search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / smbios.c
blobe28beba2c8881a4f6d30a9a34a0347c72297469e
1 /*
2 * SMBIOS Support
3 *
4 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
5 *
6 * Authors:
7 * Alex Williamson <alex.williamson@hp.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2. See
10 * the COPYING file in the top-level directory.
11 *
12 */
13
14 #include "sysemu.h"
15 #include "smbios.h"
16
17 /*
18 * Structures shared with the BIOS
19 */
20 struct smbios_header {
21 uint16_t length;
22 uint8_t type;
23 } __attribute__((__packed__));
24
25 struct smbios_field {
26 struct smbios_header header;
27 uint8_t type;
28 uint16_t offset;
29 uint8_t data[];
30 } __attribute__((__packed__));
31
32 struct smbios_table {
33 struct smbios_header header;
34 uint8_t data[];
35 } __attribute__((__packed__));
36
37 #define SMBIOS_FIELD_ENTRY 0
38 #define SMBIOS_TABLE_ENTRY 1
39
40
41 static uint8_t *smbios_entries;
42 static size_t smbios_entries_len;
43 static int smbios_type4_count = 0;
44
45 static void smbios_validate_table(void)
46 {
47 if (smbios_type4_count && smbios_type4_count != smp_cpus) {
48 fprintf(stderr,
49 "Number of SMBIOS Type 4 tables must match cpu count.\n");
50 exit(1);
51 }
52 }
53
54 uint8_t *smbios_get_table(size_t *length)
55 {
56 smbios_validate_table();
57 *length = smbios_entries_len;
58 return smbios_entries;
59 }
60
61 /*
62 * To avoid unresolvable overlaps in data, don't allow both
63 * tables and fields for the same smbios type.
64 */
65 static void smbios_check_collision(int type, int entry)
66 {
67 uint16_t *num_entries = (uint16_t *)smbios_entries;
68 struct smbios_header *header;
69 char *p;
70 int i;
71
72 if (!num_entries)
73 return;
74
75 p = (char *)(num_entries + 1);
76
77 for (i = 0; i < *num_entries; i++) {
78 header = (struct smbios_header *)p;
79 if (entry == SMBIOS_TABLE_ENTRY && header->type == SMBIOS_FIELD_ENTRY) {
80 struct smbios_field *field = (void *)header;
81 if (type == field->type) {
82 fprintf(stderr, "SMBIOS type %d field already defined, "
83 "cannot add table\n", type);
84 exit(1);
85 }
86 } else if (entry == SMBIOS_FIELD_ENTRY &&
87 header->type == SMBIOS_TABLE_ENTRY) {
88 struct smbios_structure_header *table = (void *)(header + 1);
89 if (type == table->type) {
90 fprintf(stderr, "SMBIOS type %d table already defined, "
91 "cannot add field\n", type);
92 exit(1);
93 }
94 }
95 p += le16_to_cpu(header->length);
96 }
97 }
98
99 void smbios_add_field(int type, int offset, int len, void *data)
100 {
101 struct smbios_field *field;
102
103 smbios_check_collision(type, SMBIOS_FIELD_ENTRY);
104
105 if (!smbios_entries) {
106 smbios_entries_len = sizeof(uint16_t);
107 smbios_entries = qemu_mallocz(smbios_entries_len);
108 }
109 smbios_entries = qemu_realloc(smbios_entries, smbios_entries_len +
110 sizeof(*field) + len);
111 field = (struct smbios_field *)(smbios_entries + smbios_entries_len);
112 field->header.type = SMBIOS_FIELD_ENTRY;
113 field->header.length = cpu_to_le16(sizeof(*field) + len);
114
115 field->type = type;
116 field->offset = cpu_to_le16(offset);
117 memcpy(field->data, data, len);
118
119 smbios_entries_len += sizeof(*field) + len;
120 (*(uint16_t *)smbios_entries) =
121 cpu_to_le16(le16_to_cpu(*(uint16_t *)smbios_entries) + 1);
122 }
123
124 static void smbios_build_type_0_fields(const char *t)
125 {
126 char buf[1024];
127
128 if (get_param_value(buf, sizeof(buf), "vendor", t))
129 smbios_add_field(0, offsetof(struct smbios_type_0, vendor_str),
130 strlen(buf) + 1, buf);
131 if (get_param_value(buf, sizeof(buf), "version", t))
