Message ID | 20220214141237.47946-4-ani@anisinha.ca (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | hw/smbios: fix table memory corruption with large memory vms | expand |
On Mon, 14 Feb 2022 19:42:36 +0530 Ani Sinha <ani@anisinha.ca> wrote: > Since change b3cddba9c14b034 ("hw/smbios: fix table memory corruption with large memory vms") > we reserve additional space between handle numbers of tables 17 and 19 for > large VMs. This may cause table 19 to collide with table 32 in their handle > numbers for those large VMs. This change adds an assertion to ensure numbers > do not collide. If they do, qemu crashes with useful debug information for > taking additional steps. > > Signed-off-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Igor Mammedov <imammedo@redhat.com> > --- > hw/smbios/smbios.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > changelog: > v3: reworded the commit log and comment in code. > > diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c > index 44c53797a4..1f8d5c252f 100644 > --- a/hw/smbios/smbios.c > +++ b/hw/smbios/smbios.c > @@ -1048,6 +1048,12 @@ void smbios_get_tables(MachineState *ms, > mem_array[i].length); > } > > + /* > + * make sure 16 bit handle numbers in the headers of tables 19 > + * and 32 do not overlap. > + */ > + assert((mem_array_size + offset) < (T32_BASE - T19_BASE)); > + > smbios_build_type_32_table(); > smbios_build_type_38_table(); > smbios_build_type_41_table(errp);
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c index 44c53797a4..1f8d5c252f 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c @@ -1048,6 +1048,12 @@ void smbios_get_tables(MachineState *ms, mem_array[i].length); } + /* + * make sure 16 bit handle numbers in the headers of tables 19 + * and 32 do not overlap. + */ + assert((mem_array_size + offset) < (T32_BASE - T19_BASE)); + smbios_build_type_32_table(); smbios_build_type_38_table(); smbios_build_type_41_table(errp);
Since change b3cddba9c14b034 ("hw/smbios: fix table memory corruption with large memory vms") we reserve additional space between handle numbers of tables 17 and 19 for large VMs. This may cause table 19 to collide with table 32 in their handle numbers for those large VMs. This change adds an assertion to ensure numbers do not collide. If they do, qemu crashes with useful debug information for taking additional steps. Signed-off-by: Ani Sinha <ani@anisinha.ca> --- hw/smbios/smbios.c | 6 ++++++ 1 file changed, 6 insertions(+) changelog: v3: reworded the commit log and comment in code.