From b859b919acc83ea12c5c5b2991afac47e9532660 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Thu, 3 Jun 2021 13:29:40 -0400 Subject: [PATCH 06/21] spapr: Don't hijack current_machine->boot_order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Miroslav Rezanina RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9 RH-Commit: [5/8] 04822ea86e438f013915cd46e09a33627a640a47 (mrezanin/centos-src-qemu-kvm) RH-Bugzilla: 1957194 RH-Acked-by: Daniel P. Berrangé RH-Acked-by: Greg Kurz RH-Acked-by: Laurent Vivier RH-Acked-by: Vitaly Kuznetsov From: Greg Kurz QEMU 6.0 moved all the -boot variables to the machine. Especially, the removal of the boot_order static changed the handling of '-boot once' from: if (boot_once) { qemu_boot_set(boot_once, &error_fatal); qemu_register_reset(restore_boot_order, g_strdup(boot_order)); } to if (current_machine->boot_once) { qemu_boot_set(current_machine->boot_once, &error_fatal); qemu_register_reset(restore_boot_order, g_strdup(current_machine->boot_order)); } This means that we now register as subsequent boot order a copy of current_machine->boot_once that was just set with the previous call to qemu_boot_set(), i.e. we never transition away from the once boot order. It is certainly fragile^Wwrong for the spapr code to hijack a field of the base machine type object like that. The boot order rework simply turned this software boundary violation into an actual bug. Have the spapr code to handle that with its own field in SpaprMachineState. Also kfree() the initial boot device string when "once" was used. Fixes: 4b7acd2ac821 ("vl: clean up -boot variables") Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1960119 Cc: pbonzini@redhat.com Signed-off-by: Greg Kurz Message-Id: <20210521160735.1901914-1-groug@kaod.org> Signed-off-by: David Gibson (cherry picked from commit 3bf0844f3be77b24cc8f56fc8df9ff199f8324cb) Signed-off-by: Greg Kurz Conflicts: include/hw/ppc/spapr.h Trivial context conflict because downstream has experimental support for secure guests (f23e4b5090ba). Signed-off-by: Danilo C. L. de Paula Signed-off-by: Miroslav Rezanina --- hw/ppc/spapr.c | 8 +++++--- include/hw/ppc/spapr.h | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 653574ba91..11db32c537 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1006,7 +1006,7 @@ static void spapr_dt_chosen(SpaprMachineState *spapr, void *fdt, bool reset) _FDT(chosen = fdt_add_subnode(fdt, 0, "chosen")); if (reset) { - const char *boot_device = machine->boot_order; + const char *boot_device = spapr->boot_device; char *stdout_path = spapr_vio_stdout_path(spapr->vio_bus); size_t cb = 0; char *bootlist = get_boot_devices_list(&cb); @@ -2364,8 +2364,10 @@ static SaveVMHandlers savevm_htab_handlers = { static void spapr_boot_set(void *opaque, const char *boot_device, Error **errp) { - MachineState *machine = MACHINE(opaque); - machine->boot_order = g_strdup(boot_device); + SpaprMachineState *spapr = SPAPR_MACHINE(opaque); + + g_free(spapr->boot_device); + spapr->boot_device = g_strdup(boot_device); } static void spapr_create_lmb_dr_connectors(SpaprMachineState *spapr) diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index 54cdde8980..6d15066bc3 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -227,6 +227,9 @@ struct SpaprMachineState { /* Secure Guest support via x-svm-allowed */ bool svm_allowed; + /* Set by -boot */ + char *boot_device; + /*< public >*/ char *kvm_type; char *host_model; -- 2.27.0