thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
5d360b
From f893c8d5665ce4c9978eb7428b57f5e84448836c Mon Sep 17 00:00:00 2001
5d360b
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
5d360b
Date: Wed, 13 Dec 2017 13:38:33 +0100
5d360b
Subject: [PATCH 02/41] fw_cfg: prevent selector key conflict
5d360b
MIME-Version: 1.0
5d360b
Content-Type: text/plain; charset=UTF-8
5d360b
Content-Transfer-Encoding: 8bit
5d360b
5d360b
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
5d360b
Message-id: <20171213133912.26176-3-marcandre.lureau@redhat.com>
5d360b
Patchwork-id: 78352
5d360b
O-Subject: [RHEL-7.5 qemu-kvm PATCH v3 02/41] fw_cfg: prevent selector key conflict
5d360b
Bugzilla: 1411490
5d360b
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
5d360b
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
5d360b
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
5d360b
5d360b
From: "Gabriel L. Somlo" <somlo@cmu.edu>
5d360b
5d360b
Enforce a single assignment of data for each distinct selector key.
5d360b
5d360b
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
5d360b
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5d360b
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5d360b
5d360b
(cherry picked from commit 0f9b214139d11ef058fa0f1c11c89e94fa6ef95d)
5d360b
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
5d360b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
5d360b
---
5d360b
 hw/nvram/fw_cfg.c | 1 +
5d360b
 1 file changed, 1 insertion(+)
5d360b
5d360b
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
5d360b
index 9d7b99e..149e2fb 100644
5d360b
--- a/hw/nvram/fw_cfg.c
5d360b
+++ b/hw/nvram/fw_cfg.c
5d360b
@@ -380,6 +380,7 @@ static void fw_cfg_add_bytes_read_callback(FWCfgState *s, uint16_t key,
5d360b
     key &= FW_CFG_ENTRY_MASK;
5d360b
 
5d360b
     assert(key < FW_CFG_MAX_ENTRY && len < UINT32_MAX);
5d360b
+    assert(s->entries[arch][key].data == NULL); /* avoid key conflict */
5d360b
 
5d360b
     s->entries[arch][key].data = data;
5d360b
     s->entries[arch][key].len = (uint32_t)len;
5d360b
-- 
5d360b
1.8.3.1
5d360b