|
|
016a62 |
From 07c499baed0c800e43cd6ec867fc465dea43567d Mon Sep 17 00:00:00 2001
|
|
|
016a62 |
From: Markus Armbruster <armbru@redhat.com>
|
|
|
016a62 |
Date: Mon, 7 Oct 2019 07:35:08 +0100
|
|
|
016a62 |
Subject: [PATCH 15/22] fw_cfg: Fix -boot reboot-timeout error checking
|
|
|
016a62 |
MIME-Version: 1.0
|
|
|
016a62 |
Content-Type: text/plain; charset=UTF-8
|
|
|
016a62 |
Content-Transfer-Encoding: 8bit
|
|
|
016a62 |
|
|
|
016a62 |
RH-Author: Markus Armbruster <armbru@redhat.com>
|
|
|
016a62 |
Message-id: <20191007073509.5887-4-armbru@redhat.com>
|
|
|
016a62 |
Patchwork-id: 90979
|
|
|
016a62 |
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 3/4] fw_cfg: Fix -boot reboot-timeout error checking
|
|
|
016a62 |
Bugzilla: 1607367
|
|
|
016a62 |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
016a62 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
016a62 |
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
016a62 |
|
|
|
016a62 |
From: Li Qiang <liq3ea@gmail.com>
|
|
|
016a62 |
|
|
|
016a62 |
fw_cfg_reboot() gets option parameter "reboot-timeout" with
|
|
|
016a62 |
qemu_opt_get(), then converts it to an integer by hand. It neglects to
|
|
|
016a62 |
check that conversion for errors, and fails to reject negative values.
|
|
|
016a62 |
Positive values above the limit get reported and replaced by the limit.
|
|
|
016a62 |
This patch checks for conversion errors properly, and reject all values
|
|
|
016a62 |
outside 0...0xffff.
|
|
|
016a62 |
|
|
|
016a62 |
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
|
|
016a62 |
Reviewed-by: Markus Armbruster <armbru@redhat.com>
|
|
|
016a62 |
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
016a62 |
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
016a62 |
Message-Id: <1542777026-2788-3-git-send-email-liq3ea@gmail.com>
|
|
|
016a62 |
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
016a62 |
(cherry picked from commit ee5d0f89de3e53cdb0dcf51acc1502b310ed3bd2)
|
|
|
016a62 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
016a62 |
---
|
|
|
016a62 |
hw/nvram/fw_cfg.c | 27 +++++++++++++--------------
|
|
|
016a62 |
vl.c | 2 +-
|
|
|
016a62 |
2 files changed, 14 insertions(+), 15 deletions(-)
|
|
|
016a62 |
|
|
|
016a62 |
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
|
|
|
016a62 |
index d7185ea..02ab458 100644
|
|
|
016a62 |
--- a/hw/nvram/fw_cfg.c
|
|
|
016a62 |
+++ b/hw/nvram/fw_cfg.c
|
|
|
016a62 |
@@ -176,26 +176,25 @@ static void fw_cfg_bootsplash(FWCfgState *s)
|
|
|
016a62 |
|
|
|
016a62 |
static void fw_cfg_reboot(FWCfgState *s)
|
|
|
016a62 |
{
|
|
|
016a62 |
- int reboot_timeout = -1;
|
|
|
016a62 |
- char *p;
|
|
|
016a62 |
- const char *temp;
|
|
|
016a62 |
+ const char *reboot_timeout = NULL;
|
|
|
016a62 |
+ int64_t rt_val = -1;
|
|
|
016a62 |
|
|
|
016a62 |
/* get user configuration */
|
|
|
016a62 |
QemuOptsList *plist = qemu_find_opts("boot-opts");
|
|
|
016a62 |
QemuOpts *opts = QTAILQ_FIRST(&plist->head);
|
|
|
016a62 |
- if (opts != NULL) {
|
|
|
016a62 |
- temp = qemu_opt_get(opts, "reboot-timeout");
|
|
|
016a62 |
- if (temp != NULL) {
|
|
|
016a62 |
- p = (char *)temp;
|
|
|
016a62 |
- reboot_timeout = strtol(p, &p, 10);
|
|
|
016a62 |
+ reboot_timeout = qemu_opt_get(opts, "reboot-timeout");
|
|
|
016a62 |
+
|
|
|
016a62 |
+ if (reboot_timeout) {
|
|
|
016a62 |
+ rt_val = qemu_opt_get_number(opts, "reboot-timeout", -1);
|
|
|
016a62 |
+ /* validate the input */
|
|
|
016a62 |
+ if (rt_val < 0 || rt_val > 0xffff) {
|
|
|
016a62 |
+ error_report("reboot timeout is invalid,"
|
|
|
016a62 |
+ "it should be a value between 0 and 65535");
|
|
|
016a62 |
+ exit(1);
|
|
|
016a62 |
}
|
|
|
016a62 |
}
|
|
|
016a62 |
- /* validate the input */
|
|
|
016a62 |
- if (reboot_timeout > 0xffff) {
|
|
|
016a62 |
- error_report("reboot timeout is larger than 65535, force it to 65535.");
|
|
|
016a62 |
- reboot_timeout = 0xffff;
|
|
|
016a62 |
- }
|
|
|
016a62 |
- fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&reboot_timeout, 4), 4);
|
|
|
016a62 |
+
|
|
|
016a62 |
+ fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_val, 4), 4);
|
|
|
016a62 |
}
|
|
|
016a62 |
|
|
|
016a62 |
static void fw_cfg_write(FWCfgState *s, uint8_t value)
|
|
|
016a62 |
diff --git a/vl.c b/vl.c
|
|
|
016a62 |
index e2212f5..3cee95f 100644
|
|
|
016a62 |
--- a/vl.c
|
|
|
016a62 |
+++ b/vl.c
|
|
|
016a62 |
@@ -367,7 +367,7 @@ static QemuOptsList qemu_boot_opts = {
|
|
|
016a62 |
.type = QEMU_OPT_NUMBER,
|
|
|
016a62 |
}, {
|
|
|
016a62 |
.name = "reboot-timeout",
|
|
|
016a62 |
- .type = QEMU_OPT_STRING,
|
|
|
016a62 |
+ .type = QEMU_OPT_NUMBER,
|
|
|
016a62 |
}, {
|
|
|
016a62 |
.name = "strict",
|
|
|
016a62 |
.type = QEMU_OPT_BOOL,
|
|
|
016a62 |
--
|
|
|
016a62 |
1.8.3.1
|
|
|
016a62 |
|