QEMU With E2K User Support
Go to file
Stefan Hajnoczi e4fc8781db qed: fix use-after-free during l2 cache commit
QED's metadata caching strategy allows two parallel requests to race for
metadata lookup.  The first one to complete will populate the metadata
cache and the second one will drop the data it just read in favor of the
cached data.

There is a use-after-free in qed_read_l2_table_cb() and
qed_commit_l2_update() where l2_table->offset was used after the
l2_table may have been freed due to a metadata lookup race.  Fix this by
keeping the l2_offset in a local variable and not reaching into the
possibly freed l2_table.

Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-10-05 10:52:31 -05:00
audio Merge remote-tracking branch 'qmp/queue/qmp' into staging 2011-09-20 15:16:00 -05:00
block qed: fix use-after-free during l2 cache commit 2011-10-05 10:52:31 -05:00
bsd-user Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
darwin-user Remove blanks before \n in output strings 2011-09-16 08:25:56 -05:00
default-configs target-xtensa: add target to the configure script 2011-09-10 16:57:36 +00:00
docs trace: Update docs to use example events that exist 2011-09-21 11:32:37 +01:00
fpu softfloat: Reinstate accidentally disabled target-specific NaN handling 2011-10-01 06:19:07 +00:00
fsdev hw/9pfs: Add handle based fs driver 2011-09-22 21:38:53 +05:30
gdb-xml
hw etrax-dma: Remove bogus if statement 2011-10-03 10:20:13 +02:00
libcacard Silence make if nothing is to do for libcacard 2011-09-21 10:49:38 +01:00
linux-headers Import kernel headers 2011-06-20 15:13:34 -03:00
linux-user Merge remote-tracking branch 'riku/linux-user-for-upstream' into staging 2011-09-26 07:59:13 -05:00
net Allow overriding the location of Samba's smbd. 2011-09-03 17:45:48 +00:00
pc-bios Add OpenBIOS as a submodule 2011-09-28 20:39:34 +00:00
qapi Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qga Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
QMP
roms Add OpenBIOS as a submodule 2011-09-28 20:39:34 +00:00
scripts trace: allow PRI*64 at beginning and ending of format string 2011-09-17 15:14:05 +00:00
slirp slirp: Fix packet expiration 2011-09-28 13:11:30 +02:00
sysconfigs/target
target-alpha softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-arm softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-cris softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-i386 softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-lm32 softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-m68k softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-microblaze softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-mips softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-ppc softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-s390x softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-sh4 softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-sparc softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
target-unicore32 Use hex instead of binary. 2011-09-09 12:58:16 -05:00
target-xtensa softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
tcg tcg-i386: Introduce limited deposit support 2011-10-01 06:42:46 +00:00
tests Remove blanks before \n in output strings 2011-09-16 08:25:56 -05:00
trace trace: use binary file open mode in simpletrace 2011-09-21 11:30:10 +01:00
ui use qemu_* ctype functions 2011-09-21 11:10:52 +01:00
.gitignore coroutine: add test-coroutine automated tests 2011-08-02 15:53:40 +02:00
.gitmodules Add OpenBIOS as a submodule 2011-09-28 20:39:34 +00:00
a.out.h Use new macro QEMU_PACKED for packed structures 2011-09-03 10:45:59 +00:00
