diff mbox series

[1/7] i386: Change X86CPUDefinition::model_id to const char*

Message ID 20180109154519.25634-2-ehabkost@redhat.com
State New
Headers show
Series CPU model updates for CVE-2017-5715 (Spectre variant #2) | expand

Commit Message

Eduardo Habkost Jan. 9, 2018, 3:45 p.m. UTC
It is valid to have a 48-character model ID on CPUID, however the
definition of X86CPUDefinition::model_id is char[48], which can
make the compiler drop the null terminator from the string.

If a CPU model happens to have 48 bytes on model_id, "-cpu help"
will print garbage and the object_property_set_str() call at
x86_cpu_load_def() will read data outside the model_id array.

We could increase the array size to 49, but this would mean the
compiler would not issue a warning if a 49-char string is used by
mistake for model_id.

To make things simpler, simply change model_id to be const char*,
and validate the string length using an assert() on
x86_cpu_cpudef_class_init.

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 target/i386/cpu.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 3818d72831..9f4f949899 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -754,7 +754,7 @@  struct X86CPUDefinition {
     int model;
     int stepping;
     FeatureWordArray features;
-    char model_id[48];
+    const char *model_id;
 };
 
 static X86CPUDefinition builtin_x86_defs[] = {
@@ -2718,6 +2718,9 @@  static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
     X86CPUDefinition *cpudef = data;
     X86CPUClass *xcc = X86_CPU_CLASS(oc);
 
+    /* catch mistakes instead of silently truncating model_id when too long */
+    assert(!cpudef->model_id || strlen(cpudef->model_id) <= 48);
+
     xcc->cpu_def = cpudef;
     xcc->migration_safe = true;
 }