[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 12/24] hostmem: Validate host-nodes before setting bi
From: |
Eduardo Habkost |
Subject: |
[Qemu-devel] [PULL 12/24] hostmem: Validate host-nodes before setting bitmap |
Date: |
Tue, 11 Dec 2018 16:01:17 -0200 |
host_memory_backend_set_host_nodes() was not validating
host-nodes before writing to backend->host_nodes, making QEMU
write beyond the end of the bitmap.
Fix the crash and add a simple regression test for the fix.
While at it, fix memory leak of the list returned by
visit_type_uint16List().
Reported-by: Markus Armbruster <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Stefano Garzarella <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Reviewed-by: Igor Mammedov <address@hidden>
[ehabkost: removed test case code]
Signed-off-by: Eduardo Habkost <address@hidden>
---
backends/hostmem.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/backends/hostmem.c b/backends/hostmem.c
index 1a89342039..af800284e0 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -103,14 +103,23 @@ host_memory_backend_set_host_nodes(Object *obj, Visitor
*v, const char *name,
{
#ifdef CONFIG_NUMA
HostMemoryBackend *backend = MEMORY_BACKEND(obj);
- uint16List *l = NULL;
+ uint16List *l, *host_nodes = NULL;
- visit_type_uint16List(v, name, &l, errp);
+ visit_type_uint16List(v, name, &host_nodes, errp);
- while (l) {
+ for (l = host_nodes; l; l = l->next) {
+ if (l->value >= MAX_NODES) {
+ error_setg(errp, "Invalid host-nodes value: %d", l->value);
+ goto out;
+ }
+ }
+
+ for (l = host_nodes; l; l = l->next) {
bitmap_set(backend->host_nodes, l->value, 1);
- l = l->next;
}
+
+out:
+ qapi_free_uint16List(host_nodes);
#else
error_setg(errp, "NUMA node binding are not supported by this QEMU");
#endif
--
2.18.0.rc1.1.g3f1ff2140
- [Qemu-devel] [PULL 02/24] hw/timer/sun4v-rtc: Fix tracing at sun4v_rtc_write(), (continued)
- [Qemu-devel] [PULL 02/24] hw/timer/sun4v-rtc: Fix tracing at sun4v_rtc_write(), Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 04/24] Deprecate QMP `cpu-add`, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 01/24] hostmem-file: remove object id from pmem error message, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 05/24] Deprecate HMP `cpu-add`, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 07/24] memory-device: use QEMU_IS_ALIGNED, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 06/24] range: pass const pointer where possible, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 08/24] memory-device: avoid overflows on very huge devices, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 09/24] move ObjectClass to typedefs.h, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 11/24] numa: Match struct to typedef name, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 10/24] i386: Rename bools in PCMachineState to end in _enabled, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 12/24] hostmem: Validate host-nodes before setting bitmap,
Eduardo Habkost <=
- [Qemu-devel] [PULL 16/24] spapr: Use default_machine_opts to set suppress_vmdesc, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 18/24] pc: Use default_machine_opts to set suppress_vmdesc, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 14/24] virt: Eliminate separate instance_init functions, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 13/24] q35/440fx/arm/spapr: Add QEMU 4.0 machine type, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 17/24] spapr: Delete instance_options functions, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 15/24] spapr: Use default_machine_opts to set use_hotplug_event_source, Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 19/24] tests: qdev_prop_check_globals() doesn't return "all_used", Eduardo Habkost, 2018/12/11
- [Qemu-devel] [PULL 20/24] qom: make interface types abstract, Eduardo Habkost, 2018/12/11