From patchwork Mon Nov 18 12:46:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 844079 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:8b:b0:382:43a8:7b94 with SMTP id m11csp594711wrx; Mon, 18 Nov 2024 04:47:20 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVL1/oCCtyzjYoBX+fux7s4amfJD3LgqRLi6bu27AP5Jyohrp42Izl6xEu0wZSQL6jXwOtNnw==@linaro.org X-Google-Smtp-Source: AGHT+IHRXlsj7B1rIh0zUoAm/108NwCSHX1KV9xxLVvCqvNA/rxfuod/2bb2VPElb/k0GQTSnfPR X-Received: by 2002:a05:6214:4306:b0:6d3:ac2c:c43b with SMTP id 6a1803df08f44-6d3fb7a7ec5mr195923986d6.13.1731934040491; Mon, 18 Nov 2024 04:47:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731934040; cv=none; d=google.com; s=arc-20240605; b=OvME6COKxSSgvSlYg3Nn1L6K0D9QkZOISCWJ5LxZ/ukdXn70548SihAWlrQ5UMjVxq HeXpiinuprdS4Dcwe8A8WAXc/YwFLEsqlJ8w5HQYo8bbQWVYecx4qLx6gPwj7derxFOc 7FwqRiK2AooXaA/+ur0J3itU3+be54ZLAPa9aZTqbQ9HQR1QB6HCf/KlsMuAWBDRgynJ D5aYBv+D7F73FkmFnOhJurZXGKUYMCfruG/jOtvqlX6QzfSWyf9G9Yp/24pUTddRQmR0 FB4zYF/Tu6YSbd41e/i3FpIadobh6JxIMiLRfpImkuWQ1rlNI9+Xh4nR2R01akHN8Ghx 5TBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GKQcu6yyxgnJym09mQmqk/PdgN/HdWF9BDJSP2Hzwtk=; fh=INBbOnHqZJMYqUEbRsRUJynX5maLU1KhQAe80ndxNds=; b=DMdbY04OOiTKWLZ8+BbShMUAixL6gqGJWfu7C1dQSwm3ak1dZlZefquuxn2PeiyYId KfqkNrYaYN1B9X7BU7wtGVrx2yoa7rN4+d6XeGqj04k3e1xaKM5olGaAqFXxoJ5ZYEpe VK/4hqcEasMmwm4Zsrmy7OZA1f5it76kBt06gey/h8C4if9cPr9jHEgkOUlrwbPsGQNo voZNctChxrHf4JV6PIJvFuATn1Q5yoLC1EWSIyixyMpbFu0Bru6GCjzQbm3GCCbnnvQ9 KZa+NKIsv1N8yPy17NAc6ldhAqbZD5Gf9vVyUFd3OtAV7nDJMoGoIBDJXnEORXf+IqS/ RQ9g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BFdlMj8d; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6d40dc3fe7bsi63222436d6.249.2024.11.18.04.47.20 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 18 Nov 2024 04:47:20 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BFdlMj8d; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tD19o-0002yz-66; Mon, 18 Nov 2024 07:47:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tD19m-0002yd-JR for qemu-devel@nongnu.org; Mon, 18 Nov 2024 07:47:06 -0500 Received: from mail-wr1-x434.google.com ([2a00:1450:4864:20::434]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tD19k-0005Ns-Ql for qemu-devel@nongnu.org; Mon, 18 Nov 2024 07:47:06 -0500 Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-3822b77da55so1514713f8f.1 for ; Mon, 18 Nov 2024 04:47:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1731934023; x=1732538823; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GKQcu6yyxgnJym09mQmqk/PdgN/HdWF9BDJSP2Hzwtk=; b=BFdlMj8dE1vOYtRZRJP6ljP1/sztQMndGcBWIscTpwK4wwc4aQnvFRMax0FVF39p1i 05slaTO78xIz/zuhiMNGdqzTAFJxvTNekxXGOQUV2LTatkF0cALPC+vwQyHEybx1ox/Y MgHMVWZPOXEq273C7WPoKTSTUcJaHnO841FQLVIFCZ2BQFExCO5UZoo1m9d6pu3Ref2o ELr9X75TxJfw3jlvhuZKpyy0FUY00aEqKWhQ1cAsyB7ZJTNrQ9qpYgJ4j93RZMgavQ9Z OB9MFoEOWpGoiJpe/vqpaBkEhXreZSjmHDQlYlnSEti8IOE6bvLicwGeZpaC9GpKXvuQ tyfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731934023; x=1732538823; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GKQcu6yyxgnJym09mQmqk/PdgN/HdWF9BDJSP2Hzwtk=; b=Q9ttgvL4HVIO4iuIf9N8Oo8LpoOm9x2+Cxj5WB6ebvVMdbnml9zEwpHD5+S+GXXQp7 G2wZRsL4nfG5uwwqfjkVqAkSLar33NZ+HXrEIR0wGtgThWmx8EcnykeT59hGDHnF9byT Qh09hMmUNJp5dw6ACMDT77zOdLcIsozssRu/WcsMO/zGUph6un656ehRzreyTH1/pUhB p/GDJ1E7zLRWoNi363bschaFuiYHGYvjjxAokZZEdi9VRVYncPFy3save9wGphMddxrg vRbu1ItWbjZomMYv9+ZEQjDAXP9wsa8Z+KjTTHhT7iwr0SbgVQ496jw7O/5fHbdfQp2Q zhVg== X-Gm-Message-State: AOJu0YwYFJcSbjKzVDzir+pvHJcN4o7xJ6/Ky/FnXXkUmpIDCnw6nOaq 8pyCplz50LBTOO72yLzMU4r14c3SKWaomnGMheWhW3MAW1+9D6RaDllI1XYnAyTXQoHizDXOVKN O X-Received: by 2002:a5d:5889:0:b0:367:8e57:8 with SMTP id ffacd0b85a97d-38214064639mr15163179f8f.19.1731934022793; Mon, 18 Nov 2024 04:47:02 -0800 (PST) Received: from localhost.localdomain ([176.187.198.1]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3821ae161d8sm12987275f8f.78.2024.11.18.04.47.01 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Mon, 18 Nov 2024 04:47:02 -0800 (PST) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Sergio Lopez , "Michael S . Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [PULL 03/15] hw/i386/elfboot: allocate "header" in heap Date: Mon, 18 Nov 2024 13:46:30 +0100 Message-ID: <20241118124643.6958-4-philmd@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241118124643.6958-1-philmd@linaro.org> References: <20241118124643.6958-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::434; envelope-from=philmd@linaro.org; helo=mail-wr1-x434.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Sergio Lopez In x86_load_linux(), we were using a stack-allocated array as data for fw_cfg_add_bytes(). Since the latter just takes a reference to the pointer instead of copying the data, it can happen that the contents have been overridden by the time the guest attempts to access them. Instead of using the stack-allocated array, allocate some memory from the heap, copy the contents of the array, and use it for fw_cfg. Signed-off-by: Sergio Lopez Reviewed-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20241109053748.13183-1-slp@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/i386/x86-common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index bc360a9ea4..dc031af662 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -697,9 +697,11 @@ void x86_load_linux(X86MachineState *x86ms, strlen(kernel_cmdline) + 1); fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline); + setup = g_memdup2(header, sizeof(header)); + fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, sizeof(header)); fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, - header, sizeof(header)); + setup, sizeof(header)); /* load initrd */ if (initrd_filename) {