| Message ID | 20200309144353.26457-6-philmd@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | hw/core/loader: Prohibit loading ROMs bigger than memory region | expand |
On Mon, Mar 09, 2020 at 03:43:53PM +0100, Philippe Mathieu-Daudé wrote: > Let rom_add_file_fixed() call rom_add_file() with a 'max_size' > argument, to avoid writing more than the available space for > the ROMs. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> ppc parts Acked-by: David Gibson <david@gibson.dropbear.id.au> > --- > include/hw/loader.h | 4 ++-- > hw/i386/x86.c | 2 +- > hw/ppc/sam460ex.c | 2 +- > hw/sparc64/niagara.c | 5 +++-- > 4 files changed, 7 insertions(+), 6 deletions(-) > > diff --git a/include/hw/loader.h b/include/hw/loader.h > index 34ac630eb1..30ed80128e 100644 > --- a/include/hw/loader.h > +++ b/include/hw/loader.h > @@ -292,8 +292,8 @@ int rom_copy(uint8_t *dest, hwaddr addr, size_t size); > void *rom_ptr(hwaddr addr, size_t size); > void hmp_info_roms(Monitor *mon, const QDict *qdict); > > -#define rom_add_file_fixed(_f, _a, _i) \ > - rom_add_file(_f, NULL, _a, -1, _i, false, NULL, NULL) > +#define rom_add_file_fixed(_f, _a, _ms, _i) \ > + rom_add_file(_f, NULL, _a, _ms, _i, false, NULL, NULL) > #define rom_add_blob_fixed(_f, _b, _l, _a) \ > rom_add_blob(_f, _b, _l, _l, _a, NULL, NULL, NULL, NULL, true) > #define rom_add_file_mr(_f, _mr, _i) \ > diff --git a/hw/i386/x86.c b/hw/i386/x86.c > index 7f38e6ba8b..bdac66206a 100644 > --- a/hw/i386/x86.c > +++ b/hw/i386/x86.c > @@ -783,7 +783,7 @@ void x86_bios_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw) > if (!isapc_ram_fw) { > memory_region_set_readonly(bios, true); > } > - ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1); > + ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), bios_size, -1); > if (ret != 0) { > bios_error: > fprintf(stderr, "qemu: could not load PC BIOS '%s'\n", bios_name); > diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c > index 898453cf30..5eab479ae5 100644 > --- a/hw/ppc/sam460ex.c > +++ b/hw/ppc/sam460ex.c > @@ -127,7 +127,7 @@ static int sam460ex_load_uboot(void) > " using default u-boot image");*/ > rom_add_file_fixed(UBOOT_FILENAME, > UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32), > - -1); > + UBOOT_SIZE, -1); > } > > return 0; > diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c > index f58d008d3d..4dd9a77dcb 100644 > --- a/hw/sparc64/niagara.c > +++ b/hw/sparc64/niagara.c > @@ -91,7 +91,7 @@ static void add_rom_or_fail(const char *file, const hwaddr addr, > /* XXX remove qtest_enabled() check once firmware files are > * in the qemu tree > */ > - if (!qtest_enabled() && rom_add_file_fixed(file, addr, -1)) { > + if (!qtest_enabled() && rom_add_file_fixed(file, addr, region_size, -1)) { > error_report("Unable to load a firmware for -M niagara"); > exit(1); > } > @@ -148,7 +148,8 @@ static void niagara_init(MachineState *machine) > memory_region_add_subregion(get_system_memory(), > NIAGARA_VDISK_BASE, &s->vdisk_ram); > dinfo->is_default = 1; > - rom_add_file_fixed(blk_bs(blk)->filename, NIAGARA_VDISK_BASE, -1); > + rom_add_file_fixed(blk_bs(blk)->filename, NIAGARA_VDISK_BASE, > + size, -1); > } else { > error_report("could not load ram disk '%s'", > blk_bs(blk)->filename);
diff --git a/include/hw/loader.h b/include/hw/loader.h index 34ac630eb1..30ed80128e 100644 --- a/include/hw/loader.h +++ b/include/hw/loader.h @@ -292,8 +292,8 @@ int rom_copy(uint8_t *dest, hwaddr addr, size_t size); void *rom_ptr(hwaddr addr, size_t size); void hmp_info_roms(Monitor *mon, const QDict *qdict); -#define rom_add_file_fixed(_f, _a, _i) \ - rom_add_file(_f, NULL, _a, -1, _i, false, NULL, NULL) +#define rom_add_file_fixed(_f, _a, _ms, _i) \ + rom_add_file(_f, NULL, _a, _ms, _i, false, NULL, NULL) #define rom_add_blob_fixed(_f, _b, _l, _a) \ rom_add_blob(_f, _b, _l, _l, _a, NULL, NULL, NULL, NULL, true) #define rom_add_file_mr(_f, _mr, _i) \ diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 7f38e6ba8b..bdac66206a 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -783,7 +783,7 @@ void x86_bios_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw) if (!isapc_ram_fw) { memory_region_set_readonly(bios, true); } - ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1); + ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), bios_size, -1); if (ret != 0) { bios_error: fprintf(stderr, "qemu: could not load PC BIOS '%s'\n", bios_name); diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c index 898453cf30..5eab479ae5 100644 --- a/hw/ppc/sam460ex.c +++ b/hw/ppc/sam460ex.c @@ -127,7 +127,7 @@ static int sam460ex_load_uboot(void) " using default u-boot image");*/ rom_add_file_fixed(UBOOT_FILENAME, UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32), - -1); + UBOOT_SIZE, -1); } return 0; diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c index f58d008d3d..4dd9a77dcb 100644 --- a/hw/sparc64/niagara.c +++ b/hw/sparc64/niagara.c @@ -91,7 +91,7 @@ static void add_rom_or_fail(const char *file, const hwaddr addr, /* XXX remove qtest_enabled() check once firmware files are * in the qemu tree */ - if (!qtest_enabled() && rom_add_file_fixed(file, addr, -1)) { + if (!qtest_enabled() && rom_add_file_fixed(file, addr, region_size, -1)) { error_report("Unable to load a firmware for -M niagara"); exit(1); } @@ -148,7 +148,8 @@ static void niagara_init(MachineState *machine) memory_region_add_subregion(get_system_memory(), NIAGARA_VDISK_BASE, &s->vdisk_ram); dinfo->is_default = 1; - rom_add_file_fixed(blk_bs(blk)->filename, NIAGARA_VDISK_BASE, -1); + rom_add_file_fixed(blk_bs(blk)->filename, NIAGARA_VDISK_BASE, + size, -1); } else { error_report("could not load ram disk '%s'", blk_bs(blk)->filename);
Let rom_add_file_fixed() call rom_add_file() with a 'max_size' argument, to avoid writing more than the available space for the ROMs. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- include/hw/loader.h | 4 ++-- hw/i386/x86.c | 2 +- hw/ppc/sam460ex.c | 2 +- hw/sparc64/niagara.c | 5 +++-- 4 files changed, 7 insertions(+), 6 deletions(-)