessary mutex, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 42/47] ipmi: chassis poweroff should use qemu_system_shutdown_request(), Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 43/47] ipmi: Implement shutdown via ACPI overtemp, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 44/47] ipmi: fix build config variable name for ipmi_bmc_extern.o, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 45/47] ipmi: Add graceful shutdown handling to the external BMC, Michael S. Tsirkin, 2016/10/30
- [Qemu-devel] [PULL 47/47] acpi: fix assert failure caused by commit 35c5a52d, Michael S. Tsirkin <=
- [Qemu-devel] [PULL 46/47] acpi/ipmi: Initialize the fwinfo before fetching it, Michael S. Tsirkin, 2016/10/30
- Re: [Qemu-devel] [PULL 00/47] virtio, pc: fixes and features, Igor Mammedov, 2016/10/31
  - Re: [Qemu-devel] [PULL 00/47] virtio, pc: fixes and features, Michael S. Tsirkin, 2016/10/31

Prev by Date: [Qemu-devel] [PULL 45/47] ipmi: Add graceful shutdown handling to the external BMC
Next by Date: [Qemu-devel] [PULL 46/47] acpi/ipmi: Initialize the fwinfo before fetching it
Previous by thread: [Qemu-devel] [PULL 45/47] ipmi: Add graceful shutdown handling to the external BMC
Next by thread: [Qemu-devel] [PULL 46/47] acpi/ipmi: Initialize the fwinfo before fetching it
Index(es):
- Date
- Thread