acl.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
acl.h
aes.c
aes.h
aio.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
alpha-dis.c
alpha.ld
arch_init.c core: remove qemu_service_io 2011-09-23 10:55:32 -05:00
arch_init.h target-xtensa: add target stubs 2011-09-10 16:57:36 +00:00
arm-dis.c
arm-semi.c arm-semi: Provide access to CLI arguments passed through the "-append" option 2011-07-11 16:05:46 +03:00
arm.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
async.c async: Allow nested qemu_bh_poll calls 2011-09-06 11:23:51 +02:00
balloon.c balloon: Disassociate handlers from balloon device on unplug 2011-09-09 12:58:16 -05:00
balloon.h balloon: Disassociate handlers from balloon device on unplug 2011-09-09 12:58:16 -05:00
bitmap.c
bitmap.h Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
bitops.c
bitops.h
block_int.h block: Move BlockConf & friends from block_int.h to block.h 2011-09-12 15:17:21 +02:00
block-migration.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
block-migration.h
block.c block: New change_media_cb() parameter load 2011-09-12 15:17:22 +02:00
block.h block: New change_media_cb() parameter load 2011-09-12 15:17:22 +02:00
blockdev.c ide/atapi scsi-disk: Make monitor eject -f, then change work 2011-09-12 15:17:22 +02:00
blockdev.h
bswap.h bswap.h: build fix 2011-09-16 08:26:31 -05:00
bt-host.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
bt-host.h
bt-vhci.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
buffered_file.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
buffered_file.h
cache-utils.c
cache-utils.h
Changelog Changelog: Add explanatory note that this file is no longer updated 2011-06-13 21:16:27 +02:00
check-qdict.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
check-qfloat.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
check-qint.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
check-qjson.c Fix qjson test of solidus encoding 2011-09-06 10:15:39 -03:00
check-qlist.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
check-qstring.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
cmd.c use qemu_* ctype functions 2011-09-21 11:10:52 +01:00
cmd.h
CODING_STYLE CODING_STYLE: explicitly allow braceless 'else if' 2011-07-29 09:33:56 -05:00
compatfd.c Register Linux dyntick timer as per-thread signal 2011-07-23 11:26:12 -05:00
compatfd.h Register Linux dyntick timer as per-thread signal 2011-07-23 11:26:12 -05:00
compiler.h Fix and clean code which tests the gcc version 2011-09-23 11:51:05 -05:00
config.h
configure configure: Detect predefined compiler symbols for ARM and HPPA 2011-10-01 06:13:04 +00:00
console.c console: Properly switch consoles for screen dumps 2011-09-16 08:25:57 -05:00
console.h curses: fix garbling when chtype != long 2011-09-09 12:58:16 -05:00
COPYING
COPYING.LIB
coroutine-gthread.c Convert last qemu_free and qemu_malloc uses 2011-08-21 18:42:08 +00:00
coroutine-ucontext.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
coroutine-win32.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
cpu-all.h Remove qemu_host_page_bits 2011-09-21 10:50:59 +01:00
cpu-common.h Merge remote-tracking branch 'agraf/xen-next' into staging 2011-07-29 09:42:12 -05:00
cpu-defs.h
cpu-exec.c target-xtensa: implement exceptions 2011-09-10 16:57:38 +00:00
cpus.c Merge remote-tracking branch 'kwolf/for-anthony' into staging 2011-09-20 15:21:03 -05:00
cpus.h Move vm_state_notify() prototype from cpus.h to sysemu.h 2011-09-15 16:39:31 -03:00
cris-dis.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
cutils.c Fix up some style nits of last uq/master merge 2011-08-25 09:21:35 +01:00
def-helper.h
