Go to file
Marc-André Lureau 24ec2863b1 spapr: fix buffer-overflow
Running postcopy-test with ASAN produces the following error:

QTEST_QEMU_BINARY=ppc64-softmmu/qemu-system-ppc64  tests/postcopy-test
...
=================================================================
==23641==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f1556600000 at pc 0x55b8e9d28208 bp 0x7f1555f4d3c0 sp 0x7f1555f4d3b0
READ of size 8 at 0x7f1556600000 thread T6
    #0 0x55b8e9d28207 in htab_save_first_pass /home/elmarco/src/qq/hw/ppc/spapr.c:1528
    #1 0x55b8e9d2939c in htab_save_iterate /home/elmarco/src/qq/hw/ppc/spapr.c:1665
    #2 0x55b8e9beae3a in qemu_savevm_state_iterate /home/elmarco/src/qq/migration/savevm.c:1044
    #3 0x55b8ea677733 in migration_thread /home/elmarco/src/qq/migration/migration.c:1976
    #4 0x7f15845f46c9 in start_thread (/lib64/libpthread.so.0+0x76c9)
    #5 0x7f157d9d0f7e in clone (/lib64/libc.so.6+0x107f7e)

0x7f1556600000 is located 0 bytes to the right of 2097152-byte region [0x7f1556400000,0x7f1556600000)
allocated by thread T0 here:
    #0 0x7f159bb76980 in posix_memalign (/lib64/libasan.so.3+0xc7980)
    #1 0x55b8eab185b2 in qemu_try_memalign /home/elmarco/src/qq/util/oslib-posix.c:106
    #2 0x55b8eab186c8 in qemu_memalign /home/elmarco/src/qq/util/oslib-posix.c:122
    #3 0x55b8e9d268a8 in spapr_reallocate_hpt /home/elmarco/src/qq/hw/ppc/spapr.c:1214
    #4 0x55b8e9d26e04 in ppc_spapr_reset /home/elmarco/src/qq/hw/ppc/spapr.c:1261
    #5 0x55b8ea12e913 in qemu_system_reset /home/elmarco/src/qq/vl.c:1697
    #6 0x55b8ea13fa40 in main /home/elmarco/src/qq/vl.c:4679
    #7 0x7f157d8e9400 in __libc_start_main (/lib64/libc.so.6+0x20400)

Thread T6 created by T0 here:
    #0 0x7f159bae0488 in __interceptor_pthread_create (/lib64/libasan.so.3+0x31488)
    #1 0x55b8eab1d9cb in qemu_thread_create /home/elmarco/src/qq/util/qemu-thread-posix.c:465
    #2 0x55b8ea67874c in migrate_fd_connect /home/elmarco/src/qq/migration/migration.c:2096
    #3 0x55b8ea66cbb0 in migration_channel_connect /home/elmarco/src/qq/migration/migration.c:500
    #4 0x55b8ea678f38 in socket_outgoing_migration /home/elmarco/src/qq/migration/socket.c:87
    #5 0x55b8eaa5a03a in qio_task_complete /home/elmarco/src/qq/io/task.c:142
    #6 0x55b8eaa599cc in gio_task_thread_result /home/elmarco/src/qq/io/task.c:88
    #7 0x7f15823e38e6  (/lib64/libglib-2.0.so.0+0x468e6)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/elmarco/src/qq/hw/ppc/spapr.c:1528 in htab_save_first_pass

