Re: [PATCH v2] Check and report for incomplete 'global' option format

Markus Armbruster Tue, 15 Feb 2022 01:32:22 -0800

Rohit Kumar <rohit.kum...@nutanix.com> writes:

> Qemu might crash when provided incomplete '-global' option.
> For example:
>         qemu-system-x86_64 -global driver=isa-fdc
>         qemu-system-x86_64: ../../devel/qemu/qapi/string-input-visitor.c:394:
>         string_input_visitor_new: Assertion `str' failed.
>         Aborted (core dumped)
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/604


The original qemu_global_option() only ever created QemuOpts with all
three options present.  Code consuming these QemuOpts relies on this
invariant.  Commit 3751d7c43f "vl: allow full-blown QemuOpts syntax for
-global" (v2.4.0) wrecked it.

Let's point to the root cause:

  Fixes: 3751d7c43f795b45ffdb9429cfb09c6beea55c68

> Signed-off-by: Rohit Kumar <rohit.kum...@nutanix.com>
> ---
>  diff to v1:
>   - Removed '\n' from error log message.
>
>  softmmu/qdev-monitor.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
> index 01f3834db5..51b33caeca 100644
> --- a/softmmu/qdev-monitor.c
> +++ b/softmmu/qdev-monitor.c
> @@ -1020,6 +1020,7 @@ int qemu_global_option(const char *str)
>      char driver[64], property[64];
>      QemuOpts *opts;
>      int rc, offset;
> +    Error *err = NULL;
>  
>      rc = sscanf(str, "%63[^.=].%63[^=]%n", driver, property, &offset);
>      if (rc == 2 && str[offset] == '=') {
> @@ -1031,7 +1032,12 @@ int qemu_global_option(const char *str)
>      }
>  
>      opts = qemu_opts_parse_noisily(&qemu_global_opts, str, false);
> -    if (!opts) {
> +    if (!opts || !qemu_opt_get(opts, "driver") || 
> !qemu_opt_get(opts,"property") ||
> +    !qemu_opt_get(opts, "value")) {
> +        error_setg(&err, "Invalid 'global' option format! "
> +        "Use -global <driver>.<property>=<value> or "
> +        "-global driver=driver,property=property,value=value");
> +        error_report_err(err);
>          return -1;
>      }

This fix isn't quite right.

When qemu_opts_parse_noisily() fails, it reports an error and returns
null.  Your patch reports a second error then.  Reproducer:

    $ qemu-system-x86_64 -global =
    qemu-system-x86_64: -global =: Invalid parameter ''
    qemu-system-x86_64: -global =: Invalid 'global' option format! Use -global 
<driver>.<property>=<value> or -global 
driver=driver,property=property,value=value

You should do something like

    opts = qemu_opts_parse_noisily(&qemu_global_opts, str, false);
    if (!opts) {
        return -1;
    }
    if (!qemu_opt_get(opts, "driver")
        || !qemu_opt_get(opts, "property")
        || !qemu_opt_get(opts, "value")) {
        error_report("options 'driver', 'property', and 'value'"
                     " are required');
        return -1;
    }

Re: [PATCH v2] Check and report for incomplete 'global' option format

Reply via email to