target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big
commitf8bb056564ed719b2fa5e05028bc70aeb0cc5c6c
authorIgor Mammedov <imammedo@redhat.com>
Mon, 28 Jan 2013 11:49:26 +0000 (28 12:49 +0100)
committerGleb Natapov <gleb@redhat.com>
Tue, 29 Jan 2013 06:57:56 +0000 (29 08:57 +0200)
tree6ed3ddd6099dd6ee8b7be7aa47a0d2958d97f528
parentf9e90c798dc84be2b0b988517e86b49faf79d5dc
target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big

Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().

reproduces with:
 qemu -enable-kvm -cpu qemu64,level=4294967295
or
 qemu -enable-kvm -cpu qemu64,xlevel=4294967295

Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
target-i386/kvm.c