index seems to be wrongly incremented, unless I miss something that
would be worth a comment.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-03-29 11:35:02 +11:00
audio audio/sdlaudio: Allow audio playback with SDL2 2017-03-01 15:12:03 +01:00
backends cryptodev fixes 2017-03-23 13:43:32 +00:00
block rbd: Fix bugs around -drive parameter "server" 2017-03-28 10:01:21 -04:00
bsd-user bsd-user: align use of mmap_lock to that of linux-user 2017-03-28 10:50:40 +01:00
chardev char: remove the right fd been watched in qemu_chr_fe_set_handlers() 2017-03-06 11:46:02 +08:00
contrib contrib: add libvhost-user 2016-12-16 01:14:38 +02:00
crypto crypto: assert cipher algorithm is always valid 2017-02-27 13:37:14 +00:00
default-configs ACPI: Add Virtual Machine Generation ID support 2017-03-02 07:14:27 +02:00
disas disas/microblaze: Remove unused REG_PC define 2017-03-24 10:12:23 +00:00
docs trace: fix tcg tracing build breakage 2017-03-28 11:07:46 +01:00
dtc@558cd81bdd dtc: Revert unintentional submodule downgrade from commit c2cabb3422 2017-03-16 14:11:15 +00:00
fpu softfloat: Use correct type in float64_to_uint64_round_to_zero() 2017-02-28 09:03:38 +03:00
fsdev throttle: factor out duplicate code 2017-02-28 10:31:46 +01:00
gdb-xml
hw spapr: fix buffer-overflow 2017-03-29 11:35:02 +11:00
include * MTTCG fix for win32 2017-03-27 17:34:50 +01:00
io io: fully parse & validate HTTP headers for websocket protocol handshake 2017-02-28 11:51:16 +00:00
libdecnumber
linux-headers update Linux headers to 4.11 2017-02-28 16:18:49 +00:00
linux-user target-arm queue: 2017-02-28 14:50:17 +00:00
migration postcopy: Check for shared memory 2017-03-16 09:02:26 +01:00
nbd nbd-client: fix handling of hungup connections 2017-03-27 16:50:36 +02:00
net COLO-compare: Fix trace_event print bug 2017-03-14 15:39:55 +08:00
pc-bios Update OpenBIOS images to f233c3f built from submodule. 2017-03-15 19:42:08 +00:00
pixman@87eea99e44
po po: add missing translations in de, fr, it, zh 2016-12-14 18:47:19 +00:00
qapi -----BEGIN PGP SIGNATURE----- 2017-03-28 15:56:05 +01:00
qga qemu-ga: obey LISTEN_PID when using systemd socket activation 2017-03-19 11:12:12 +01:00
qobject qobject: Propagate parse errors through qobject_from_json() 2017-03-07 16:07:47 +01:00
qom qom: Fix regression with 'qom-type' 2017-03-23 17:59:40 +00:00
replay replay/replay.c: bump REPLAY_VERSION 2017-03-28 10:52:50 +01:00
roms Update OpenBIOS images to f233c3f built from submodule. 2017-03-15 19:42:08 +00:00
scripts trace: fix tcg tracing build breakage 2017-03-28 11:07:46 +01:00
slirp slirp: tcp_listen(): Don't try to close() an fd we never opened 2017-02-26 15:39:29 +01:00
stubs cpus: define QEMUTimerListNotifyCB for QEMU system emulation 2017-03-14 13:28:29 +01:00
target tcg/i386: Check the size of instruction being translated 2017-03-24 11:49:38 +01:00
tcg Merge branch 'icount-update' into HEAD 2017-03-03 16:39:18 +01:00
tests block: Declare blockdev-add and blockdev-del supported 2017-03-28 15:23:23 +02:00
trace trace: fix tcg tracing build breakage 2017-03-28 11:07:46 +01:00
ui MTTCG regression fixes for rc2 2017-03-28 12:34:23 +01:00
util sockets: Fix socket_address_to_string() hostname truncation 2017-03-28 18:50:38 +02:00
.dir-locals.el
.exrc
.gitignore qapi: Clean up build of generated documentation 2017-03-16 07:13:02 +01:00
.gitmodules ppc: add skiboot firmware for the pnv platform 2016-10-28 09:36:58 +11:00
.mailmap
.shippable.yml .shippable: add s390x-cross target 2017-02-28 20:31:01 +08:00
.travis.yml .travis.yml: split VM based builds 2017-02-10 13:19:56 +00:00
accel.c clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
arch_init.c nios2: Add support for Nios-II R1 2017-01-24 13:10:36 -08:00
