93c76555d8
In e820_add_entry() the e820_table is reallocated with g_renew() to make space for a new entry. However, fw_cfg_arch_create() just uses the existing e820_table pointer. This leads to a use-after-free if anything adds a new entry after fw_cfg is set up. Shift the addition of the etc/e820 file to the machine done notifier, via a new fw_cfg_add_e820() function. Also make e820_table private and use an e820_get_table() accessor function for it, which sets a flag that will trigger an assert() for any *later* attempts to add to the table. Make e820_add_entry() return void, as most callers don't check for error anyway. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Message-Id: <a2708734f004b224f33d3b4824e9a5a262431568.camel@infradead.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
33 lines
975 B
C
33 lines
975 B
C
/*
|
|
* QEMU fw_cfg helpers (X86 specific)
|
|
*
|
|
* Copyright (c) 2003-2004 Fabrice Bellard
|
|
*
|
|
* SPDX-License-Identifier: MIT
|
|
*/
|
|
|
|
#ifndef HW_I386_FW_CFG_H
|
|
#define HW_I386_FW_CFG_H
|
|
|
|
#include "hw/boards.h"
|
|
#include "hw/i386/pc.h"
|
|
#include "hw/nvram/fw_cfg.h"
|
|
|
|
#define FW_CFG_IO_BASE 0x510
|
|
|
|
#define FW_CFG_ACPI_TABLES (FW_CFG_ARCH_LOCAL + 0)
|
|
#define FW_CFG_SMBIOS_ENTRIES (FW_CFG_ARCH_LOCAL + 1)
|
|
#define FW_CFG_IRQ0_OVERRIDE (FW_CFG_ARCH_LOCAL + 2)
|
|
#define FW_CFG_HPET (FW_CFG_ARCH_LOCAL + 4)
|
|
|
|
FWCfgState *fw_cfg_arch_create(MachineState *ms,
|
|
uint16_t boot_cpus,
|
|
uint16_t apic_id_limit);
|
|
void fw_cfg_build_smbios(PCMachineState *pcms, FWCfgState *fw_cfg,
|
|
SmbiosEntryPointType ep_type);
|
|
void fw_cfg_build_feature_control(MachineState *ms, FWCfgState *fw_cfg);
|
|
void fw_cfg_add_acpi_dsdt(Aml *scope, FWCfgState *fw_cfg);
|
|
void fw_cfg_add_e820(FWCfgState *fw_cfg);
|
|
|
|
#endif
|