fw_cfg: Use void *, size_t instead of uint8_t *, uint32_t for blobs

Many callers pass size_t, which gets silently truncated to uint32_t. Harmless, because all practical sizes are well below 4GiB. Clean it up anyway. Size overflow now fails assertions. Bonus: saves a whole bunch of silly casts. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2025-01-21 03:16:59 +00:00 · 2013-01-16 14:50:28 +01:00 · 2013-01-16 14:50:28 +01:00 · 089da572b9
commit 089da572b9
parent b3dd15529d
4 changed files with 27 additions and 27 deletions
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@ -373,23 +373,23 @@ static const VMStateDescription vmstate_fw_cfg = {
    }
 };

-void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, uint8_t *data, uint32_t len)
+void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len)
 {
    int arch = !!(key & FW_CFG_ARCH_LOCAL);

    key &= FW_CFG_ENTRY_MASK;

-    assert(key < FW_CFG_MAX_ENTRY);
+    assert(key < FW_CFG_MAX_ENTRY && len < UINT32_MAX);

    s->entries[arch][key].data = data;
-    s->entries[arch][key].len = len;
+    s->entries[arch][key].len = (uint32_t)len;
 }

 void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value)
 {
    size_t sz = strlen(value) + 1;

-    return fw_cfg_add_bytes(s, key, (uint8_t *)g_memdup(value, sz), sz);
+    return fw_cfg_add_bytes(s, key, g_memdup(value, sz), sz);
 }

 void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value)
@ -398,7 +398,7 @@ void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value)

    copy = g_malloc(sizeof(value));
    *copy = cpu_to_le16(value);
-    fw_cfg_add_bytes(s, key, (uint8_t *)copy, sizeof(value));
+    fw_cfg_add_bytes(s, key, copy, sizeof(value));
 }

 void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value)
@ -407,7 +407,7 @@ void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value)

    copy = g_malloc(sizeof(value));
    *copy = cpu_to_le32(value);
-    fw_cfg_add_bytes(s, key, (uint8_t *)copy, sizeof(value));
+    fw_cfg_add_bytes(s, key, copy, sizeof(value));
 }

 void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value)
@ -416,11 +416,11 @@ void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value)

    copy = g_malloc(sizeof(value));
    *copy = cpu_to_le64(value);
-    fw_cfg_add_bytes(s, key, (uint8_t *)copy, sizeof(value));
+    fw_cfg_add_bytes(s, key, copy, sizeof(value));
 }

 void fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
-                         void *callback_opaque, uint8_t *data, size_t len)
+                         void *callback_opaque, void *data, size_t len)
 {
    int arch = !!(key & FW_CFG_ARCH_LOCAL);

@ -428,23 +428,24 @@ void fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,

    key &= FW_CFG_ENTRY_MASK;

-    assert(key < FW_CFG_MAX_ENTRY && len <= 65535);
+    assert(key < FW_CFG_MAX_ENTRY && len <= UINT32_MAX);

    s->entries[arch][key].data = data;
-    s->entries[arch][key].len = len;
+    s->entries[arch][key].len = (uint32_t)len;
    s->entries[arch][key].callback_opaque = callback_opaque;
    s->entries[arch][key].callback = callback;
 }

-void fw_cfg_add_file(FWCfgState *s,  const char *filename, uint8_t *data,
-                     uint32_t len)
+void fw_cfg_add_file(FWCfgState *s,  const char *filename,
+                     void *data, size_t len)
 {
    int i, index;
+    size_t dsize;

    if (!s->files) {
-        int dsize = sizeof(uint32_t) + sizeof(FWCfgFile) * FW_CFG_FILE_SLOTS;
+        dsize = sizeof(uint32_t) + sizeof(FWCfgFile) * FW_CFG_FILE_SLOTS;
        s->files = g_malloc0(dsize);
-        fw_cfg_add_bytes(s, FW_CFG_FILE_DIR, (uint8_t*)s->files, dsize);
+        fw_cfg_add_bytes(s, FW_CFG_FILE_DIR, s->files, dsize);
    }