atomic_template.h tcg: Add atomic128 helpers 2016-10-26 08:29:01 -07:00
balloon.c trace: switch to modular code generation for sub-directories 2017-01-31 17:11:18 +00:00
block.c block: quiesce AioContext when detaching from it 2017-03-17 12:58:42 +01:00
blockdev-nbd.c trace: switch to modular code generation for sub-directories 2017-01-31 17:11:18 +00:00
blockdev.c block: Declare blockdev-add and blockdev-del supported 2017-03-28 15:23:23 +02:00
blockjob.c blockjob: add devops to blockjob backends 2017-03-22 13:26:27 -04:00
bootdevice.c error: Remove NULL checks on error_propagate() calls 2016-06-20 16:38:13 +02:00
bt-host.c
bt-vhci.c
Changelog
CODING_STYLE CODING_STYLE: Mention preferred comment form 2017-02-28 09:03:38 +03:00
configure configure: Fix cut-n-paste errors in OS deprecation warning 2017-03-23 17:57:49 +00:00
COPYING
COPYING.LIB
cpu-exec-common.c ui/console: ensure do_safe_dpy_refresh holds BQL 2017-03-28 10:52:24 +01:00
cpu-exec.c qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h 2017-03-14 13:28:18 +01:00
cpus-common.c *_run_on_cpu: introduce run_on_cpu_data type 2016-10-31 15:00:25 +01:00
cpus.c tcg: Add a new line after incompatibility warning 2017-03-28 10:52:50 +01:00
cputlb.c cputlb: Don't assume do_unassigned_access() never returns 2017-02-28 12:08:15 +00:00
device_tree.c
device-hotplug.c
disas.c Fix Thumb-1 BE32 execution and disassembly. 2017-02-07 18:29:59 +00:00
dma-helpers.c block: explicitly acquire aiocontext in bottom halves that need it 2017-02-21 11:39:39 +00:00
dump.c error: Remove NULL checks on error_propagate() calls 2016-06-20 16:38:13 +02:00
exec.c RAMBlocks: qemu_ram_is_shared 2017-03-16 09:00:58 +01:00
gdbstub.c gdbstub: Fix vCont behaviour 2017-02-16 14:06:56 +01:00
HACKING HACKING: document #include order 2017-01-03 16:38:47 +00:00
hax-stub.c Plumb the HAXM-based hardware acceleration support 2017-01-19 22:07:46 +01:00
hmp-commands-info.hx qmp/hmp: add query-vm-generation-id and 'info vm-generation-id' commands 2017-03-02 07:14:27 +02:00
hmp-commands.hx COLO: Add 'x-colo-lost-heartbeat' command to trigger failover 2016-10-30 15:17:39 +05:30
hmp.c Bugfix: Handle error if VM Generation ID device not present 2017-03-15 19:37:19 +02:00
hmp.h qmp/hmp: add query-vm-generation-id and 'info vm-generation-id' commands 2017-03-02 07:14:27 +02:00
ioport.c trace: switch to modular code generation for sub-directories 2017-01-31 17:11:18 +00:00
iothread.c monitor: add poll-* properties into query-iothreads result 2017-02-21 18:29:01 +00:00
kvm-all.c qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h 2017-03-14 13:28:18 +01:00
kvm-stub.c KVM: move SIG_IPI handling to kvm-all.c 2017-03-03 16:40:02 +01:00
LICENSE
MAINTAINERS MAINTAINERS: Add myself for files I touched recently 2017-03-21 10:42:12 +01:00
Makefile qapi: Drop excessive Make dependencies on qapi2texi.py 2017-03-21 10:42:15 +01:00
Makefile.objs target-mips: replace few LOG_DISAS() with trace points 2017-03-20 11:06:32 +00:00
Makefile.target makefile: merge GENERATED_HEADERS & GENERATED_SOURCES variables 2017-03-16 11:51:15 +08:00
memory_ldst.inc.c exec: introduce memory_ldst.inc.c 2016-12-22 16:00:23 +01:00
memory_mapping.c memory: Replace skip_dump flag with "ram_device" 2016-10-31 09:53:03 -06:00
memory.c clear pending status before calling memory commit 2017-03-24 11:48:48 +01:00
module-common.c
monitor.c qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h 2017-03-14 13:28:18 +01:00
numa.c numa,spapr: align default numa node memory size to 256MB 2017-03-22 11:32:42 +11:00
os-posix.c use g_path_get_dirname instead of dirname 2016-07-17 09:59:21 +02:00
os-win32.c
