mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,460 Commits 50 Branches 394 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Roth 4b53c2c72c virtio: avoid buffer overrun on incoming migration 
CVE-2013-6399

vdev->queue_sel is read from the wire, and later used in the
emulation code as an index into vdev->vq[]. If the value of
vdev->queue_sel exceeds the length of vdev->vq[], currently
allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO
operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun
the buffer with arbitrary data originating from the source.

Fix this by failing migration if the value from the wire exceeds
VIRTIO_PCI_QUEUE_MAX.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
audio
backends
block
curl: Fix hang reading from slow connections
2014-04-30 16:34:21 +02:00
bsd-user
default-configs
usb: mtp filesharing
2014-04-23 10:28:14 +02:00
disas
docs
vga: add secondary stdvga variant
2014-05-01 16:02:45 +01:00
dtc @ bc895d6d09
fpu
softfloat: Introduce float32_to_uint64_round_to_zero
2014-04-08 11:20:00 +02:00
fsdev
virtfs-proxy-helper: fix call to accept
2014-04-28 08:55:32 +04:00
gdb-xml
hw
virtio: avoid buffer overrun on incoming migration
2014-05-05 22:15:02 +02:00
include
virtio-net: fix buffer overflow on invalid state load
2014-05-05 14:15:10 +02:00
libcacard
linux-headers
linux-headers update
2014-04-25 12:59:57 +02:00
linux-user
target-arm: Define exception record for AArch64 exceptions
2014-04-17 21:34:03 +01:00
net
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
pc-bios
Add QEMU logo (SVG file)
2014-04-28 08:55:31 +04:00
pixman @ 97336fad32
po
po: add proper Language: tags to .po files
2014-04-28 08:55:32 +04:00
qapi
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qga
qga: trivial fix for unclear documentation of guest-set-time
2014-04-18 10:33:36 +04:00
qobject
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qom
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
roms
pseries: Update SLOF firmware image to qemu-slof-20140404
2014-04-08 11:20:00 +02:00
scripts
scripts: add sample model file for Coverity Scan
2014-04-18 10:33:36 +04:00
slirp
slirp: Remove default_mon usage
2014-04-25 09:19:58 -04:00
stubs
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
2014-04-25 09:19:59 -04:00
sysconfigs/target
target-alpha
target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp
2014-04-17 11:47:42 -07:00
target-arm
target-arm: Correct a comment refering to EL0
2014-05-01 15:24:46 +01:00
target-cris
target-i386
target-i386: reorder fields in cpu/msr_hyperv_hypercall subsection
2014-04-05 10:49:05 +01:00
target-lm32
target-m68k
target-microblaze
target-mips
target-mips: Avoid shifting left into sign bit
2014-03-27 19:22:49 +04:00
target-moxie
target-openrisc
target-ppc
ppc: use kvm_vcpu_enable_cap()
2014-04-30 14:39:58 +02:00
target-s390x
s390x: use kvm_vcpu_enable_cap()
2014-04-30 14:39:49 +02:00
target-sh4
target-sparc
target-sparc: fix 32bit integer division overflow
2014-03-26 23:40:40 +00:00
target-unicore32
target-xtensa
tcg
tcg-sparc: Accept stores of zero
2014-04-28 11:06:35 -07:00
tests
Block patches
2014-05-02 10:50:58 +01:00
trace
osdep: initialize glib threads in all QEMU tools
2014-03-25 13:39:31 +01:00
ui
gtk: collection of fixes and cleanups by Cole Robinson
2014-05-01 14:17:33 +01:00
util
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
.exrc
.gitignore
gitignore: cleanups #2
2014-04-28 08:55:31 +04:00
.gitmodules
.mailmap
.travis.yml
aio-posix.c
aio-win32.c
arch_init.c
async.c
balloon.c
block-migration.c
block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap
2014-04-22 11:57:02 +02:00
block.c
block: Fix open_flags in bdrv_reopen()
2014-04-30 11:05:00 +02:00
blockdev-nbd.c
blockdev.c
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
2014-04-28 12:56:34 +01:00
