mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,462 Commits 50 Branches 394 Tags 404 MiB
caa881abe0
Commit Graph

6 Commits

Author SHA1 Message Date
Michael S. Tsirkin
d2ef4b61fe vmstate: fix buffer overflow in target-arm/machine.c 
CVE-2013-4531

cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
cpreg_vmstate_array_len will cause a buffer overflow.

VMSTATE_INT32_LE was supposed to protect against this
but doesn't because it doesn't validate that input is
non-negative.

Fix this macro to valide the value appropriately.

The only other user of VMSTATE_INT32_LE doesn't
ever use negative numbers so it doesn't care.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
 2014-05-05 22:15:02 +02:00
Michael S. Tsirkin
5bf81c8d63 vmstate: add VMS_MUST_EXIST 
Can be used to verify a required field exists or validate
state in some other way.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
 2014-05-05 14:15:10 +02:00
Michael S. Tsirkin
35fc1f7189 vmstate: reduce code duplication 
move size offset and number of elements math out
to functions, to reduce code duplication.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
 2014-05-05 14:15:10 +02:00
Alexey Kardashevskiy
9013dca553 migration: add more traces 
This replaces DPRINTF macro with tracepoints.

This moves some messages from migration.c to savevm.c.

This adds tracepoint to signal about fileds failed to migrate.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
 2014-03-27 15:19:00 +05:30
Dr. David Alan Gilbert
24a370ef23 Fix vmstate_info_int32_le comparison/assign 
Fix comparison of vmstate_info_int32_le so that it succeeds if loaded
value is (l)ess than or (e)qual

When the comparison succeeds, assign the value loaded
  This is a change in behaviour but I think the original intent, since
  the idea is to check if the version/size of the thing you're loading is
  less than some limit, but you might well want to do something based on
  the actual version/size in the file

Fix up comment and name text

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
 2014-02-25 14:30:28 +01:00
Eduardo Habkost
b6fcfa59fa vmstate: Move VMState code to vmstate.c 
This will allow unit tests to be written for VMState code without
pulling dependencies from the savevm code.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
 2014-01-13 12:39:49 +01:00