summaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorHaozhong Zhang <haozhong.zhang@intel.com>2016-10-19 17:19:25 +0800
committerMichael S. Tsirkin <mst@redhat.com>2016-11-01 19:21:09 +0200
commit53000638f233d6ba1d584a68b74f2cde79615b80 (patch)
treeb450c7bfb462c17ce38fa779a0241eb7e6afa6a9 /hw
parent698ae42b9124dce23e03d0fea2e635b70540ef13 (diff)
downloadqemu-53000638f233d6ba1d584a68b74f2cde79615b80.tar.gz
qemu-53000638f233d6ba1d584a68b74f2cde79615b80.tar.bz2
qemu-53000638f233d6ba1d584a68b74f2cde79615b80.zip
acpi: fix assert failure caused by commit 35c5a52d
Commit 35c5a52d "acpi: do not use TARGET_PAGE_SIZE" changed struct NvdimmDsmIn from a variable-size structure to a fixed-size structure of 4096 bytes. It forgot to adjust an assert in nvdimm_dsm_set_label_data(..., NvdimmDsmIn *in, ...): assert(sizeof(*in) + sizeof(*set_label_data) + set_label_data->length <= 4096); which could crash QEMU when guest writes NVDIMM labels. Fix it by replacing sizeof(*in) by offsetof(NvdimmDsmIn, arg3). Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Reported-by: Dan Williams <dan.j.williams@intel.com> Tested-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/acpi/nvdimm.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index fc1a012ad8..602ec54485 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -757,8 +757,8 @@ static void nvdimm_dsm_set_label_data(NVDIMMDevice *nvdimm, NvdimmDsmIn *in,
return;
}
- assert(sizeof(*in) + sizeof(*set_label_data) + set_label_data->length <=
- 4096);
+ assert(offsetof(NvdimmDsmIn, arg3) +
+ sizeof(*set_label_data) + set_label_data->length <= 4096);
nvc->write_label_data(nvdimm, set_label_data->in_buf,
set_label_data->length, set_label_data->offset);