QEMU With E2K User Support
Go to file
aliguori 274fb0e1ed check SCSI read/write requests against max LBA (Rik van Riel)
The bdrv layer uses a signed offset. Furthermore, block-raw-posix
only seeks when that offset is positive. Passing a negative offset
to block-raw-posix can result in data being written at the current
seek cursor's position.

It may be possible to exploit this to seek to the end of the disk
and extend the virtual disk by writing data to a negative sector
offset.  After a reboot, this could lead to the guest having a
larger disk than it had before.

Close the hole by sanity checking the lba against the size of the
disk.

Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6475 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-29 19:59:04 +00:00
audio Fix NAME2/FIELD2 warnings 2009-01-22 22:09:55 +00:00
bsd-user Fix qemu_malloc. 2009-01-28 17:16:56 +00:00
darwin-user Convert references to logfile/loglevel to use qemu_log*() macros 2009-01-15 22:34:14 +00:00
fpu Add static qualifier to local functions 2009-01-25 10:56:51 +00:00
gdb-xml target-ppc: Add XML files for PowerPC registers 2009-01-24 15:07:34 +00:00
hw check SCSI read/write requests against max LBA (Rik van Riel) 2009-01-29 19:59:04 +00:00
keymaps Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
linux-user Fix qemu_malloc. 2009-01-28 17:16:56 +00:00
pc-bios Add BIOS fixes from KVM tree 2009-01-21 21:46:20 +00:00
slirp Remove the advertising clause from the slirp license 2009-01-26 19:37:41 +00:00
target-alpha global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
target-arm Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
target-cris CRIS: Init the feedback shiftreg used for randomizing TLB sets. 2009-01-26 22:21:30 +00:00
target-i386 Fix a typo in ext2_feature_name (Carl-Daniel Hailfinger) 2009-01-29 19:45:28 +00:00
target-m68k Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
target-mips Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
target-ppc Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
target-sh4 Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
target-sparc Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
tcg R13 is reserved for small data area pointer by SVR4 PPC ABI 2009-01-26 18:21:53 +00:00
tests Get rid of user_mode_only 2009-01-14 19:40:27 +00:00
.gitignore Extend gitignore (Jan Kiszka) 2009-01-22 17:15:25 +00:00
a.out.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
aes.c
aes.h
aio.c Make sure to initialize fd_sets in aio.c 2008-10-12 21:19:57 +00:00
alpha-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
alpha.ld
arm-dis.c
arm-semi.c Fix more FSF addresses 2009-01-05 18:11:53 +00:00
arm.ld
balloon.h Add missing file from previous commit. 2008-12-04 20:35:16 +00:00
block_int.h Use an option rom instead of boot sector for -kernel 2008-11-08 16:27:07 +00:00
block-bochs.c
block-cloop.c Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
block-cow.c
block-dmg.c Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
block-nbd.c
block-parallels.c
block-qcow2.c qcow2 format: keep 'num_free_bytes', and show it upon 'info blockstats' (Uri Lublin) 2009-01-22 18:57:34 +00:00
block-qcow.c qcow1: Fix compressed images (Kevin Wolf) 2009-01-08 19:29:03 +00:00
block-raw-posix.c fix raw_aio_read\write error handling (Stefano Stabellini) 2009-01-29 17:02:08 +00:00
block-raw-win32.c Expand cache= option and use write-through caching by default 2008-10-14 14:42:54 +00:00
block-vmdk.c fix off-by-one generating vmdk backing files (Avi Kivity) 2008-10-28 14:08:49 +00:00
block-vpc.c block-vpc: Fix support for images > 4 GB (Kevin Wolf) 2009-01-27 14:29:15 +00:00
block-vvfat.c Use a hex value instead of possibly ambiguous 8 bit character 2008-12-14 09:30:41 +00:00
block.c qemu iovec: keep track of total size, allow partial copies (Gerd Hoffman) 2009-01-26 17:17:52 +00:00
block.h qcow2 format: keep 'num_free_bytes', and show it upon 'info blockstats' (Uri Lublin) 2009-01-22 18:57:34 +00:00
bswap.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
bt-host.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
bt-vhci.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
buffered_file.c Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
