QEMU With E2K User Support
Go to file
aliguori 71d0770c4c Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori)
Introduce a growable flag that's set by bdrv_file_open().  Block devices should
never be growable, only files that are being used by block devices.

I went through Fabrice's early comments about the patch that was first applied.
While I disagree with that patch, I also disagree with Fabrice's suggestion.

There's no good reason to do the checks in the block drivers themselves.  It
just increases the possibility that this bug could show up again.  Since we're
calling bdrv_getlength() to determine the length, we're giving the block drivers
a chance to chime in and let us know what range is valid.

Basically, this patch makes the BlockDriver API guarantee that all requests are
within 0..bdrv_getlength() which to me seems like a Good Thing.

What do others think?

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6677 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-03 17:37:16 +00:00
audio Avoid running audio ctl's when vm is not running 2009-02-18 20:44:04 +00:00
bsd-user Flush stdout after printing usage() 2009-02-28 20:14:00 +00:00
darwin-user Flush stdout after printing usage() 2009-02-28 20:14:00 +00:00
fpu soft-float: add float32_log2() and float64_log2() 2009-02-05 13:42:47 +00:00
gdb-xml target-ppc: Add XML files for PowerPC registers 2009-01-24 15:07:34 +00:00
hw DB-DMA cleanup 2009-03-03 09:14:10 +00:00
keymaps Fix fr-be keymap 2009-02-09 23:19:44 +00:00
linux-user Flush stdout after printing usage() 2009-02-28 20:14:00 +00:00
pc-bios kvm/powerpc: flat device tree files for MPC8544DS 2009-03-02 16:42:49 +00:00
slirp Fix SIGSEGV crash in slirp networking code 2009-02-06 21:37:40 +00:00
target-alpha targets: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:11 +00:00
target-arm Fix cpu_arm_handle_mmu_fault warning 2009-02-07 15:19:20 +00:00
target-cris CRIS: Fix remaining build warnings. 2009-02-22 11:59:59 +00:00
target-i386 x86: use qemu_log_mask on triple faults (Chris Wright) 2009-02-27 20:05:13 +00:00
target-m68k Fix ColdFire fmovem. Free the temporary we just allocated rather than some 2009-02-24 22:17:35 +00:00
target-mips targets: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:11 +00:00
target-ppc target-ppc: improve mfcr/mtcrf 2009-03-03 06:12:14 +00:00
target-sh4 SH4: Fixed last UTLB unused and URB/URC management 2009-03-03 09:14:01 +00:00
target-sparc Turn MMUs and caches off on reset 2009-02-21 11:13:51 +00:00
tcg TCG: remove obsolete old_op_count profiler field 2009-02-11 19:47:39 +00:00
tests Get rid of user_mode_only 2009-01-14 19:40:27 +00:00
.gitignore Extend gitignore (Jan Kiszka) 2009-01-22 17:15:25 +00:00
a.out.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
aes.c
aes.h
aio.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
alpha-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
alpha.ld
arm-dis.c
arm-semi.c Fix more FSF addresses 2009-01-05 18:11:53 +00:00
arm.ld
balloon.h Add missing file from previous commit. 2008-12-04 20:35:16 +00:00
block_int.h Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori) 2009-03-03 17:37:16 +00:00
block-bochs.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-cloop.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-cow.c
block-dmg.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-nbd.c Remove unnecessary #includes from block-nbd.c 2008-08-19 19:10:38 +00:00
block-parallels.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-qcow2.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-qcow.c qcow1: Fix compressed images (Kevin Wolf) 2009-01-08 19:29:03 +00:00
block-raw-posix.c fix raw_aio_remove (Stefano Stabellini) 2009-02-26 16:40:19 +00:00
block-raw-win32.c Expand cache= option and use write-through caching by default 2008-10-14 14:42:54 +00:00
block-vmdk.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-vpc.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-vvfat.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block.c Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori) 2009-03-03 17:37:16 +00:00
block.h qcow2 format: keep 'num_free_bytes', and show it upon 'info blockstats' (Uri Lublin) 2009-01-22 18:57:34 +00:00
bswap.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
bt-host.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
bt-vhci.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
buffered_file.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
buffered_file.h Introduce a buffered file wrapper for QEMUFile 2008-10-13 03:10:22 +00:00
