src: validate permitted ACPI table types in libxl/qemu drivers

This forces us to update the drivers when defining new table types to avoid incorrectly accepting them by default. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-03-20 06:50:22 +03:00 · 2025-02-17 16:39:29 +00:00 · 2025-02-17 16:39:29 +00:00 · 3d94587655
commit 3d94587655
parent 55f48d3852
2 changed files with 34 additions and 0 deletions
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@ -304,6 +304,7 @@ libxlDomainDefValidate(const virDomainDef *def,
    libxlDriverPrivate *driver = opaque;
    g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
    bool reqSecureBoot = false;
+    size_t i;

    if (!virCapabilitiesDomainSupported(cfg->caps, def->os.type,
                                        def->os.arch,
@ -328,6 +329,24 @@ libxlDomainDefValidate(const virDomainDef *def,
        return -1;
    }

+    for (i = 0; i < def->os.nacpiTables; i++) {
+        switch (def->os.acpiTables[i]->type) {
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+            break;
+
+        default:
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
+            virReportEnumRangeError(virDomainOsACPITable,
+                                    def->os.acpiTables[i]->type);
+            return -1;
+        }
+    }
+    if (def->os.nacpiTables > 1) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("Only a single ACPI table is supported"));
+        return -1;
+    }
+
    if (def->nsounds > 0) {
        virDomainSoundDef *snd = def->sounds[0];

--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@ -701,6 +701,8 @@ static int
 qemuValidateDomainDefBoot(const virDomainDef *def,
                          virQEMUCaps *qemuCaps)
 {
+    size_t i;
+
    if (def->os.bootloader || def->os.bootloaderArgs) {
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                       _("bootloader is not supported by QEMU"));
@ -740,6 +742,19 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
            return -1;
    }

+    for (i = 0; i < def->os.nacpiTables; i++) {
+        switch (def->os.acpiTables[i]->type) {
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+            break;
+
+        default:
+        case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
+            virReportEnumRangeError(virDomainOsACPITable,
+                                    def->os.acpiTables[i]->type);
+            return -1;
+        }
+    }
+
    return 0;
 }