On 10/19/2016 05:19 PM, Haozhong Zhang wrote:
Commit 35c5a52d "acpi: do not use TARGET_PAGE_SIZE" changed struct
NvdimmDsmIn from a variable-size structure to a fixed-size structure of
4096 bytes. It forgot to adjust an assert in
nvdimm_dsm_set_label_data(..., NvdimmDsmIn *in, ...):
assert(sizeof(*in) + sizeof(*set_label_data) + set_label_data->length <=
4096);
which could crash QEMU when guest writes NVDIMM labels.
Fix it by replacing sizeof(*in) by offsetof(NvdimmDsmIn, arg3).
Thanks for your fix.
Reviewed-by: Xiao Guangrong <guangrong.x...@linux.intel.com>