cache-utils.c Properly initialize len argument of sysctl and include stdio.h (perror) 2009-02-04 20:39:09 +00:00
cache-utils.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
Changelog
cocoa.m
configure Darwin: Check for x86_64 only on i386 2009-02-23 14:11:10 +00:00
console.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
console.h vnc fixes and improvements (Stefano Stabellini) 2009-01-26 15:37:30 +00:00
COPYING COPYING: update from FSF 2008-10-12 17:54:42 +00:00
COPYING.LIB Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
cpu-all.h qemu: add cpu_unregister_io_memory and make io mem table index dynamic (Marcelo Tosatti) 2009-02-11 15:20:58 +00:00
cpu-defs.h Get rid of user_mode_only 2009-01-14 19:40:27 +00:00
cpu-exec.c global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
cris-dis.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
curses_keys.h Control + i and [tab] share keycode in curses, simulate [tab]. 2008-10-28 00:11:06 +00:00
curses.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
cutils.c Add qemu_iovec_reset() (Avi Kivity) 2009-02-05 21:23:54 +00:00
d3des.c Ansify to please sparse 2008-10-27 19:49:12 +00:00
d3des.h
def-helper.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
device_tree.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
device_tree.h Implement device tree support needed for Bamboo emulation 2008-12-16 10:43:48 +00:00
dis-asm.h Update ppc-dis.c from binutils 2.17 2009-02-09 19:58:22 +00:00
disas.c Allow disassembling last addresses of the address space 2009-02-13 21:44:41 +00:00
disas.h * Use function pointers for symbol lookup (currently for elf32 and elf64, 2008-10-22 15:11:31 +00:00
dma-helpers.c Introduce block dma helpers (Avi Kivity) 2009-02-05 21:23:58 +00:00
dma.h Introduce block dma helpers (Avi Kivity) 2009-02-05 21:23:58 +00:00
dyngen-exec.h Remove unused code from dyngen-exec.h 2009-02-09 18:28:36 +00:00
elf_ops.h Use load address when loading ELF images. 2008-10-22 18:20:20 +00:00
elf.h Fix most warnings that would be caused by gcc flag -Wundef 2008-09-06 17:47:39 +00:00
exec-all.h Remove GenOpFunc typedefs 2009-02-08 17:17:52 +00:00
exec.c Fix unassigned region offsets. 2009-02-23 13:16:07 +00:00
feature_to_c.sh Fix undeclared symbol warnings from sparse 2008-10-26 13:43:07 +00:00
gdbstub.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
gdbstub.h User-mode GDB stub improvements - handle signals 2008-12-18 22:44:13 +00:00
gen-icount.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
host-utils.c
host-utils.h Include <strings.h> for ffs(). 2008-11-12 17:18:41 +00:00
hostregs_helper.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
hpet.h
hppa-dis.c
hppa.ld
i386-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
i386.ld
ia64.ld
keymaps.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
kqemu.c Convert references to logfile/loglevel to use qemu_log*() macros 2009-01-15 22:34:14 +00:00
kqemu.h
kvm-all.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
kvm.h kvm: sync vcpu state during initialization (Hollis Blanchard) 2008-12-15 22:20:42 +00:00
libfdt_env.h Implement device tree support needed for Bamboo emulation 2008-12-16 10:43:48 +00:00
LICENSE Add missing newline at the end of file 2008-12-14 08:50:18 +00:00
loader.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
m68k-dis.c Spelling and grammar fixes 2008-11-30 16:25:37 +00:00
m68k-semi.c Fix more FSF addresses 2009-01-05 18:11:53 +00:00
m68k.ld
MAINTAINERS Update maintainers list. 2008-08-25 22:26:03 +00:00
Makefile build system: Further improve quiet mode (Jan Kiszka) 2009-01-26 17:07:46 +00:00
Makefile.target kvm/powerpc: Add MPC8544DS board support 2009-03-02 16:42:42 +00:00
migration-exec.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
migration-tcp.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
migration.c Reintroduce migrate-to-exec: support (Charles Duffy) 2008-11-11 16:46:33 +00:00
migration.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
mips-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
mips.ld
mipsel.ld
monitor.c SH4: Added monitoring of TLBs 2009-03-03 06:12:22 +00:00
nbd.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
nbd.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
net-checksum.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
net.c net socket verify packet size (Dustin Kirkland) 2009-02-27 19:54:01 +00:00
net.h qemu: PCI device, disk and host network hot-add / hot-remove (Marcelo Tosatti) 2009-02-11 15:21:54 +00:00
