diff options
| author | David Woodhouse <dwmw2@infradead.org> | 2024-06-19 14:03:08 +0100 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2024-07-03 18:14:06 -0400 |
| commit | 93c76555d842b5d84b95f66abecb6b19545338d9 (patch) | |
| tree | 9a03bf9e127b98ed016f6f3979b08a33bd13b54b /hw/i386/pc.c | |
| parent | e9fd827711ed47edfe8cf23036a56e5a83f2bfda (diff) | |
| download | focaccia-qemu-93c76555d842b5d84b95f66abecb6b19545338d9.tar.gz focaccia-qemu-93c76555d842b5d84b95f66abecb6b19545338d9.zip | |
hw/i386/fw_cfg: Add etc/e820 to fw_cfg late
In e820_add_entry() the e820_table is reallocated with g_renew() to make space for a new entry. However, fw_cfg_arch_create() just uses the existing e820_table pointer. This leads to a use-after-free if anything adds a new entry after fw_cfg is set up. Shift the addition of the etc/e820 file to the machine done notifier, via a new fw_cfg_add_e820() function. Also make e820_table private and use an e820_get_table() accessor function for it, which sets a flag that will trigger an assert() for any *later* attempts to add to the table. Make e820_add_entry() return void, as most callers don't check for error anyway. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Message-Id: <a2708734f004b224f33d3b4824e9a5a262431568.camel@infradead.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/i386/pc.c')
| -rw-r--r-- | hw/i386/pc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 77415064c6..d2c29fbfcb 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -625,6 +625,7 @@ void pc_machine_done(Notifier *notifier, void *data) acpi_setup(); if (x86ms->fw_cfg) { fw_cfg_build_smbios(pcms, x86ms->fw_cfg, pcms->smbios_entry_point_type); + fw_cfg_add_e820(x86ms->fw_cfg); fw_cfg_build_feature_control(MACHINE(pcms), x86ms->fw_cfg); /* update FW_CFG_NB_CPUS to account for -device added CPUs */ fw_cfg_modify_i16(x86ms->fw_cfg, FW_CFG_NB_CPUS, x86ms->boot_cpus); |