thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
9ae3a8
From f893c8d5665ce4c9978eb7428b57f5e84448836c Mon Sep 17 00:00:00 2001
9ae3a8
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
9ae3a8
Date: Wed, 13 Dec 2017 13:38:33 +0100
9ae3a8
Subject: [PATCH 02/41] fw_cfg: prevent selector key conflict
9ae3a8
MIME-Version: 1.0
9ae3a8
Content-Type: text/plain; charset=UTF-8
9ae3a8
Content-Transfer-Encoding: 8bit
9ae3a8
9ae3a8
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
9ae3a8
Message-id: <20171213133912.26176-3-marcandre.lureau@redhat.com>
9ae3a8
Patchwork-id: 78352
9ae3a8
O-Subject: [RHEL-7.5 qemu-kvm PATCH v3 02/41] fw_cfg: prevent selector key conflict
9ae3a8
Bugzilla: 1411490
9ae3a8
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
9ae3a8
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
9ae3a8
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
9ae3a8
From: "Gabriel L. Somlo" <somlo@cmu.edu>
9ae3a8
9ae3a8
Enforce a single assignment of data for each distinct selector key.
9ae3a8
9ae3a8
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
9ae3a8
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
9ae3a8
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9ae3a8
9ae3a8
(cherry picked from commit 0f9b214139d11ef058fa0f1c11c89e94fa6ef95d)
9ae3a8
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
9ae3a8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
---
9ae3a8
 hw/nvram/fw_cfg.c | 1 +
9ae3a8
 1 file changed, 1 insertion(+)
9ae3a8
9ae3a8
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
9ae3a8
index 9d7b99e..149e2fb 100644
9ae3a8
--- a/hw/nvram/fw_cfg.c
9ae3a8
+++ b/hw/nvram/fw_cfg.c
9ae3a8
@@ -380,6 +380,7 @@ static void fw_cfg_add_bytes_read_callback(FWCfgState *s, uint16_t key,
9ae3a8
     key &= FW_CFG_ENTRY_MASK;
9ae3a8
 
9ae3a8
     assert(key < FW_CFG_MAX_ENTRY && len < UINT32_MAX);
9ae3a8
+    assert(s->entries[arch][key].data == NULL); /* avoid key conflict */
9ae3a8
 
9ae3a8
     s->entries[arch][key].data = data;
9ae3a8
     s->entries[arch][key].len = (uint32_t)len;
9ae3a8
-- 
9ae3a8
1.8.3.1
9ae3a8