93c76555d8
In e820_add_entry() the e820_table is reallocated with g_renew() to make space for a new entry. However, fw_cfg_arch_create() just uses the existing e820_table pointer. This leads to a use-after-free if anything adds a new entry after fw_cfg is set up. Shift the addition of the etc/e820 file to the machine done notifier, via a new fw_cfg_add_e820() function. Also make e820_table private and use an e820_get_table() accessor function for it, which sets a flag that will trigger an assert() for any *later* attempts to add to the table. Make e820_add_entry() return void, as most callers don't check for error anyway. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Message-Id: <a2708734f004b224f33d3b4824e9a5a262431568.camel@infradead.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
||
|---|---|---|
| .. | ||
| hyperv-proto.h | ||
| hyperv-stub.c | ||
| hyperv.c | ||
| hyperv.h | ||
| kvm_i386.h | ||
| kvm-cpu.c | ||
| kvm.c | ||
| meson.build | ||
| trace-events | ||
| trace.h | ||
| xen-compat.h | ||
| xen-emu.c | ||
| xen-emu.h | ||