device_tree.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
device_tree.h
dis-asm.h
disas.c disasm: update comment 2011-08-25 09:21:48 +01:00
disas.h
dma-helpers.c dma-helpers: rewrite completion/cancellation 2011-09-20 12:27:43 +02:00
dma.h dma-helpers: allow including from target-independent code 2011-09-20 12:27:34 +02:00
dyngen-exec.h Move GETPC from dyngen-exec.h to exec-all.h 2011-10-01 09:31:43 +00:00
elf.h target-xtensa: add target stubs 2011-09-10 16:57:36 +00:00
envlist.c
envlist.h
error_int.h
error.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
error.h Error: Fix build when qemu-common.h is not included 2011-07-21 16:48:13 -03:00
exec-all.h Move GETPC from dyngen-exec.h to exec-all.h 2011-10-01 09:31:43 +00:00
exec-memory.h Integrate I/O memory regions into qemu 2011-08-08 10:15:53 -05:00
exec.c Move GETPC from dyngen-exec.h to exec-all.h 2011-10-01 09:31:43 +00:00
gdbstub.c Drop the vm_running global variable 2011-09-15 16:39:32 -03:00
gdbstub.h
gen-icount.h
HACKING Convert last qemu_free and qemu_malloc uses 2011-08-21 18:42:08 +00:00
hmp-commands.hx trace: always compile support for controlling and querying trace event states 2011-09-01 10:34:54 +01:00
host-utils.c
host-utils.h Move macro QEMU_GNUC_PREREQ to compiler.h 2011-09-23 11:51:05 -05:00
hpet.h
hppa-dis.c hppa: Fix printf warnings in hppa-dis.c. 2011-07-01 21:06:48 +00:00
hppa.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
i386-dis.c
i386.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
ia64-dis.c
ia64.ld
input.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
iohandler.c iohandlers: fix issue with qemu_set_fd_handler() 2011-09-08 08:06:08 -05:00
ioport-user.c
ioport.c ioport: register ranges by byte aligned addresses always 2011-07-29 08:25:44 -05:00
ioport.h report serial devices created with -device in the PIIX4 config space 2011-07-23 10:56:55 -05:00
iorange.h
iov.c Add iov_clear() 2011-08-04 15:51:22 +02:00
iov.h Add iov_clear() 2011-08-04 15:51:22 +02:00
json-lexer.c
json-lexer.h
json-parser.c
json-parser.h
json-streamer.c
json-streamer.h
kvm-all.c Replace the VMSTOP macros with a proper state type 2011-09-15 16:39:32 -03:00
kvm-stub.c Remove exec-all.h include directives 2011-06-26 18:25:35 +00:00
kvm.h kvm: x86: Pass KVMState to kvm_arch_get_supported_cpuid 2011-06-20 15:24:00 -03:00
libfdt_env.h Fix libfdt warnings on Darwin 2011-06-14 03:08:57 +02:00
LICENSE
linux-aio.c linux-aio: remove process requests callback 2011-09-20 14:34:17 +02:00
m68k-dis.c
m68k-semi.c Use new macro QEMU_PACKED for packed structures 2011-09-03 10:45:59 +00:00
m68k.ld
MAINTAINERS Merge remote-tracking branch 'pmaydell/omap-for-upstream' into staging 2011-09-26 08:00:00 -05:00
Makefile Makefile: Remove 'tarbin' target 2011-09-23 13:42:34 -05:00
Makefile.dis
Makefile.hw Makefile.hw: allow hw/ files to include glib headers 2011-09-04 17:46:51 +03:00
Makefile.objs hw/9pfs: Add handle based fs driver 2011-09-22 21:38:53 +05:30
Makefile.target build: Move tracing objects into libuser on usermode emulation targets 2011-09-16 08:25:56 -05:00
Makefile.user build: Move tracing objects into libuser on usermode emulation targets 2011-09-16 08:25:56 -05:00
memory.c memory: Print regions in ascending order 2011-10-02 16:27:14 +02:00
memory.h memory: simple memory tree printer 2011-10-02 16:27:13 +02:00
microblaze-dis.c
migration-exec.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
migration-fd.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
migration-tcp.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
migration-unix.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
