From: John Snow <jsnow@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>, qemu-devel@nongnu.org
Cc: Igor Mammedov <imammedo@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-stable@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] acpi: fix buffer overrun on migration
Date: Mon, 23 Nov 2015 14:23:03 -0500 [thread overview]
Message-ID: <56536797.8040002@redhat.com> (raw)
In-Reply-To: <1447939973-5147-1-git-send-email-mst@redhat.com>
On 11/19/2015 08:35 AM, Michael S. Tsirkin wrote:
> ich calls acpi_gpe_init with length ICH9_PMIO_GPE0_LEN so
> ICH9_PMIO_GPE0_LEN/2 bytes are allocated, but then the full
> ICH9_PMIO_GPE0_LEN bytes are migrated.
>
> As a quick work-around, allocate twice the memory.
> We'll probably want to tweak code to avoid
> migrating the extra ICH9_PMIO_GPE0_LEN/2 bytes,
> but that is a bit trickier to do without breaking
> migration compatibility.
>
> Tested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> hw/acpi/core.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/hw/acpi/core.c b/hw/acpi/core.c
> index fe6215a..21e113d 100644
> --- a/hw/acpi/core.c
> +++ b/hw/acpi/core.c
> @@ -625,8 +625,12 @@ void acpi_pm1_cnt_reset(ACPIREGS *ar)
> void acpi_gpe_init(ACPIREGS *ar, uint8_t len)
> {
> ar->gpe.len = len;
> - ar->gpe.sts = g_malloc0(len / 2);
> - ar->gpe.en = g_malloc0(len / 2);
> + /* Only first len / 2 bytes are ever used,
> + * but the caller in ich9.c migrates full len bytes.
> + * TODO: fix ich9.c and drop the extra allocation.
> + */
> + ar->gpe.sts = g_malloc0(len);
> + ar->gpe.en = g_malloc0(len);
> }
>
> void acpi_gpe_reset(ACPIREGS *ar)
>
Reviewed-by: John Snow <jsnow@redhat.com>
prev parent reply other threads:[~2015-11-23 19:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-19 13:35 [Qemu-devel] [PATCH] acpi: fix buffer overrun on migration Michael S. Tsirkin
2015-11-20 8:02 ` Igor Mammedov
2015-11-23 19:23 ` John Snow [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56536797.8040002@redhat.com \
--to=jsnow@redhat.com \
--cc=dgilbert@redhat.com \
--cc=imammedo@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.