buffered_file.h Introduce a buffered file wrapper for QEMUFile 2008-10-13 03:10:22 +00:00
cache-utils.c Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
cache-utils.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
Changelog
cocoa.m
configure Enabled building of x86_64 code on Mac OS X (Alexander Graf) 2009-01-26 15:37:40 +00:00
console.c vnc fixes and improvements (Stefano Stabellini) 2009-01-26 15:37:30 +00:00
console.h vnc fixes and improvements (Stefano Stabellini) 2009-01-26 15:37:30 +00:00
COPYING COPYING: update from FSF 2008-10-12 17:54:42 +00:00
COPYING.LIB Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
cpu-all.h Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
cpu-defs.h Get rid of user_mode_only 2009-01-14 19:40:27 +00:00
cpu-exec.c global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
cris-dis.c
curses_keys.h Control + i and [tab] share keycode in curses, simulate [tab]. 2008-10-28 00:11:06 +00:00
curses.c fix curses interface (Stefano Stabellini) 2009-01-21 18:59:12 +00:00
cutils.c qemu iovec: keep track of total size, allow partial copies (Gerd Hoffman) 2009-01-26 17:17:52 +00:00
d3des.c Ansify to please sparse 2008-10-27 19:49:12 +00:00
d3des.h
def-helper.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
device_tree.c Implement device tree support needed for Bamboo emulation 2008-12-16 10:43:48 +00:00
device_tree.h Implement device tree support needed for Bamboo emulation 2008-12-16 10:43:48 +00:00
dis-asm.h
disas.c Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
disas.h * Use function pointers for symbol lookup (currently for elf32 and elf64, 2008-10-22 15:11:31 +00:00
dyngen-exec.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
elf_ops.h Use load address when loading ELF images. 2008-10-22 18:20:20 +00:00
elf.h
exec-all.h Add noreturn function attribute 2009-01-14 19:00:36 +00:00
exec.c Log reset events (Jan Kiszka) 2009-01-26 19:54:31 +00:00
feature_to_c.sh Fix undeclared symbol warnings from sparse 2008-10-26 13:43:07 +00:00
gdbstub.c target-ppc: Change core powerpc gdbstub bits to be XML-aware 2009-01-24 15:07:42 +00:00
gdbstub.h User-mode GDB stub improvements - handle signals 2008-12-18 22:44:13 +00:00
gen-icount.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
host-utils.c
host-utils.h Include <strings.h> for ffs(). 2008-11-12 17:18:41 +00:00
hostregs_helper.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
hpet.h
hppa-dis.c
hppa.ld
i386-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
i386.ld
ia64.ld
keymaps.c Make keysym tables const 2008-10-02 18:26:42 +00:00
kqemu.c Convert references to logfile/loglevel to use qemu_log*() macros 2009-01-15 22:34:14 +00:00
kqemu.h
kvm-all.c KVM: Silence unused s warning 2008-12-18 22:42:51 +00:00
kvm.h kvm: sync vcpu state during initialization (Hollis Blanchard) 2008-12-15 22:20:42 +00:00
libfdt_env.h Implement device tree support needed for Bamboo emulation 2008-12-16 10:43:48 +00:00
LICENSE Add missing newline at the end of file 2008-12-14 08:50:18 +00:00
loader.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
m68k-dis.c Spelling and grammar fixes 2008-11-30 16:25:37 +00:00
m68k-semi.c Fix more FSF addresses 2009-01-05 18:11:53 +00:00
m68k.ld
MAINTAINERS
Makefile build system: Further improve quiet mode (Jan Kiszka) 2009-01-26 17:07:46 +00:00
Makefile.target Consolidate library creation (Avi Kivity) 2009-01-21 18:13:16 +00:00
migration-exec.c Fix brown-paper-bag bugs from live-migration patch (Charles Duffy) 2008-11-12 22:29:11 +00:00
migration-tcp.c Fix brown-paper-bag bugs from live-migration patch (Charles Duffy) 2008-11-12 22:29:11 +00:00
migration.c Reintroduce migrate-to-exec: support (Charles Duffy) 2008-11-11 16:46:33 +00:00
migration.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
mips-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
mips.ld
mipsel.ld
monitor.c Synch code, help and docs 2009-01-24 18:19:25 +00:00
nbd.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
nbd.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
net-checksum.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
net.c Handle link status in qemu_sendv_packet() (Mark McLoughlin) 2009-01-26 15:37:44 +00:00
