qemu-e2k/tests
Kevin Wolf b106ad9185 qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147)
free_cluster_index is only correct if update_refcount() was called from
an allocation function, and even there it's brittle because it's used to
protect unfinished allocations which still have a refcount of 0 - if it
moves in the wrong place, the unfinished allocation can be corrupted.

So not using it any more seems to be a good idea. Instead, use the
first requested cluster to do the calculations. Return -EAGAIN if
unfinished allocations could become invalid and let the caller restart
its search for some free clusters.

The context of creating a snapsnot is one situation where
update_refcount() is called outside of a cluster allocation. For this
case, the change fixes a buffer overflow if a cluster is referenced in
an L2 table that cannot be represented by an existing refcount block.
(new_table[refcount_table_index] was out of bounds)

[Bump the qemu-iotests 026 refblock_alloc.write leak count from 10 to
11.
--Stefan]

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:21:03 +02:00
..
acpi-test-data Revert "acpi-test: rebuild SSDT" 2014-03-26 12:42:31 +02:00
libqos tests/libqos/pci-pc: Avoid shifting left into sign bit 2014-03-27 19:22:49 +04:00
multiboot
qapi-schema qapi script: do not allow string discriminator 2014-03-11 09:07:42 -04:00
qemu-iotests qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147) 2014-04-01 15:21:03 +02:00
tcg tests: Fix 'make test' for i686 hosts (build regression) 2014-03-15 13:54:18 +04:00
.gitignore
acpi-test.c tests/acpi-test: do not fail if iasl is broken 2014-03-24 12:37:36 +02:00
blockdev-test.c
boot-order-test.c
check-block.sh
check-qdict.c check-qdict: Test termination of qdict_array_split() 2014-02-21 22:18:26 +01:00
check-qfloat.c
check-qint.c
check-qjson.c
check-qlist.c
check-qom-interface.c
check-qstring.c
e1000-test.c tests: Add e1000 qtest 2014-02-14 16:22:33 +01:00
eepro100-test.c tests: Add eepro100 qtest 2014-02-14 16:22:33 +01:00
endianness-test.c qtest: Include system headers before user headers 2014-02-17 23:10:02 +01:00
fdc-test.c
fw_cfg-test.c qtest: Include system headers before user headers 2014-02-17 23:10:02 +01:00
hd-geo-test.c
i440fx-test.c QOM infrastructure fixes and device conversions 2014-02-20 13:05:48 +00:00
ide-test.c
ipoctal232-test.c tests: Add ipoctal232 qtest 2014-02-14 21:07:13 +01:00
libqtest.c qtest: Fix crash if SIGABRT during qtest_init() 2014-03-13 21:12:07 +01:00
libqtest.h qtest: Fix crash if SIGABRT during qtest_init() 2014-03-13 21:12:07 +01:00
m48t59-test.c qtest: Include system headers before user headers 2014-02-17 23:10:02 +01:00
Makefile qdev: Introduce FWPathProvider interface 2014-03-20 02:40:13 +01:00
ne2000-test.c tests: Add ne2000 qtest 2014-02-14 20:50:19 +01:00
pcnet-test.c tests: Add pcnet qtest 2014-02-14 16:22:33 +01:00
qdev-monitor-test.c qdev-monitor-test: Don't test human-readable error message 2014-03-12 20:13:02 +01:00
qemu-iotests-quick.sh qemu-iotests: add more tests to the "quick" group 2014-02-28 18:59:06 +01:00
qom-test.c qom-test: Test QOM properties 2014-03-13 01:21:45 +01:00
rtc-test.c qtest: Include system headers before user headers 2014-02-17 23:10:02 +01:00
rtl8139-test.c tests: Add rtl8139 qtest 2014-02-14 16:22:33 +01:00
spapr-phb-test.c tests: Add spapr-pci-host-bridge qtest 2014-03-13 01:21:57 +01:00
test-aio.c aio: add aio_context_acquire() and aio_context_release() 2014-03-13 14:42:24 +01:00
test-bitops.c
test-coroutine.c
test-cutils.c
test-hbitmap.c
test-int128.c tests/test-int128: Don't use __noclone__ attribute on clang 2014-03-02 17:20:37 +04:00
test-iov.c
test-mul64.c
test-opts-visitor.c
test-qdev-global-props.c
test-qmp-commands.c tests: test-qmp-commands: Fix double free 2014-03-11 09:07:42 -04:00
test-qmp-input-strict.c qapi script: do not allow string discriminator 2014-03-11 09:07:42 -04:00
test-qmp-input-visitor.c qapi script: do not allow string discriminator 2014-03-11 09:07:42 -04:00
test-qmp-output-visitor.c qapi script: do not allow string discriminator 2014-03-11 09:07:42 -04:00
test-rfifolock.c rfifolock: add recursive FIFO lock 2014-03-13 14:42:21 +01:00
test-string-input-visitor.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
test-string-output-visitor.c QOM infrastructure fixes and device conversions 2014-02-20 13:05:48 +00:00
test-thread-pool.c
test-throttle.c
test-visitor-serialization.c tests/qapi-schema: Cover complex types with base 2014-03-03 11:16:45 -05:00
test-vmstate.c
test-x86-cpuid.c
test-xbzrle.c
tmp105-test.c qtest: Include system headers before user headers 2014-02-17 23:10:02 +01:00
tpci200-test.c tests: Add tpci200 qtest 2014-02-14 21:02:27 +01:00
virtio-balloon-test.c tests: Add virtio-balloon qtest 2014-03-13 01:21:56 +01:00
virtio-blk-test.c tests: Add virtio-blk qtest 2014-03-13 01:21:56 +01:00
virtio-console-test.c virtio-console-test: Test virtserialport as well 2014-03-13 21:12:07 +01:00
virtio-net-test.c tests: Add virtio-net qtest 2014-02-14 21:01:03 +01:00
virtio-rng-test.c tests: Add virtio-rng qtest 2014-03-13 01:21:56 +01:00
virtio-scsi-test.c tests: Add virtio-scsi qtest 2014-03-13 01:21:56 +01:00
virtio-serial-test.c tests: Add virtio-serial qtest 2014-03-13 01:21:57 +01:00
vmxnet3-test.c tests: Add vmxnet3 qtest 2014-02-14 16:22:33 +01:00