qemu-e2k/hw
Daniel P. Berrangé 10c3666658 hw/smbios: report error if table size is too large
The SMBIOS 2.1 entry point uses a uint16 data type for reporting the
total length of the tables. If the user passes -smbios configuration to
QEMU that causes the table size to exceed this limit then various bad
behaviours result, including

 - firmware hangs in an infinite loop
 - firmware triggers a KVM crash on bad memory access
 - firmware silently discards user's SMBIOS data replacing it with
   a generic data set.

Limiting the size to 0xffff in QEMU avoids triggering most of these
problems. There is a remaining bug in SeaBIOS which tries to prepend its
own data for table 0, and does not check whether there is sufficient
space before attempting this.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200923133804.2089190-3-berrange@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-09-29 02:15:24 -04:00
..
9pfs Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
acpi x68: acpi: trigger SMI before sending hotplug Notify event to OSPM 2020-09-29 02:15:24 -04:00
adc
alpha load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
arm load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
audio Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
avr Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
block vhost: recheck dev state in the vhost_migration_log routine 2020-09-29 02:14:29 -04:00
char Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
core virtio: skip legacy support check on machine types less than 5.1 2020-09-29 02:15:24 -04:00
cpu cpu/core: Register core-id and nr-threads as class properties 2020-09-22 16:48:29 -04:00
cris load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
display qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
dma Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
gpio Pull request trivial patches 20200919 2020-09-22 15:42:23 +01:00
hppa Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
hyperv qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
i2c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
i386 x86: acpi: introduce the PCI0.SMI0 ACPI device 2020-09-29 02:15:24 -04:00
ide Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
input Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
intc qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
isa x86: ich9: expose "smi_negotiated_features" as a QOM property 2020-09-29 02:15:24 -04:00
lm32 hw/sd/milkymist: Do not create SD card within the SD host controller 2020-08-21 16:22:43 +02:00
m68k Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
mem hw/mem: Stubbed out NPCM7xx Memory Controller model 2020-09-14 14:24:59 +01:00
microblaze load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
mips load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
misc Pull request 2020-09-24 18:48:45 +01:00
moxie load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
net qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
nios2 load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
nubus
nvram Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
openrisc meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
pci qom: simplify object_find_property / object_class_find_property 2020-09-22 16:45:16 -04:00
pci-bridge Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pci-host i440fx: Register i440FX-pcihost properties as class properties 2020-09-22 16:48:29 -04:00
pcmcia pxa2xx: Move QOM macros to header 2020-08-27 14:04:55 -04:00
ppc load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
rdma qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
riscv load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
rtc Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
rx Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
s390x vhost-vsock-ccw: force virtio version 1 2020-09-29 02:15:24 -04:00
scsi qom: simplify object_find_property / object_class_find_property 2020-09-22 16:45:16 -04:00
sd Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
semihosting
sh4 Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
smbios hw/smbios: report error if table size is too large 2020-09-29 02:15:24 -04:00
sparc Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
sparc64 Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ssi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
timer Pull request trivial patches 20200919 2020-09-22 15:42:23 +01:00
tpm Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
tricore meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
unicore32 meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
usb usb: fix u2f build 2020-09-22 16:40:56 +01:00
vfio Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
virtio virtio: update MemoryRegionCaches when guest set bad features 2020-09-29 02:15:24 -04:00
watchdog Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
xen Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
Kconfig
meson.build meson: convert hw/arch* 2020-08-21 06:30:33 -04:00