Commit Graph

122 Commits

Author SHA1 Message Date
aliguori
71d0770c4c Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori)
Introduce a growable flag that's set by bdrv_file_open().  Block devices should
never be growable, only files that are being used by block devices.

I went through Fabrice's early comments about the patch that was first applied.
While I disagree with that patch, I also disagree with Fabrice's suggestion.

There's no good reason to do the checks in the block drivers themselves.  It
just increases the possibility that this bug could show up again.  Since we're
calling bdrv_getlength() to determine the length, we're giving the block drivers
a chance to chime in and let us know what range is valid.

Basically, this patch makes the BlockDriver API guarantee that all requests are
within 0..bdrv_getlength() which to me seems like a Good Thing.

What do others think?

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6677 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-03 17:37:16 +00:00
aliguori
b0a7b120a3 qemu: record devfn on block driver instance (Marcelo Tosatti)
Record PCIDev on the BlockDriverState structure to locate for release
on hot-removal.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6597 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-11 15:20:29 +00:00
aliguori
4fc9af53d8 Use an option rom instead of boot sector for -kernel
Generate an option rom instead of using a hijacked boot sector for kernel
booting.  This just requires adding a small option ROM header and a few more
instructions to the boot sector to take over the int19 vector and run our
boot code.

A disk is no longer needed when using -kernel on x86.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5650 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-08 16:27:07 +00:00
blueswir1
7ee930d031 Fix warnings that would be caused by ld flag --warn-common
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5240 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-17 19:04:14 +00:00
aurel32
b5eff35546 Revert fix for CVE-2008-0928. Will be fixed in a different way later.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4041 c046a42c-6fe2-441c-8c8c-71466251a162
2008-03-11 23:30:22 +00:00
aurel32
902b27d0b8 Fix CVE-2008-0928 - insufficient block device address range checking
Qemu 0.9.1 and earlier does not perform range checks for block device
read or write requests, which allows guest host users with root
privileges to access arbitrary memory and escape the virtual machine.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4037 c046a42c-6fe2-441c-8c8c-71466251a162
2008-03-11 17:17:59 +00:00
ths
985a03b0ce Real SCSI device passthrough (v4), by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3851 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-24 16:10:43 +00:00
ths
a36e69ddfe Collecting block device statistics, by Richard W.M. Jones.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3760 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-02 05:18:19 +00:00
pbrook
faf07963cb Split block API from vl.h.
Remove QEMU_TOOL. Replace with QEMU_IMG and NEED_CPU_H.
Avoid linking qemu-img against whole system emulatior.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3578 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-11 02:51:17 +00:00
ths
3b46e62427 find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17 08:09:54 +00:00
ths
ec36ba1474 vmdk compatibility level 6 images, by Soren Hansen.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3175 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:59:02 +00:00
ths
5fafdf24ef find -type f | xargs sed -i 's/[\t ]$//g' # on most files
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:08:06 +00:00
bellard
19cb37389f better support of host drives
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2124 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-19 11:45:59 +00:00
pbrook
ce1a14dc0d Dynamically allocate AIO Completion Blocks.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2098 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-07 02:38:06 +00:00
bellard
d15a771da1 qcow2 is now used for '-snapshot' - keep BlockDriverState.total_sectors
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2094 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-06 13:35:09 +00:00
bellard
faea38e786 multiple snapshot support
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2086 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-05 21:31:00 +00:00
bellard
83f6409109 async file I/O API
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2075 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-01 16:21:11 +00:00
pbrook
7a6cba611d Disk cache flush support.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1949 c046a42c-6fe2-441c-8c8c-71466251a162
2006-06-04 11:39:07 +00:00
bellard
95389c8681 qcow_make_empty() support (Johannes Schindelin)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1716 c046a42c-6fe2-441c-8c8c-71466251a162
2005-12-18 18:28:15 +00:00
bellard
46d4767d93 better BIOS ATA translation support
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1153 c046a42c-6fe2-441c-8c8c-71466251a162
2004-11-16 01:45:27 +00:00
bellard
e2731add29 fixed block close() method prototype
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1068 c046a42c-6fe2-441c-8c8c-71466251a162
2004-09-18 19:32:11 +00:00
bellard
ea2384d36e new disk image layer
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1037 c046a42c-6fe2-441c-8c8c-71466251a162
2004-08-01 21:59:26 +00:00