qemu-e2k

History

Marc-André Lureau 8f1d22d970 vhost-user-bridge: fix recvmsg iovlen After iov_discard_front(), the iov may be smaller than its initial size. Fixes the heap-buffer-overflow spotted by ASAN: ==9036==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000001e0 at pc 0x7fe632eca3f0 bp 0x7ffddc4a05a0 sp 0x7ffddc49fd48 WRITE of size 32 at 0x6060000001e0 thread T0 #0 0x7fe632eca3ef (/lib64/libasan.so.5+0x773ef) #1 0x7fe632ecad23 in __interceptor_recvmsg (/lib64/libasan.so.5+0x77d23) #2 0x561e7491936b in vubr_backend_recv_cb /home/elmarco/src/qemu/tests/vhost-user-bridge.c:333 #3 0x561e74917711 in dispatcher_wait /home/elmarco/src/qemu/tests/vhost-user-bridge.c:160 #4 0x561e7491c3b5 in vubr_run /home/elmarco/src/qemu/tests/vhost-user-bridge.c:725 #5 0x561e7491c85c in main /home/elmarco/src/qemu/tests/vhost-user-bridge.c:806 #6 0x7fe631a6c412 in __libc_start_main (/lib64/libc.so.6+0x24412) #7 0x561e7491667d in _start (/home/elmarco/src/qemu/build/tests/vhost-user-bridge+0x3967d) 0x6060000001e0 is located 0 bytes to the right of 64-byte region [0x6060000001a0,0x6060000001e0) allocated by thread T0 here: #0 0x7fe632f42848 in __interceptor_malloc (/lib64/libasan.so.5+0xef848) #1 0x561e7493acd8 in virtqueue_alloc_element /home/elmarco/src/qemu/contrib/libvhost-user/libvhost-user.c:1848 #2 0x561e7493c2a8 in vu_queue_pop /home/elmarco/src/qemu/contrib/libvhost-user/libvhost-user.c:1954 #3 0x561e749189bf in vubr_backend_recv_cb /home/elmarco/src/qemu/tests/vhost-user-bridge.c:297 #4 0x561e74917711 in dispatcher_wait /home/elmarco/src/qemu/tests/vhost-user-bridge.c:160 #5 0x561e7491c3b5 in vubr_run /home/elmarco/src/qemu/tests/vhost-user-bridge.c:725 #6 0x561e7491c85c in main /home/elmarco/src/qemu/tests/vhost-user-bridge.c:806 #7 0x7fe631a6c412 in __libc_start_main (/lib64/libc.so.6+0x24412) SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.5+0x773ef) Shadow bytes around the buggy address: 0x0c0c7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0c7fff8000: fa fa fa fa 00 00 00 00 00 00 05 fa fa fa fa fa 0x0c0c7fff8010: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd 0x0c0c7fff8020: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c0c7fff8030: fa fa fa fa 00 00 00 00 00 00 00 00[fa]fa fa fa 0x0c0c7fff8040: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd 0x0c0c7fff8050: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x0c0c7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181109173028.3372-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo BOnzini <pbonzini@redhat.com>		2018-11-27 15:35:18 +01:00
..
