OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw
History
Vitaly Chikunov e64e27d5cb 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread 
`struct dirent' returned from readdir(3) could be shorter (or longer)
than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
into unallocated page causing SIGSEGV. Example stack trace:

 #0  0x00005555559ebeed v9fs_co_readdir_many (/usr/bin/qemu-system-x86_64 + 0x497eed)
 #1  0x00005555559ec2e9 v9fs_readdir (/usr/bin/qemu-system-x86_64 + 0x4982e9)
 #2  0x0000555555eb7983 coroutine_trampoline (/usr/bin/qemu-system-x86_64 + 0x963983)
 #3  0x00007ffff73e0be0 n/a (n/a + 0x0)

While fixing this, provide a helper for any future `struct dirent' cloning.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/841
Cc: qemu-stable@nongnu.org
Co-authored-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Tested-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Acked-by: Greg Kurz <groug@kaod.org>
Tested-by: Vitaly Chikunov <vt@altlinux.org>
Message-Id: <20220216181821.3481527-1-vt@altlinux.org>
[C.S. - Fix typo in source comment. ]
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
 		2022-02-17 16:57:58 +01:00
..
9pfs 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread 2022-02-17 16:57:58 +01:00
acpi ACPI ERST: build the ACPI ERST table 2022-02-06 04:33:50 -05:00
adc hw/adc: Add basic Aspeed ADC model 2021-10-12 08:20:08 +02:00
alpha
arm hw/arm/smmuv3: Fix device reset 2022-02-08 10:56:28 +00:00
audio Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
avr hw/avr: Realize AVRCPU qdev object using qdev_realize() 2021-12-17 10:43:24 +01:00
block Pull request 2022-02-15 19:30:33 +00:00
char hw/char/exynos4210_uart: Fix crash on trying to load VM state 2022-01-28 14:29:46 +00:00
core Allow setting up to 8 bytes with the generic loader 2022-02-16 12:24:18 +10:00
cpu
cris
display Fixes and updates for hppa target 2022-02-02 19:54:30 +00:00
dma Migration Pull request (Take 2) 2022-01-29 15:55:54 +00:00
gpio Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
hppa hppa: Add support for an emulated TOC/NMI button. 2022-02-02 18:46:42 +01:00
hyperv dma: Let dma_memory_map() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
i2c aspeed/i2c: QOMify AspeedI2CBus 2021-10-12 08:20:08 +02:00
i386 ACPI ERST: create ACPI ERST table for pc/x86 machines 2022-02-06 04:33:50 -05:00
ide hw/dma: Let dma_buf_read() / dma_buf_write() propagate MemTxResult 2022-01-18 12:56:29 +01:00
input ps2: Initial horizontal scroll support 2022-01-13 15:33:18 +01:00
intc hw/intc: Add RISC-V AIA APLIC device emulation 2022-02-16 12:24:19 +10:00
ipack qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
ipmi ipmi/sim: fix watchdog_expired data type error in IPMIBmcSim struct 2021-07-08 14:15:01 -05:00
isa vt82c686: Add a method to VIA_ISA to raise ISA interrupts 2021-10-18 00:41:36 +02:00
m68k m68k: virt: correctly set the initial PC 2022-01-20 09:09:37 +01:00
mem hw/mem/pc-dimm: Restrict NUMA-specific code to NUMA machines 2021-11-11 03:13:05 -05:00
microblaze hw/microblaze: Replace drive_get_next() by drive_get() 2021-12-15 08:38:16 +01:00
mips hw/mips/jazz: Inline vga_mmio_init() and remove it 2022-01-13 10:58:54 +01:00
misc Migration Pull request (Take 2) 2022-01-29 15:55:54 +00:00
net hw/net: e1000e: Clear ICR on read when using non MSI-X interrupts 2022-02-14 11:50:44 +08:00
nios2
nubus qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nvme hw/nvme: add support for zoned random write area 2022-02-14 08:58:29 +01:00
nvram hw/nvram: Restrict fw_cfg QOM interface to sysemu and tools 2022-01-18 10:45:35 +01:00
openrisc
pci pcie_aer: Don't trigger a LSI if none are defined 2022-01-07 05:19:55 -05:00
pci-bridge qdev: Make DeviceState.id independent of QemuOpts 2021-10-15 16:06:35 +02:00
pci-host ppc/pnv: use a do-while() loop in pnv_phb4_translate_tve() 2022-01-28 13:15:02 +01:00
pcmcia
ppc target/ppc: Remove PowerPC 601 CPUs 2022-02-09 09:08:55 +01:00
rdma hw/dma: Use dma_addr_t type definition when relevant 2022-01-18 12:56:29 +01:00
remote hw/remote/proxy: Categorize Wireless devices as 'Network' ones 2021-10-04 09:47:26 +02:00
riscv hw/riscv: virt: Use AIA INTC compatible string when available 2022-02-16 12:24:19 +10:00
rtc rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
rx
s390x rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
scsi Migration Pull request (Take 2) 2022-01-29 15:55:54 +00:00
sd hw/sd: Add SDHC support for SD card SPI-mode 2022-01-04 08:50:28 +01:00
sensor hw/sensor: Add lsm303dlhc magnetometer device 2022-02-08 10:56:29 +00:00
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
smbios smbios: Rename SMBIOS_ENTRY_POINT_* enums 2022-01-07 05:19:55 -05:00
sparc sun4m: fix setting CPU id when more than one CPU is present 2021-09-08 11:09:45 +01:00
sparc64 hw: Replace trivial drive_get_next() by drive_get() 2021-12-15 08:38:16 +01:00
ssi hw/ssi: Add a model of Xilinx Versal's OSPI flash memory controller 2022-01-28 14:29:46 +00:00
timer hw/timer/armv7m_systick: Update clock source before enabling timer 2022-02-08 10:56:28 +00:00
tpm tpm: mark correct memory region range dirty when clearing RAM 2021-10-02 08:43:21 +02:00
tricore hw/tricore: fix inclusion of tricore_testboard 2021-07-20 20:10:21 +02:00
usb uas: add missing return 2022-01-13 10:58:05 +01:00
vfio vfio: Fix memory leak of hostwin 2021-11-17 11:25:55 -07:00
virtio Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
watchdog watchdog: remove select_watchdog_action 2021-11-02 15:57:27 +01:00
xen aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
xenpv
xtensa
Kconfig hw/arm: xlnx-zcu102: Add Xilinx eFUSE device 2021-09-30 13:42:10 +01:00
meson.build