93c76555d8
In e820_add_entry() the e820_table is reallocated with g_renew() to make space for a new entry. However, fw_cfg_arch_create() just uses the existing e820_table pointer. This leads to a use-after-free if anything adds a new entry after fw_cfg is set up. Shift the addition of the etc/e820 file to the machine done notifier, via a new fw_cfg_add_e820() function. Also make e820_table private and use an e820_get_table() accessor function for it, which sets a flag that will trigger an assert() for any *later* attempts to add to the table. Make e820_add_entry() return void, as most callers don't check for error anyway. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Message-Id: <a2708734f004b224f33d3b4824e9a5a262431568.camel@infradead.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
31 lines
697 B
C
31 lines
697 B
C
/*
|
|
* QEMU BIOS e820 routines
|
|
*
|
|
* Copyright (c) 2003-2004 Fabrice Bellard
|
|
*
|
|
* SPDX-License-Identifier: MIT
|
|
*/
|
|
|
|
#ifndef HW_I386_E820_MEMORY_LAYOUT_H
|
|
#define HW_I386_E820_MEMORY_LAYOUT_H
|
|
|
|
/* e820 types */
|
|
#define E820_RAM 1
|
|
#define E820_RESERVED 2
|
|
#define E820_ACPI 3
|
|
#define E820_NVS 4
|
|
#define E820_UNUSABLE 5
|
|
|
|
struct e820_entry {
|
|
uint64_t address;
|
|
uint64_t length;
|
|
uint32_t type;
|
|
} QEMU_PACKED __attribute((__aligned__(4)));
|
|
|
|
void e820_add_entry(uint64_t address, uint64_t length, uint32_t type);
|
|
bool e820_get_entry(int index, uint32_t type,
|
|
uint64_t *address, uint64_t *length);
|
|
int e820_get_table(struct e820_entry **table);
|
|
|
|
#endif
|