acceptance
data	bios-tables-test: prepare expected files for mmio64	2018-11-05 13:24:02 -05:00
decode
docker	docker: use HTTPS git URL for virglrenderer	2018-11-12 11:26:02 +00:00
fp	tests/fp/fp-test: add floating point tests	2018-10-05 12:57:41 -05:00
guest-debug	tests/guest-debug: fix scoping of failcount	2018-11-13 10:47:59 +00:00
image-fuzzer
keys
libqos
migration	migration-test: Only generate a single target architecture	2018-10-11 19:58:26 +01:00
multiboot
qapi-schema
qemu-iotests	block: Update BlockDriverState.inherits_from on bdrv_drop_intermediate()	2018-11-22 19:37:31 +01:00
rocker
tcg	tests/tcg/multiarch: fix 32bit linux-test on 64bit host	2018-11-14 11:07:06 +00:00
vm	tests/vm: Do not abuse parallelism when HOST != TARGET architecture	2018-10-26 22:03:21 +08:00
vmstate-static-checker-data
.gitignore
ac97-test.c
acpi-utils.c
acpi-utils.h
ahci-test.c
atomic64-bench.c	tests: add atomic64-bench	2018-10-02 18:47:55 +02:00
atomic_add-bench.c
benchmark-crypto-cipher.c	crypto: expand algorithm coverage for cipher benchmark	2018-10-24 19:03:37 +01:00
benchmark-crypto-hash.c
benchmark-crypto-hmac.c
bios-tables-test.c	tests/bios-tables-test: add 64-bit PCI MMIO aperture round-up test on Q35	2018-11-05 13:24:02 -05:00
boot-order-test.c
boot-sector.c
boot-sector.h
boot-serial-test.c	tests/boot-serial-test: Add microbit board testcase	2018-11-02 14:03:33 +00:00
cdrom-test.c
check-block-qdict.c
check-block.sh	qemu-iotests: convert `pwd` and $(pwd) to $PWD	2018-11-19 10:08:19 -06:00
check-qdict.c	tests: Restore check-qdict unit test	2018-10-10 08:00:00 +02:00
check-qjson.c	tests/check-qjson: fix a leak	2018-10-09 13:44:12 +02:00
check-qlist.c
check-qlit.c
check-qnull.c
check-qnum.c
check-qobject.c
check-qom-interface.c
check-qom-proplist.c	tests/qom-proplist: check class properties iterator	2018-10-05 16:27:09 +04:00
check-qstring.c
cpu-plug-test.c	vl.c deprecate incorrect CPUs topology	2018-10-24 06:44:59 -03:00
crypto-tls-psk-helpers.c
crypto-tls-psk-helpers.h
crypto-tls-x509-helpers.c
crypto-tls-x509-helpers.h	crypto: require gnutls >= 3.1.18 for building QEMU	2018-10-19 12:26:57 +01:00
device-introspect-test.c
display-vga-test.c
drive_del-test.c
ds1338-test.c
e1000-test.c
e1000e-test.c
eepro100-test.c
endianness-test.c
es1370-test.c
fdc-test.c
fw_cfg-test.c
hd-geo-test.c
hexloader-test.c	tests: Move tests/hex-loader-check-data/ to tests/data/hex-loader/	2018-11-05 13:23:46 -05:00
i440fx-test.c
i82801b11-test.c
ide-test.c	tests/ide: Free pcibus when finishing a test	2018-11-19 21:59:44 +01:00
intel-hda-test.c
io-channel-helpers.c
io-channel-helpers.h
ioh3420-test.c
iothread.c
iothread.h
ipmi-bt-test.c
ipmi-kcs-test.c
ipoctal232-test.c
ivshmem-test.c
libqtest.c	qtest: log QEMU command line	2018-11-20 10:49:12 +01:00
libqtest.h
m25p80-test.c
m48t59-test.c
machine-none-test.c
Makefile.include	nvme: fix out-of-bounds access to the CMB	2018-11-22 16:43:52 +01:00
megasas-test.c
migration-test.c	tests/migration-test: Disable s390x test when running with TCG	2018-10-24 07:27:25 +01:00
ne2000-test.c
numa-test.c
nvme-test.c	nvme: fix out-of-bounds access to the CMB	2018-11-22 16:43:52 +01:00
pca9552-test.c
pcnet-test.c
pkix_asn1_tab.c
pnv-xscom-test.c
prom-env-test.c
ptimer-test-stubs.c	qemu-timer: introduce timer attributes	2018-10-19 13:44:03 +02:00
ptimer-test.c
ptimer-test.h
pvpanic-test.c
pxe-test.c
q35-test.c
qemu-iotests-quick.sh
qht-bench.c	qht-bench: add -p flag to precompute hash values	2018-09-26 08:55:54 -07:00
qmp-cmd-test.c
