From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Igor Mammedov <imammedo@redhat.com>,
Xiao Guangrong <guangrong.xiao@linux.intel.com>,
Haozhong Zhang <haozhong.zhang@intel.com>
Subject: [Qemu-devel] [PULL v2 01/59] nvdimm: fix header pointer in nvdimm_build_nfit()
Date: Sat, 9 Jan 2016 23:39:16 +0200 [thread overview]
Message-ID: <1452375528-16627-2-git-send-email-mst@redhat.com> (raw)
In-Reply-To: <1452375528-16627-1-git-send-email-mst@redhat.com>
From: Haozhong Zhang <haozhong.zhang@intel.com>
In the current nvdimm_build_nfit(), the pointer 'header' initially equals
to table_data->data + table_data->len. However, the following
g_array_append_vals(table_data, structures->data, structures->len)
may resize and relocate table_data->data[]. Therefore, the usage of 'header'
afterwards may be illegal.
This patch fixes this issue by storing an offset within table_data->data[]
(rather than an address) in 'header'.
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/acpi/nvdimm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index 9534418..df1b176 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -353,16 +353,18 @@ static void nvdimm_build_nfit(GSList *device_list, GArray *table_offsets,
GArray *table_data, GArray *linker)
{
GArray *structures = nvdimm_build_device_structure(device_list);
- void *header;
+ unsigned int header;
acpi_add_table(table_offsets, table_data);
/* NFIT header. */
- header = acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
+ header = table_data->len;
+ acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
/* NVDIMM device structures. */
g_array_append_vals(table_data, structures->data, structures->len);
- build_header(linker, table_data, header, "NFIT",
+ build_header(linker, table_data,
+ (void *)(table_data->data + header), "NFIT",
sizeof(NvdimmNfitHeader) + structures->len, 1, NULL);
g_array_free(structures, true);
}
--
MST
next prev parent reply other threads:[~2016-01-09 21:39 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-09 21:39 [Qemu-devel] [PULL v2 00/59] acpi dsdt rework, misc fixes Michael S. Tsirkin
2016-01-09 21:39 ` Michael S. Tsirkin [this message]
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 02/59] igd-passthrough: fix use of host_pci_config_read Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 03/59] hw/i386: fill in the CENTURY field of the FADT (FACP) ACPI table Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 04/59] tests: acpi: print ASL diff in verbose mode Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 05/59] pc: acpi: memhp: prepare context in SSDT for moving memhp DSDT code Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 06/59] pc: acpi: memhp: move MHPD._STA method into SSDT Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 07/59] pc: acpi: memhp: move MHPD.MLCK mutex " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 08/59] pc: acpi: memhp: move MHPD.MSCN method " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 09/59] pc: acpi: memhp: move MHPD.MRST " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 10/59] pc: acpi: memhp: move MHPD.MPXM " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 11/59] pc: acpi: memhp: move MHPD.MOST " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 12/59] pc: acpi: memhp: move MHPD.MEJ0 " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 13/59] pc: acpi: memhp: move MHPD.MCRS " Michael S. Tsirkin
2016-01-09 21:39 ` [Qemu-devel] [PULL v2 14/59] pc: acpi: memhp: move MHPD Device " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 15/59] pc: acpi: factor out memhp code from build_ssdt() into separate function Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 16/59] pc: acpi: memhp: move \_GPE._E03 into SSDT Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 17/59] pc: acpi: memhp: drop not needed stringify(MEMORY_foo) usage Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 18/59] pc: acpi: drop unused CPU_STATUS_LEN from DSDT Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 19/59] pc: acpi: cpuhp: move CPEJ() method to SSDT Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 20/59] pc: acpi: cpuhp: move CPMA() method into SSDT Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 21/59] pc: acpi: cpuhp: move CPST() " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 22/59] pc: acpi: cpuhp: move PRSC() " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 23/59] pc: acpi: cpuhp: move \_GPE._E02() " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 24/59] pc: acpi: factor out cpu hotplug code from build_ssdt() into separate function Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 25/59] pc: acpi: move HPET from DSDT to SSDT Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 26/59] pc: acpi: move DBUG() " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 27/59] pc: acpi: move RTC device " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 28/59] pc: acpi: move KBD " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 29/59] pc: acpi: move MOU " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 30/59] pc: acpi: move FDC0 " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 31/59] pc: acpi: move LPT " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 32/59] pc: acpi: move COM devices " Michael S. Tsirkin
2016-01-09 21:40 ` [Qemu-devel] [PULL v2 33/59] pc: acpi: move PIIX4 isa-bridge and pm devices into SSDT Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 34/59] pc: acpi: move remaining GPE handlers " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 35/59] pc: acpi: pci: move link devices " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 36/59] pc: acpi: piix4: move IQCR() " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 37/59] pc: acpi: piix4: move IQST() " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 38/59] pc: acpi: piix4: move PCI0._PRT() " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 39/59] pc: acpi: piix4: move remaining PCI hotplug bits " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 40/59] pc: acpi: piix4: acpi move PCI0 device to SSDT Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 41/59] pc: acpi: q35: move GSI links " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 42/59] pc: acpi: q35: move link devices " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 43/59] pc: acpi: q35: move IQCR() into SSDT Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 44/59] pc: acpi: q35: move IQST() " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 45/59] pc: acpi: q35: move ISA bridge " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 46/59] pc: acpi: q35: move _PRT() " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 47/59] pc: acpi: q35: move PRTA routing table " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 48/59] pc: acpi: q35: move PRTP " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 49/59] pc: acpi: q35: move _PIC() method " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 50/59] pc: acpi: q35: move PCI0._OSC() " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 51/59] pc: acpi: q35: move PCI0 device definition " Michael S. Tsirkin
2016-01-09 21:41 ` [Qemu-devel] [PULL v2 52/59] pc: acpi: q35: PCST, PCSB opregions and PCIB field " Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 53/59] pc: acpi: switch to AML API composed DSDT Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 54/59] pc: acpi: remove unused ASL templates and related blobs/utils Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 55/59] i386/pc: expose identifying the floppy controller Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 56/59] Add VMSTATE_STRUCT_VARRAY_KNOWN Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 57/59] migration/virtio: Remove simple .get/.put use Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 58/59] ivshmem: Store file descriptor for vhost-user negotiation Michael S. Tsirkin
2016-01-09 21:42 ` [Qemu-devel] [PULL v2 59/59] virtio: fix error message for number of queues Michael S. Tsirkin
2016-01-11 11:54 ` [Qemu-devel] [PULL v2 00/59] acpi dsdt rework, misc fixes Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1452375528-16627-2-git-send-email-mst@redhat.com \
--to=mst@redhat.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=haozhong.zhang@intel.com \
--cc=imammedo@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).