migration.c Drop the vm_running global variable 2011-09-15 16:39:32 -03:00
migration.h
mips-dis.c Remove blanks before \n in output strings 2011-09-16 08:25:56 -05:00
mips.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
module.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
module.h qapi: add module init types for qapi 2011-07-21 16:48:13 -03:00
monitor.c memory: simple memory tree printer 2011-10-02 16:27:13 +02:00
monitor.h
nbd.c nbd: fix non-Linux build failure 2011-09-21 11:34:43 +02:00
nbd.h nbd: sync API definitions with upstream 2011-09-19 11:34:33 +02:00
net.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
net.h Allow overriding the location of Samba's smbd. 2011-09-03 17:45:48 +00:00
notify.c notifier: Pass data argument to callback 2011-07-23 11:26:06 -05:00
notify.h notifier: Pass data argument to callback 2011-07-23 11:26:06 -05:00
os-posix.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
os-win32.c w32: Fix format string regression 2011-08-21 15:33:33 +00:00
osdep.c
osdep.h Move macro QEMU_GNUC_PREREQ to compiler.h 2011-09-23 11:51:05 -05:00
oslib-posix.c qemu_vmalloc: align properly for transparent hugepages and KVM 2011-09-09 12:58:16 -05:00
oslib-win32.c
path.c
pci-ids.txt
pflib.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
pflib.h
poison.h Avoid CPU endian memory accesses in devices 2011-07-20 21:22:43 +00:00
posix-aio-compat.c block: avoid SIGUSR2 2011-09-20 14:32:56 +02:00
ppc64.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
ppc-dis.c
ppc.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
qapi-schema-guest.json guest agent: add guest agent RPCs/commands 2011-07-21 16:48:15 -03:00
qapi-schema-test.json qapi: test schema used for unit tests 2011-07-21 16:48:14 -03:00
qbool.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qbool.h
qdict-test-data.txt
qdict.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qdict.h
qemu_socket.h
qemu-aio.h
qemu-barrier.h Barriers in qemu-barrier.h should not be x86 specific 2011-09-23 11:51:05 -05:00
qemu-char.c qemu-char: use qemu_set_fd_handler/2 consistently 2011-09-23 13:42:33 -05:00
qemu-char.h char: document the functions that will be the public interface 2011-08-22 10:17:44 -05:00
qemu-common.h core: remove qemu_service_io 2011-09-23 10:55:32 -05:00
qemu-config.c trace: add "-trace events" argument to control initial state 2011-09-01 10:34:54 +01:00
qemu-config.h
qemu-coroutine-int.h coroutines: Locks 2011-08-02 15:53:40 +02:00
qemu-coroutine-lock.c coroutine: Add CoRwlock support 2011-08-23 14:15:17 +02:00
qemu-coroutine.c coroutine: introduce coroutines 2011-08-01 12:14:09 +02:00
qemu-coroutine.h coroutine: Add CoRwlock support 2011-08-23 14:15:17 +02:00
qemu-doc.texi sdl: Add zoom hot keys 2011-08-05 10:57:35 -05:00
qemu-error.c Strip trailing '\n' from error_report()'s first argument 2011-06-24 09:13:36 +01:00
qemu-error.h
qemu-ga.c Fix spelling in comments and debug messages (recieve -> receive) 2011-08-29 11:47:33 +01:00
qemu-img-cmds.hx qemu-img: Require larger zero areas for sparse handling 2011-08-29 14:42:39 +02:00
qemu-img.c qemu-img: Require larger zero areas for sparse handling 2011-08-29 14:42:39 +02:00
qemu-img.texi qemu-img: Require larger zero areas for sparse handling 2011-08-29 14:42:39 +02:00
qemu-io.c Remove blanks before \n in output strings 2011-09-16 08:25:56 -05:00
qemu-lock.h
qemu-log.h
qemu-nbd.c nbd: support feature negotiation 2011-09-19 11:34:33 +02:00
qemu-nbd.texi
qemu-objects.h
qemu-option.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qemu-option.h
qemu-options.h
qemu-options.hx target-xtensa: implement SIMCALL 2011-09-10 16:57:39 +00:00
