summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Kiszka <jan.kiszka@web.de>2009-07-02 21:50:49 +0200
committerAvi Kivity <avi@redhat.com>2009-07-06 10:47:48 +0300
commit4c6fee4f9d8ea7256b8eabfd8e4afeaf703820d9 (patch)
tree4192193a8b761153610cc28441af5f9df5e736f7 /qemu-kvm-x86.c
parentFix warning with DEVICE_ASSIGNMENT disabled (diff)
downloadqemu-kvm-4c6fee4f9d8ea7256b8eabfd8e4afeaf703820d9.tar.gz
qemu-kvm-4c6fee4f9d8ea7256b8eabfd8e4afeaf703820d9.tar.bz2
qemu-kvm-4c6fee4f9d8ea7256b8eabfd8e4afeaf703820d9.zip
Work around borken MSR_GET_INDEX_LIST
Allocate enough memory for KVM_GET_MSR_INDEX_LIST as older kernels shot far beyond their limits, corrupting user space memory. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'qemu-kvm-x86.c')
-rw-r--r--qemu-kvm-x86.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
index d6735c1d6..e528acbdf 100644
--- a/qemu-kvm-x86.c
+++ b/qemu-kvm-x86.c
@@ -349,7 +349,10 @@ struct kvm_msr_list *kvm_get_msr_list(kvm_context_t kvm)
r = ioctl(kvm->fd, KVM_GET_MSR_INDEX_LIST, &sizer);
if (r == -1 && errno != E2BIG)
return NULL;
- msrs = malloc(sizeof *msrs + sizer.nmsrs * sizeof *msrs->indices);
+ /* Old kernel modules had a bug and could write beyond the provided
+ memory. Allocate at least a safe amount of 1K. */
+ msrs = malloc(MAX(1024, sizeof(*msrs) +
+ sizer.nmsrs * sizeof(*msrs->indices)));
if (!msrs) {
errno = ENOMEM;
return NULL;