blockjob.c
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
2014-04-25 09:19:59 -04:00
bt-host.c
bt-vhci.c
Changelog
CODING_STYLE
CODING_STYLE: Section about mixed declarations
2014-03-27 19:22:49 +04:00
configure
configure: Re-run make if gtkabi/sdlabi is changed
2014-04-29 10:46:30 +02:00
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c
cpu-exec: Unlock tb_lock if we longjmp out of code generation
2014-04-04 18:29:25 +01:00
cpus.c
misc: Use cpu_physical_memory_read and cpu_physical_memory_write
2014-04-27 13:04:18 +04:00
cputlb.c
device_tree.c
device-hotplug.c
disas.c
dma-helpers.c
dma-helpers: Initialize DMAAIOCB in_cancel flag
2014-04-04 19:36:39 +02:00
dump.c
exec.c
gdbstub.c
HACKING
hmp-commands.hx
HMP: support specifying dump format for dump-guest-memory
2014-04-25 11:18:33 -04:00
hmp.c
HMP: support specifying dump format for dump-guest-memory
2014-04-25 11:18:33 -04:00
hmp.h
monitor: Add device_add and device_del completion.
2014-04-25 09:37:12 -04:00
iohandler.c
ioport.c
iothread.c
iothread: make IOThread struct definition public
2014-04-04 20:48:02 +02:00
kvm-all.c
Revert "fix return check for KVM_GET_DIRTY_LOG ioctl"
2014-04-14 15:40:02 +01:00
kvm-stub.c
LICENSE
main-loop.c
MAINTAINERS
MAINTAINERS: Add qemu-img/io to block subsystem
2014-04-25 18:05:05 +02:00
Makefile
Makefile: add qga-vss-dll-obj-y to nested variables
2014-04-07 14:39:19 -05:00
Makefile.objs
Makefile.target
memory_mapping.c
memory.c
migration-exec.c
migration-fd.c
migration-rdma.c
migration-tcp.c
migration-unix.c
migration.c
migration: add more traces
2014-03-27 15:19:00 +05:30
module-common.c
monitor.c
monitor: fix qmp_getfd() fd leak in error case
2014-04-25 11:41:41 -04:00
nbd.c
os-posix.c
os-win32.c
page_cache.c
qapi-schema.json
block: Expose host_* drivers in blockdev-add
2014-04-25 18:05:06 +02:00
qdev-monitor.c
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c
qemu-coroutine-io.c
qemu-coroutine-lock.c
qemu-coroutine-sleep.c
qemu-coroutine.c
qemu-doc.texi
doc: grammify "allows to"
2014-04-18 10:33:36 +04:00
qemu-file.c
migration: add more traces
2014-03-27 15:19:00 +05:30
qemu-img-cmds.hx
qemu-img.c
block: Add '--version' option to qemu-img
2014-04-29 10:36:35 +02:00
qemu-img.texi
qemu-io-cmds.c
qemu-io.c
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
qemu-log.c
qemu-nbd.c
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
qemu-seccomp.c
seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
2014-04-25 14:52:03 -03:00
qemu-tech.texi
qemu-timer.c
qemu.nsi
qemu.sasl
qmp-commands.hx
virtio-net: add vlan receive state to RxFilterInfo
2014-03-26 12:49:10 +02:00
qmp.c
qmp: object-add: Validate class before creating object
2014-04-25 11:08:34 -04:00
qtest.c
README
rules.mak
savevm.c
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
spice-qemu-char.c
tcg-runtime.c
tci.c
tci: Mask shift counts to avoid undefined behavior
2014-04-18 16:57:36 -07:00
thread-pool.c
thunk.c
tpm.c
trace-events
s390x/kvm: rework KVM synchronize to tracing for some ONEREGS
2014-04-25 12:59:57 +02:00
translate-all.c
page_check_range: don't bail out early after unprotecting page
2014-04-04 18:16:03 +01:00
translate-all.h
user-exec.c
tcg-aarch64: Properly detect SIGSEGV writes
2014-04-16 12:12:32 -04:00
VERSION
Open 2.1 development tree
2014-04-17 20:39:32 +01:00
version.rc
vl.c
vl: avoid closing stdout with 'writeconfig'
2014-04-28 08:55:31 +04:00
vmstate.c
vmstate: fix buffer overflow in target-arm/machine.c
2014-05-05 22:15:02 +02:00
xbzrle.c
xbzrle.c: Avoid undefined behaviour with signed arithmetic
2014-04-18 10:33:36 +04:00
xen-all.c
xen-mapcache.c
xen-stub.c

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team
Description
No description provided
Readme 404 MiB
Languages
C 82.6%
C++ 6.5%
Python 3.4%
Dylan 2.9%
Shell 1.6%
Other 2.8%