    index = be32_to_cpu(s->files->count);
@ -498,7 +499,7 @@ FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
    if (data_addr) {
        sysbus_mmio_map(d, 1, data_addr);
    }
-    fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (uint8_t *)"QEMU", 4);
+    fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
    fw_cfg_add_bytes(s, FW_CFG_UUID, qemu_uuid, 16);
    fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)(display_type == DT_NOGRAPHIC));
    fw_cfg_add_i16(s, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@ -54,15 +54,15 @@ typedef struct FWCfgFiles {
 typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);

 typedef struct FWCfgState FWCfgState;
-void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, uint8_t *data, uint32_t len);
+void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len);
 void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value);
 void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value);
 void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value);
 void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value);
 void fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
-                         void *callback_opaque, uint8_t *data, size_t len);
-void fw_cfg_add_file(FWCfgState *s, const char *filename, uint8_t *data,
-                     uint32_t len);
+                         void *callback_opaque, void *data, size_t len);
+void fw_cfg_add_file(FWCfgState *s, const char *filename, void *data,
+                     size_t len);
 FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
                        hwaddr crl_addr, hwaddr data_addr);

--- a/hw/pc.c
+++ b/hw/pc.c
@ -563,19 +563,18 @@ static void *bochs_bios_init(void)

    fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
    fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
-    fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES, (uint8_t *)acpi_tables,
-                     acpi_tables_len);
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES,
+                     acpi_tables, acpi_tables_len);
    fw_cfg_add_i32(fw_cfg, FW_CFG_IRQ0_OVERRIDE, kvm_allows_irq0_override());

    smbios_table = smbios_get_table(&smbios_len);
    if (smbios_table)
        fw_cfg_add_bytes(fw_cfg, FW_CFG_SMBIOS_ENTRIES,
                         smbios_table, smbios_len);
-    fw_cfg_add_bytes(fw_cfg, FW_CFG_E820_TABLE, (uint8_t *)&e820_table,
-                     sizeof(e820_table));
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_E820_TABLE,
+                     &e820_table, sizeof(e820_table));

-    fw_cfg_add_bytes(fw_cfg, FW_CFG_HPET, (uint8_t *)&hpet_cfg,
-                     sizeof(struct hpet_fw_config));
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_HPET, &hpet_cfg, sizeof(hpet_cfg));
    /* allocate memory for the NUMA channel: one (64bit) word for the number
     * of nodes, one word for each VCPU->node and one word for each node to
     * hold the amount of memory.
@ -593,7 +592,7 @@ static void *bochs_bios_init(void)
    for (i = 0; i < nb_numa_nodes; i++) {
        numa_fw_cfg[max_cpus + 1 + i] = cpu_to_le64(node_mem[i]);
    }
-    fw_cfg_add_bytes(fw_cfg, FW_CFG_NUMA, (uint8_t *)numa_fw_cfg,
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_NUMA, numa_fw_cfg,
                     (1 + max_cpus + nb_numa_nodes) * sizeof(*numa_fw_cfg));

    return fw_cfg;
--- a/2
+++ b/2
@ -172,7 +172,7 @@ fw_cfg_write(void *s, uint8_t value) "%p %d"
 fw_cfg_select(void *s, uint16_t key, int ret) "%p key %d = %d"
 fw_cfg_read(void *s, uint8_t ret) "%p = %d"
 fw_cfg_add_file_dupe(void *s, char *name) "%p %s"
-fw_cfg_add_file(void *s, int index, char *name, uint32_t len) "%p #%d: %s (%d bytes)"
+fw_cfg_add_file(void *s, int index, char *name, size_t len) "%p #%d: %s (%zd bytes)"

 # hw/hd-geometry.c
 hd_geometry_lchs_guess(void *bs, int cyls, int heads, int secs) "bs %p LCHS %d %d %d"