page_cache.c coccinelle: Remove unnecessary variables for function return value 2016-06-20 16:38:13 +02:00
qapi-schema.json rbd: Reject -blockdev server.*.{numeric, to, ipv4, ipv6} 2017-03-28 09:53:16 -04:00
qdev-monitor.c migrate: Introduce a 'dc->vmsd' check to avoid segfault for --only-migratable 2017-02-28 11:30:22 +00:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-doc.texi nios2 target support 2017-01-25 13:30:23 +00:00
qemu-ga.texi qemu-ga: Remove stray 'q' in documentation 2016-10-28 18:17:23 +03:00
qemu-img-cmds.hx qemu-img: make convert async 2017-02-28 20:40:31 +01:00
qemu-img.c qemu-img: print short help on getopt failure 2017-03-27 16:50:36 +02:00
qemu-img.texi qemu-img: make convert async 2017-02-28 20:40:31 +01:00
qemu-io-cmds.c hmp: Request permissions in qemu-io 2017-02-28 20:47:50 +01:00
qemu-io.c qemu-io: Return non-zero exit code on failure 2017-02-12 00:47:42 +01:00
qemu-nbd.c qemu-ga: obey LISTEN_PID when using systemd socket activation 2017-03-19 11:12:12 +01:00
qemu-nbd.texi nbd: Add qemu-nbd -D for human-readable description 2016-11-02 09:28:55 +01:00
qemu-option-trace.texi docs: update manpage for stderr->log rename 2017-02-13 13:38:31 +00:00
qemu-options-wrapper.h hxtool: emit Texinfo headings as @subsection 2017-01-16 17:52:35 +01:00
qemu-options.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
qemu-options.hx docs: Add a note about mixing bootindex with "-boot order" 2017-03-14 13:26:36 +01:00
qemu-seccomp.c seccomp: adding getrusage to the whitelist 2016-09-21 11:26:02 +02:00
qemu-tech.texi qemu-doc: merge qemu-tech and qemu-doc 2016-10-07 10:05:54 +02:00
qemu.nsi qemu-doc: merge qemu-tech and qemu-doc 2016-10-07 10:05:54 +02:00
qemu.sasl
qmp.c qapi: Drop unused non-strict qobject input visitor 2017-03-05 09:14:19 +01:00
qtest.c qtest: fix a memory leak 2017-03-01 00:09:28 +04:00
README README: Add linux to macOS build info 2017-01-24 23:26:52 +03:00
replication.c replication: Introduce new APIs to do replication operation 2016-09-13 11:00:56 +01:00
replication.h replication: Introduce new APIs to do replication operation 2016-09-13 11:00:56 +01:00
rules.mak qapi: Clean up build of generated documentation 2017-03-16 07:13:02 +01:00
softmmu_template.h cputlb: Tidy some macros 2016-10-26 08:29:00 -07:00
spice-qemu-char.c spice-char: fix segfault in char_spice_finalize 2017-03-03 16:40:03 +01:00
tcg-runtime.c tcg: Add opcode for ctpop 2017-01-10 08:48:56 -08:00
tci.c tcg/tci: Add support for fence 2016-09-16 08:12:12 -07:00
thunk.c thunk: Rename args and fields in host-target bitmask conversion code 2016-06-07 18:19:24 +03:00
tpm.c
trace-events qmp: Drop duplicated QMP command object checks 2017-03-05 09:14:19 +01:00
translate-all.c qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h 2017-03-14 13:28:18 +01:00
translate-all.h trace: Add per-vCPU tracing states for events with the 'vcpu' property 2016-07-18 18:23:12 +01:00
translate-common.c Merge branch 'icount-update' into HEAD 2017-03-03 16:39:18 +01:00
user-exec-stub.c stubs: group stubs for user-mode emulation 2017-01-16 17:52:35 +01:00
user-exec.c user-exec: handle synchronous signals from QEMU gracefully 2017-03-28 10:50:35 +01:00
VERSION Update version for v2.9.0-rc2 release 2017-03-28 19:11:16 +01:00
version.rc
vl.c main-loop: remove now unnecessary optimization 2017-03-14 13:29:21 +01:00
xen-common-stub.c char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
xen-common.c char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
xen-hvm-stub.c
xen-hvm.c trace: switch to modular code generation for sub-directories 2017-01-31 17:11:18 +00:00
xen-mapcache.c trace: switch to modular code generation for sub-directories 2017-01-31 17:11:18 +00:00