osdep.c Remove redundant #ifdef _BSD 2008-12-11 19:39:56 +00:00
osdep.h snapshot subcommand for qemu-img (Kevin Wolf) 2009-01-07 17:40:15 +00:00
pci-ids.txt List virtio console device in pci-ids.txt 2009-01-24 16:37:31 +00:00
posix-aio-compat.c Properly handle pthread_cond_timedwait timing out 2009-02-21 05:48:19 +00:00
posix-aio-compat.h Rename sigev_signo to avoid FreeBSD problems (Juergen Lock) 2009-01-24 11:54:21 +00:00
ppc64.ld Correct version of Heikki Lindholms ppc64.ld script 2008-08-20 22:39:24 +00:00
ppc-dis.c Update ppc-dis.c from binutils from 4th July, 2007, just before GPLv3 switch 2009-02-09 19:59:57 +00:00
ppc.ld
qemu_socket.h sockets: helper functions for qemu (Gerd Hoffman) 2008-11-11 20:46:40 +00:00
qemu-aio.h Refactor AIO to allow multiple AIO implementations 2008-09-22 19:17:18 +00:00
qemu-binfmt-conf.sh
qemu-char.c qemu_chr_open_tcp: allow ipv4 and ipv6 options 2009-02-09 20:09:29 +00:00
qemu-char.h add an init function parameter to qemu_chr_open() 2009-01-18 14:08:04 +00:00
qemu-common.h Add qemu_iovec_reset() (Avi Kivity) 2009-02-05 21:23:54 +00:00
qemu-doc.texi chroot and change user support (Nolan) 2009-02-27 22:09:45 +00:00
qemu-img.c Make qemu-img argument handling POSIX compliant 2009-02-09 18:14:31 +00:00
qemu-img.texi Synch code, help and docs 2009-01-24 18:19:25 +00:00
qemu-lock.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
qemu-log.h Define macros that will become the new logging API (Eduardo Habkost) 2009-01-15 21:52:11 +00:00
qemu-malloc.c Fix qemu_realloc() (Kevin Wolf) 2009-02-11 21:00:32 +00:00
qemu-nbd.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
qemu-nbd.texi Fix formatting of documentation (Stefan Weil) 2008-09-22 20:41:57 +00:00
qemu-sockets.c Fix some more warnings 2009-01-14 18:34:22 +00:00
qemu-tech.texi Update (thanks to Edgar, Thiemo, malc, Paul, Laurent and Andrzej) 2008-10-09 18:52:04 +00:00
qemu-timer.h
qemu-tool.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
readline.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
README Add missing newline at the end of file 2008-12-14 08:50:18 +00:00
rules.mak build system: Further improve quiet mode (Jan Kiszka) 2009-01-26 17:07:46 +00:00
s390-dis.c Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
s390.ld Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
savevm.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
sdl_keysym.h Make keysym tables const 2008-10-02 18:26:42 +00:00
sdl.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
sh4-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu_defs.h Fix some warnings that would be generated by gcc -Wredundant-decls 2008-08-30 09:51:20 +00:00
softmmu_exec.h Fix some warnings that would be generated by gcc -Wredundant-decls 2008-08-30 09:51:20 +00:00
softmmu_header.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu_template.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu-semi.h Suppress gcc 4.x -Wpointer-sign (included in -Wall) warnings 2008-09-20 08:07:15 +00:00
sparc64.ld Map code buffers below 2G on Sparc64 2008-07-26 15:05:57 +00:00
sparc-dis.c Make OpenBSD sparc-softmmu compile warning free 2009-01-14 18:08:08 +00:00
sparc.ld
sys-queue.h Remove CRs 2008-12-14 08:53:17 +00:00
sysemu.h qemu: PCI device, disk and host network hot-add / hot-remove (Marcelo Tosatti) 2009-02-11 15:21:54 +00:00
tap-win32.c Add a -net name=foo parameter (Mark McLoughlin) 2009-01-07 17:48:51 +00:00
texi2pod.pl
thunk.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
thunk.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
TODO Update 2008-12-04 11:29:42 +00:00
translate-all.c global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
uboot_image.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
usb-bsd.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
usb-linux.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
usb-stub.c Fix usb-stub compilation 2008-11-25 16:49:33 +00:00
VERSION
vgafont.h Some little fixes on QEMU 2008-09-06 16:31:30 +00:00
vl.c Change default werror semantics from "report" to "enospc" 2009-02-28 16:51:01 +00:00
vnc_keysym.h Fix AltGr and dead keys with VNC 2009-02-09 23:19:32 +00:00
vnc.c Support multiple VNC clients (Brian Kress) 2009-02-16 14:59:30 +00:00
vnc.h Support multiple VNC clients (Brian Kress) 2009-02-16 14:59:30 +00:00
vnchextile.h exploiting the new interface in vnc.c (Stefano Stabellini) 2009-01-15 22:17:38 +00:00
x86_64.ld
x_keymap.c

Read the documentation in qemu-doc.html.

Fabrice Bellard.