qemu-os-posix.h
qemu-os-win32.h
qemu-progress.c
qemu-queue.h
qemu-sockets.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qemu-tech.texi
qemu-thread-posix.c Abort on thread layer errors 2011-09-21 10:50:10 +01:00
qemu-thread-posix.h
qemu-thread-win32.c Abort on thread layer errors 2011-09-21 10:50:10 +01:00
qemu-thread-win32.h
qemu-thread.h
qemu-timer-common.c
qemu-timer.c Drop the vm_running global variable 2011-09-15 16:39:32 -03:00
qemu-timer.h qemu-timer: Introduce clock reset notifier 2011-07-23 11:26:12 -05:00
qemu-tool.c core: remove qemu_service_io 2011-09-23 10:55:32 -05:00
qemu-x509.h
qemu.sasl
qerror.c Monitor/QMP: Don't allow cont on bad VM state 2011-09-15 16:39:32 -03:00
qerror.h Monitor/QMP: Don't allow cont on bad VM state 2011-09-15 16:39:32 -03:00
qfloat.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qfloat.h
qint.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qint.h
qjson.c
qjson.h
qlist.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qlist.h qlist: add qlist_first()/qlist_next() 2011-07-21 16:48:13 -03:00
qmp-commands.hx QMP: query-status: Introduce 'status' key 2011-09-15 16:39:32 -03:00
qobject.h
qstring.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qstring.h
range.h
readline.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
readline.h
README
rules.mak build: sort objects to remove duplicates for link 2011-09-01 13:12:51 -05:00
s390-dis.c
s390.ld
savevm.c Drop the vm_running global variable 2011-09-15 16:39:32 -03:00
sh4-dis.c
softmmu_defs.h Document softmmu templates 2011-10-01 09:31:08 +00:00
softmmu_exec.h Document softmmu templates 2011-10-01 09:31:08 +00:00
softmmu_header.h Document softmmu templates 2011-10-01 09:31:08 +00:00
softmmu_template.h softmmu_header: pass CPUState to tlb_fill 2011-10-01 09:31:26 +00:00
softmmu-semi.h Correct spelling of licensed 2011-07-23 11:26:12 -05:00
sparc64.ld
sparc-dis.c
sparc.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
spice-qemu-char.c spice-qemu-char.c: Use correct printf format char for ssize_t 2011-09-07 09:20:09 +02:00
sysemu.h QMP: query-status: Introduce 'status' key 2011-09-15 16:39:32 -03:00
targphys.h
tcg-runtime.c
test-coroutine.c coroutine: add test-coroutine --benchmark-lifecycle 2011-08-02 15:53:40 +02:00
test-qmp-commands.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
test-visitor.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
thunk.c
thunk.h
TODO
trace-events ESP: convert to trace framework 2011-10-01 09:28:40 +00:00
translate-all.c Delegate setup of TCG temporaries to targets 2011-06-26 18:25:43 +00:00
uboot_image.h
usb-bsd.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
usb-linux.c usb-host: tag as unmigratable 2011-09-07 09:58:27 +02:00
usb-redir.c char: rename qemu_chr_close() -> qemu_chr_delete() 2011-08-22 10:17:43 -05:00
usb-stub.c
user-exec.c Remove unused is_softmmu parameter from cpu_handle_mmu_fault 2011-08-07 09:32:01 +00:00
VERSION Open 1.0 development branch. 2011-07-23 11:57:53 -05:00
version.rc
vgafont.h
vl.c Merge remote-tracking branch 'qmp/queue/qmp' into staging 2011-09-20 15:16:00 -05:00
x86_64.ld Fix linker scripts 2011-08-27 15:42:35 +00:00
xen-all.c Drop the vm_running global variable 2011-09-15 16:39:32 -03:00
xen-mapcache.c xen-mapcache: Fix rlimit set size. 2011-09-09 13:13:16 +00:00
xen-mapcache.h xen: fix xen-mapcache build on non-Xen capable targets 2011-07-22 17:43:42 +00:00
xen-stub.c xen_console: support the new extended xenstore protocol 2011-07-17 01:54:25 +02:00
xtensa-semi.c target-xtensa: implement SIMCALL 2011-09-10 16:57:39 +00:00

Read the documentation in qemu-doc.html.

Fabrice Bellard.