From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50512)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1Wj4Ub-0007Xa-NQ
	for qemu-devel@nongnu.org; Sat, 10 May 2014 06:27:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pl@kamp.de>) id 1Wj4UO-0004Pw-24
	for qemu-devel@nongnu.org; Sat, 10 May 2014 06:26:57 -0400
Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:58064 helo=mx01.kamp.de)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1Wj4UN-0004Pe-P0
	for qemu-devel@nongnu.org; Sat, 10 May 2014 06:26:44 -0400
From: Peter Lieven <pl@kamp.de>
Date: Sat, 10 May 2014 12:25:49 +0200
Message-Id: <1399717549-10961-1-git-send-email-pl@kamp.de>
Subject: [Qemu-devel] [PATCH] migration: catch unknown flags in ram_load
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: quintela@redhat.com, Peter Lieven <pl@kamp.de>, qemu-stable@nongnu.org, dgilbert@redhat.com, pbonzini@redhat.com

if a saved vm has unknown flags in the memory data qemu
currently simply ignores this flag and continues which
yields in an unpredictable result.

this patch catches all unknown flags and
aborts the loading of the vm.

CC: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
---
 arch_init.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 995f56d..582b716 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -1084,9 +1084,7 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
 
                 total_ram_bytes -= length;
             }
-        }
-
-        if (flags & RAM_SAVE_FLAG_COMPRESS) {
+        } else if (flags & RAM_SAVE_FLAG_COMPRESS) {
             void *host;
             uint8_t ch;
 
@@ -1121,6 +1119,9 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
             }
         } else if (flags & RAM_SAVE_FLAG_HOOK) {
             ram_control_load_hook(f, flags);
+        } else if (!(flags & RAM_SAVE_FLAG_EOS)) {
+            ret = -EINVAL;
+            goto done;
         }
         error = qemu_file_get_error(f);
         if (error) {
-- 
1.7.9.5