132 smbios_add_field(0, offsetof(struct smbios_type_0, bios_version_str),
133 strlen(buf) + 1, buf);
134 if (get_param_value(buf, sizeof(buf), "date", t))
135 smbios_add_field(0, offsetof(struct smbios_type_0,
136 bios_release_date_str),
137 strlen(buf) + 1, buf);
138 if (get_param_value(buf, sizeof(buf), "release", t)) {
139 int major, minor;
140 sscanf(buf, "%d.%d", &major, &minor);
141 smbios_add_field(0, offsetof(struct smbios_type_0,
142 system_bios_major_release), 1, &major);
143 smbios_add_field(0, offsetof(struct smbios_type_0,
144 system_bios_minor_release), 1, &minor);
145 }
146 }
147
148 static void smbios_build_type_1_fields(const char *t)
149 {
150 char buf[1024];
151
152 if (get_param_value(buf, sizeof(buf), "manufacturer", t))
153 smbios_add_field(1, offsetof(struct smbios_type_1, manufacturer_str),
154 strlen(buf) + 1, buf);
155 if (get_param_value(buf, sizeof(buf), "product", t))
156 smbios_add_field(1, offsetof(struct smbios_type_1, product_name_str),
157 strlen(buf) + 1, buf);
158 if (get_param_value(buf, sizeof(buf), "version", t))
159 smbios_add_field(1, offsetof(struct smbios_type_1, version_str),
160 strlen(buf) + 1, buf);
161 if (get_param_value(buf, sizeof(buf), "serial", t))
162 smbios_add_field(1, offsetof(struct smbios_type_1, serial_number_str),
163 strlen(buf) + 1, buf);
164 if (get_param_value(buf, sizeof(buf), "uuid", t)) {
165 if (qemu_uuid_parse(buf, qemu_uuid) != 0) {
166 fprintf(stderr, "Invalid SMBIOS UUID string\n");
167 exit(1);
168 }
169 }
170 if (get_param_value(buf, sizeof(buf), "sku", t))
171 smbios_add_field(1, offsetof(struct smbios_type_1, sku_number_str),
172 strlen(buf) + 1, buf);
173 if (get_param_value(buf, sizeof(buf), "family", t))
174 smbios_add_field(1, offsetof(struct smbios_type_1, family_str),
175 strlen(buf) + 1, buf);
176 }
177
178 int smbios_entry_add(const char *t)
179 {
180 char buf[1024];
181
182 if (get_param_value(buf, sizeof(buf), "file", t)) {
183 struct smbios_structure_header *header;
184 struct smbios_table *table;
185 int size = get_image_size(buf);
186
187 if (size == -1 || size < sizeof(struct smbios_structure_header)) {
188 fprintf(stderr, "Cannot read smbios file %s\n", buf);
189 exit(1);
190 }
191
192 if (!smbios_entries) {
193 smbios_entries_len = sizeof(uint16_t);
194 smbios_entries = qemu_mallocz(smbios_entries_len);
195 }
196
197 smbios_entries = qemu_realloc(smbios_entries, smbios_entries_len +
198 sizeof(*table) + size);
199 table = (struct smbios_table *)(smbios_entries + smbios_entries_len);
200 table->header.type = SMBIOS_TABLE_ENTRY;
201 table->header.length = cpu_to_le16(sizeof(*table) + size);
202
203 if (load_image(buf, table->data) != size) {
204 fprintf(stderr, "Failed to load smbios file %s", buf);
205 exit(1);
206 }
207
208 header = (struct smbios_structure_header *)(table->data);
209 smbios_check_collision(header->type, SMBIOS_TABLE_ENTRY);
210 if (header->type == 4) {
211 smbios_type4_count++;
212 }
213
214 smbios_entries_len += sizeof(*table) + size;
215 (*(uint16_t *)smbios_entries) =
216 cpu_to_le16(le16_to_cpu(*(uint16_t *)smbios_entries) + 1);
217 return 0;
218 }
219
220 if (get_param_value(buf, sizeof(buf), "type", t)) {
221 unsigned long type = strtoul(buf, NULL, 0);
222 switch (type) {
223 case 0:
224 smbios_build_type_0_fields(t);
225 return 0;
226 case 1:
227 smbios_build_type_1_fields(t);
228 return 0;
229 default:
230 fprintf(stderr, "Don't know how to build fields for SMBIOS type "
231 "%ld\n", type);
232 exit(1);
233 }
234 }
235
236 fprintf(stderr, "smbios: must specify type= or file=\n");
237 return -1;
238 }
Patches shipped by Fedora