         QEMU README
         ===========

QEMU is a generic and open source machine & userspace emulator and
virtualizer.

QEMU is capable of emulating a complete machine in software without any
need for hardware virtualization support. By using dynamic translation,
it achieves very good performance. QEMU can also integrate with the Xen
and KVM hypervisors to provide emulated hardware while allowing the
hypervisor to manage the CPU. With hypervisor support, QEMU can achieve
near native performance for CPUs. When QEMU emulates CPUs directly it is
capable of running operating systems made for one machine (e.g. an ARMv7
board) on a different machine (e.g. an x86_64 PC board).

QEMU is also capable of providing userspace API virtualization for Linux
and BSD kernel interfaces. This allows binaries compiled against one
architecture ABI (e.g. the Linux PPC64 ABI) to be run on a host using a
different architecture ABI (e.g. the Linux x86_64 ABI). This does not
involve any hardware emulation, simply CPU and syscall emulation.

QEMU aims to fit into a variety of use cases. It can be invoked directly
by users wishing to have full control over its behaviour and settings.
It also aims to facilitate integration into higher level management
layers, by providing a stable command line interface and monitor API.
It is commonly invoked indirectly via the libvirt library when using
open source applications such as oVirt, OpenStack and virt-manager.

QEMU as a whole is released under the GNU General Public License,
version 2. For full licensing details, consult the LICENSE file.


Building
========

QEMU is multi-platform software intended to be buildable on all modern
Linux platforms, OS-X, Win32 (via the Mingw64 toolchain) and a variety
of other UNIX targets. The simple steps to build QEMU are:

  mkdir build
  cd build
  ../configure
  make

Additional information can also be found online via the QEMU website:

  http://qemu-project.org/Hosts/Linux
  http://qemu-project.org/Hosts/Mac
  http://qemu-project.org/Hosts/W32


Submitting patches
==================

The QEMU source code is maintained under the GIT version control system.

   git clone git://git.qemu-project.org/qemu.git

When submitting patches, the preferred approach is to use 'git
format-patch' and/or 'git send-email' to format & send the mail to the
qemu-devel@nongnu.org mailing list. All patches submitted must contain
a 'Signed-off-by' line from the author. Patches should follow the
guidelines set out in the HACKING and CODING_STYLE files.

Additional information on submitting patches can be found online via
the QEMU website

  http://qemu-project.org/Contribute/SubmitAPatch
  http://qemu-project.org/Contribute/TrivialPatches


Bug reporting
=============

The QEMU project uses Launchpad as its primary upstream bug tracker. Bugs
found when running code built from QEMU git or upstream released sources
should be reported via:

  https://bugs.launchpad.net/qemu/

If using QEMU via an operating system vendor pre-built binary package, it
is preferable to report bugs to the vendor's own bug tracker first. If
the bug is also known to affect latest upstream code, it can also be
reported via launchpad.

For additional information on bug reporting consult:

  http://qemu-project.org/Contribute/ReportABug


Contact
=======

The QEMU community can be contacted in a number of ways, with the two
main methods being email and IRC

 - qemu-devel@nongnu.org
   http://lists.nongnu.org/mailman/listinfo/qemu-devel
 - #qemu on irc.oftc.net

Information on additional methods of contacting the community can be
found online via the QEMU website:

  http://qemu-project.org/Contribute/StartHere

-- End