qmp-test.c	tests: add qmp/missing-any-arg test	2018-11-19 21:56:36 +01:00
qom-test.c
rcutorture.c
requirements.txt	Acceptance tests: add make rule for running them	2018-10-30 21:13:54 -03:00
rtas-test.c
rtc-test.c
rtl8139-test.c
sdhci-test.c
socket-helpers.c
socket-helpers.h
spapr-phb-test.c
tco-test.c
test-aio-multithread.c
test-aio.c
test-arm-mptimer.c
test-base64.c
test-bdrv-drain.c	tests/test-bdrv-drain: Fix too late qemu_event_reset()	2018-10-01 19:13:55 +02:00
test-bitcnt.c
test-bitops.c
test-block-backend.c
test-blockjob-txn.c	tests/test-blockjob-txn: move .exit to .clean	2018-09-25 15:31:15 +02:00
test-blockjob.c	test-blockjob: Acquire AioContext around job_cancel_sync()	2018-09-25 15:50:15 +02:00
test-bufferiszero.c
test-char.c	tests/test-char: Check websocket chardev functionality	2018-11-01 12:13:09 +04:00
test-clone-visitor.c
test-coroutine.c
test-crypto-afsplit.c
test-crypto-block.c	crypto: require nettle >= 2.7.1 for building QEMU	2018-10-19 14:41:47 +01:00
test-crypto-cipher.c
test-crypto-hash.c
test-crypto-hmac.c
test-crypto-ivgen.c
test-crypto-pbkdf.c
test-crypto-secret.c
test-crypto-tlscredsx509.c	crypto: require gnutls >= 3.1.18 for building QEMU	2018-10-19 12:26:57 +01:00
test-crypto-tlssession.c
test-crypto-xts.c	crypto: add testing for unaligned buffers with XTS cipher mode	2018-10-24 19:03:37 +01:00
test-cutils.c
test-filter-mirror.c
test-filter-redirector.c
test-hbitmap.c
test-hmp.c
test-image-locking.c	tests: Add unit tests for image locking	2018-11-12 17:46:57 +01:00
test-int128.c
test-io-channel-buffer.c
test-io-channel-command.c
test-io-channel-file.c
test-io-channel-socket.c
test-io-channel-tls.c
test-io-task.c
test-iov.c
test-keyval.c
test-logging.c
test-mul64.c
test-netfilter.c
test-opts-visitor.c
test-qapi-util.c
test-qdev-global-props.c
test-qdist.c
test-qemu-opts.c
test-qga.c
test-qht-par.c
test-qht.c	qht: drop ht argument from qht iterators	2018-09-26 08:55:54 -07:00
test-qmp-cmds.c
test-qmp-event.c
test-qobject-input-visitor.c
test-qobject-output-visitor.c
test-rcu-list.c	test-rcu-list: access n_reclaims and n_nodes_removed with atomic64	2018-10-02 18:47:55 +02:00
test-rcu-simpleq.c
test-rcu-tailq.c
test-replication.c	test-replication: Lock AioContext around blk_unref()	2018-10-01 19:13:55 +02:00
test-shift128.c
test-string-input-visitor.c
test-string-output-visitor.c
test-thread-pool.c
test-throttle.c
test-timed-average.c
test-util-sockets.c
test-uuid.c
test-visitor-serialization.c
test-vmstate.c
test-write-threshold.c
test-x86-cpuid-compat.c
test-x86-cpuid.c
test-xbzrle.c
tmp105-test.c
tpci200-test.c
tpm-crb-swtpm-test.c
tpm-crb-test.c
tpm-emu.c
tpm-emu.h
tpm-tests.c	tests: tpm: Use g_test_message rather than fprintf	2018-11-14 16:12:24 -05:00
tpm-tests.h
tpm-tis-swtpm-test.c
tpm-tis-test.c
tpm-util.c	tests/tpm: Display if swtpm is not found or --tpm2 not supported	2018-10-30 13:53:15 -04:00
tpm-util.h	tests/tpm: Display if swtpm is not found or --tpm2 not supported	2018-10-30 13:53:15 -04:00
usb-hcd-ehci-test.c
usb-hcd-ohci-test.c
usb-hcd-uhci-test.c
usb-hcd-xhci-test.c
vhost-user-bridge.c	vhost-user-bridge: fix recvmsg iovlen	2018-11-27 15:35:18 +01:00
vhost-user-test.c	hostmem-memfd: add checks before adding hostmem-memfd & properties	2018-10-02 18:47:55 +02:00
virtio-9p-test.c
virtio-balloon-test.c
virtio-blk-test.c
virtio-ccw-test.c
virtio-console-test.c
virtio-net-test.c
virtio-rng-test.c
virtio-scsi-test.c
virtio-serial-test.c
vmgenid-test.c
vmxnet3-test.c
wdt_ib700-test.c