From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: patches@linaro.org, Stefan Hajnoczi <stefanha@redhat.com>,
Eric Blake <eblake@redhat.com>,
"Daniel P . Berrange" <berrange@redhat.com>,
Li Zhijian <lizhijian@cn.fujitsu.com>,
Philip Li <philip.li@intel.com>,
Peter Crosthwaite <crosthwaite.peter@gmail.com>,
Alexander Graf <agraf@suse.de>, Kevin Wolf <kwolf@redhat.com>,
Max Reitz <mreitz@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
David Gibson <david@gibson.dropbear.id.au>,
Igor Mammedov <imammedo@redhat.com>,
qemu-block@nongnu.org, qemu-ppc@nongnu.org
Subject: [Qemu-devel] [PATCH 00/10] Remove deprecated load_image() function
Date: Fri, 30 Nov 2018 15:17:02 +0000 [thread overview]
Message-ID: <20181130151712.2312-1-peter.maydell@linaro.org> (raw)
This patchset removes the load_image() function, which we noted
in a comment as being deprecated in 2008 but were still using
in a handful of places. All the use cases are bugs of some
kind or another, either straightforward "no length checking
at all" or "doesn't cope with the file getting larger between
get_image_size()'s length check and the read in load_image()".
IRC consensus was that this doesn't rise to the level of a
security issue since the images being loaded should either
be trusted or the management layer app should be fencing things
off to ensure they don't change underfoot.
The replacement is either:
* g_file_get_contents(), in places where we were previously
explicitly g_malloc()ing a buffer to load the image
* load_image_size(), in places where we load the image
into a pre-existing buffer, MemoryRegion, etc
The final patch in the series adds a documentation comment
for load_image_size().
Notes:
* tested only with "make check"
* I'm not a huge fan of load_image_size()'s "truncate overlength
images" (as opposed to considering that an error), but I've
documented what we have, rather than what we might like to have
* some of the callsites of load_image() had no error checking;
I've added it as part of the changeover
thanks
-- PMM
Peter Maydell (10):
hw/ppc/mac_newworld, mac_oldworld: Don't use load_image()
hw/ppc/ppc405_boards: Don't use load_image()
hw/smbios/smbios.c: Don't use load_image()
hw/pci/pci.c: Don't use load_image()
hw/i386/pc.c: Don't use load_image()
hw/i386/multiboot.c: Don't use load_image()
hw/block/tc58128.c: Don't use load_image()
device_tree.c: Don't use load_image()
hw/core/loader.c: Remove load_image()
include/hw/loader.h: Document load_image_size()
include/hw/loader.h | 17 ++++++++++++++++-
device_tree.c | 2 +-
hw/block/tc58128.c | 3 ++-
hw/core/loader.c | 25 -------------------------
hw/i386/multiboot.c | 6 +++++-
hw/i386/pc.c | 22 ++++++++++++----------
hw/pci/pci.c | 6 +++++-
hw/ppc/mac_newworld.c | 10 ++++------
hw/ppc/mac_oldworld.c | 10 ++++------
hw/ppc/ppc405_boards.c | 12 ++++++++----
hw/smbios/smbios.c | 2 +-
11 files changed, 58 insertions(+), 57 deletions(-)
--
2.19.1
next reply other threads:[~2018-11-30 15:17 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 15:17 Peter Maydell [this message]
2018-11-30 15:17 ` [Qemu-devel] [PATCH 01/10] hw/ppc/mac_newworld, mac_oldworld: Don't use load_image() Peter Maydell
2018-11-30 20:08 ` Eric Blake
2018-12-02 8:54 ` David Gibson
2018-11-30 15:17 ` [Qemu-devel] [PATCH 02/10] hw/ppc/ppc405_boards: " Peter Maydell
2018-11-30 20:20 ` Eric Blake
2018-12-02 8:55 ` David Gibson
2018-11-30 15:17 ` [Qemu-devel] [PATCH 03/10] hw/smbios/smbios.c: " Peter Maydell
2018-11-30 20:21 ` Eric Blake
2018-11-30 15:17 ` [Qemu-devel] [PATCH 04/10] hw/pci/pci.c: " Peter Maydell
2018-11-30 20:22 ` Eric Blake
2018-11-30 15:17 ` [Qemu-devel] [PATCH 05/10] hw/i386/pc.c: " Peter Maydell
2018-11-30 20:26 ` Eric Blake
2018-12-01 11:52 ` Peter Maydell
2018-11-30 15:17 ` [Qemu-devel] [PATCH 06/10] hw/i386/multiboot.c: " Peter Maydell
2018-11-30 20:28 ` Eric Blake
2018-11-30 15:17 ` [Qemu-devel] [PATCH 07/10] hw/block/tc58128.c: " Peter Maydell
2018-11-30 20:30 ` Eric Blake
2018-11-30 15:17 ` [Qemu-devel] [PATCH 08/10] device_tree.c: " Peter Maydell
2018-11-30 20:31 ` Eric Blake
2018-11-30 15:17 ` [Qemu-devel] [PATCH 09/10] hw/core/loader.c: Remove load_image() Peter Maydell
2018-11-30 20:32 ` Eric Blake
2018-11-30 15:17 ` [Qemu-devel] [PATCH 10/10] include/hw/loader.h: Document load_image_size() Peter Maydell
2018-11-30 20:33 ` Eric Blake
2018-12-01 3:25 ` [Qemu-devel] [PATCH 00/10] Remove deprecated load_image() function no-reply
2018-12-03 15:45 ` Richard Henderson
2018-12-05 13:45 ` Stefan Hajnoczi
2018-12-05 13:58 ` Michael S. Tsirkin
2018-12-14 11:30 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181130151712.2312-1-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=agraf@suse.de \
--cc=berrange@redhat.com \
--cc=crosthwaite.peter@gmail.com \
--cc=david@gibson.dropbear.id.au \
--cc=eblake@redhat.com \
--cc=imammedo@redhat.com \
--cc=kwolf@redhat.com \
--cc=lizhijian@cn.fujitsu.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=patches@linaro.org \
--cc=philip.li@intel.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).