net.h Add qemu_check_nic_model() and qemu_check_nic_model_list() (Mark McLoughlin) 2009-01-13 19:03:57 +00:00
osdep.c Remove redundant #ifdef _BSD 2008-12-11 19:39:56 +00:00
osdep.h snapshot subcommand for qemu-img (Kevin Wolf) 2009-01-07 17:40:15 +00:00
pci-ids.txt List virtio console device in pci-ids.txt 2009-01-24 16:37:31 +00:00
posix-aio-compat.c Rename sigev_signo to avoid FreeBSD problems (Juergen Lock) 2009-01-24 11:54:21 +00:00
posix-aio-compat.h Rename sigev_signo to avoid FreeBSD problems (Juergen Lock) 2009-01-24 11:54:21 +00:00
ppc64.ld
ppc-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
ppc.ld
qemu_socket.h sockets: helper functions for qemu (Gerd Hoffman) 2008-11-11 20:46:40 +00:00
qemu-aio.h Refactor AIO to allow multiple AIO implementations 2008-09-22 19:17:18 +00:00
qemu-binfmt-conf.sh
qemu-char.c monitor-mux: fix timestamp prefixes (Jan Kiszka) 2009-01-22 17:15:16 +00:00
qemu-char.h add an init function parameter to qemu_chr_open() 2009-01-18 14:08:04 +00:00
qemu-common.h qemu iovec: keep track of total size, allow partial copies (Gerd Hoffman) 2009-01-26 17:17:52 +00:00
qemu-doc.texi Synch code, help and docs 2009-01-24 18:19:25 +00:00
qemu-img.c Synch code, help and docs 2009-01-24 18:19:25 +00:00
qemu-img.texi Synch code, help and docs 2009-01-24 18:19:25 +00:00
qemu-lock.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
qemu-log.h Define macros that will become the new logging API (Eduardo Habkost) 2009-01-15 21:52:11 +00:00
qemu-malloc.c Add qemu_strndup: qemu_strdup with length limit. 2008-11-09 00:28:40 +00:00
qemu-nbd.c qemu-nbd: fix options: -b (--bind) expects an argument (IFACE) (Uri Lublin) 2009-01-08 19:34:35 +00:00
qemu-nbd.texi Fix formatting of documentation (Stefan Weil) 2008-09-22 20:41:57 +00:00
qemu-sockets.c Fix some more warnings 2009-01-14 18:34:22 +00:00
qemu-tech.texi Update (thanks to Edgar, Thiemo, malc, Paul, Laurent and Andrzej) 2008-10-09 18:52:04 +00:00
qemu-timer.h
qemu-tool.c Fix warning from sparse (wrong declaration) 2008-11-30 16:25:17 +00:00
readline.c Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
README Add missing newline at the end of file 2008-12-14 08:50:18 +00:00
rules.mak build system: Further improve quiet mode (Jan Kiszka) 2009-01-26 17:07:46 +00:00
s390-dis.c Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
s390.ld Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
savevm.c Fix handling of disk-only snapshots (Kevin Wolf) 2008-12-11 21:06:49 +00:00
sdl_keysym.h Make keysym tables const 2008-10-02 18:26:42 +00:00
sdl.c Fix SDL slowness. 2009-01-21 01:50:17 +00:00
sh4-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu_defs.h
softmmu_exec.h
softmmu_header.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu_template.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu-semi.h Suppress gcc 4.x -Wpointer-sign (included in -Wall) warnings 2008-09-20 08:07:15 +00:00
sparc64.ld
sparc-dis.c Make OpenBSD sparc-softmmu compile warning free 2009-01-14 18:08:08 +00:00
sparc.ld
sys-queue.h Remove CRs 2008-12-14 08:53:17 +00:00
sysemu.h Rework vm_state_change notifiers (Jan Kiszka) 2009-01-22 17:15:29 +00:00
tap-win32.c Add a -net name=foo parameter (Mark McLoughlin) 2009-01-07 17:48:51 +00:00
texi2pod.pl
thunk.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
thunk.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
TODO Update 2008-12-04 11:29:42 +00:00
translate-all.c global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
uboot_image.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
usb-bsd.c Make OpenBSD sparc-softmmu compile warning free 2009-01-14 18:08:08 +00:00
usb-linux.c Suppress a -Werror=format-security warning 2008-12-28 15:45:20 +00:00
usb-stub.c Fix usb-stub compilation 2008-11-25 16:49:33 +00:00
VERSION
vgafont.h
vl.c Synch code, help and docs 2009-01-24 18:19:25 +00:00
vnc_keysym.h Make keysym tables const 2008-10-02 18:26:42 +00:00
vnc.c vnc fixes and improvements (Stefano Stabellini) 2009-01-26 15:37:30 +00:00
vnchextile.h exploiting the new interface in vnc.c (Stefano Stabellini) 2009-01-15 22:17:38 +00:00
x86_64.ld
x_keymap.c

Read the documentation in qemu-doc.html.

Fabrice Bellard.