From: Daniel P. Berrangé <berrange@redhat.com>
Date: Mon, 17 Feb 2025 16:39:29 +0000 (+0000)
Subject: src: validate permitted ACPI table types in libxl/qemu drivers
X-Git-Tag: v11.2.0-rc1~257
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d94587655696509f34492f75c2a31a7a93eb2f9;p=thirdparty%2Flibvirt.git

src: validate permitted ACPI table types in libxl/qemu drivers

This forces us to update the drivers when defining new table types
to avoid incorrectly accepting them by default.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 596503c09f..ff76ba3b77 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -304,6 +304,7 @@ libxlDomainDefValidate(const virDomainDef *def,
     libxlDriverPrivate *driver = opaque;
     g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
     bool reqSecureBoot = false;
+    size_t i;
 
     if (!virCapabilitiesDomainSupported(cfg->caps, def->os.type,
                                         def->os.arch,
@@ -328,6 +329,24 @@ libxlDomainDefValidate(const virDomainDef *def,
         return -1;
     }
 
+    for (i = 0; i < def->os.nacpiTables; i++) {
+        switch (def->os.acpiTables[i]->type) {
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+            break;
+
+        default:
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
+            virReportEnumRangeError(virDomainOsACPITable,
+                                    def->os.acpiTables[i]->type);
+            return -1;
+        }
+    }
+    if (def->os.nacpiTables > 1) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("Only a single ACPI table is supported"));
+        return -1;
+    }
+
     if (def->nsounds > 0) {
         virDomainSoundDef *snd = def->sounds[0];
 
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index f3ef1be660..1759ab4e6e 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -701,6 +701,8 @@ static int
 qemuValidateDomainDefBoot(const virDomainDef *def,
                           virQEMUCaps *qemuCaps)
 {
+    size_t i;
+
     if (def->os.bootloader || def->os.bootloaderArgs) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("bootloader is not supported by QEMU"));
@@ -740,6 +742,19 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
             return -1;
     }
 
+    for (i = 0; i < def->os.nacpiTables; i++) {
+        switch (def->os.acpiTables[i]->type) {
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+            break;
+
+        default:
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
+            virReportEnumRangeError(virDomainOsACPITable,
+                                    def->os.acpiTables[i]->type);
+            return -1;
+        }
+    }
+
     return 0;
 }