qemu/tests
Paolo Bonzini 87ad860c62 nvme: fix out-of-bounds access to the CMB
Because the CMB BAR has a min_access_size of 2, if you read the last
byte it will try to memcpy *2* bytes from n->cmbuf, causing an off-by-one
error.  This is CVE-2018-16847.

Another way to fix this might be to register the CMB as a RAM memory
region, which would also be more efficient.  However, that might be a
change for big-endian machines; I didn't think this through and I don't
know how real hardware works.  Add a basic testcase for the CMB in case
somebody does this change later on.

Cc: Keith Busch <keith.busch@intel.com>
Cc: qemu-block@nongnu.org
Reported-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Tested-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-11-22 16:43:52 +01:00
..
acceptance Acceptance tests: add Linux kernel boot and console checking test 2018-06-15 16:10:11 -03:00
data bios-tables-test: prepare expected files for mmio64 2018-11-05 13:24:02 -05:00
decode scripts: Add decodetree.py 2018-02-22 15:44:07 -08:00
docker docker: use HTTPS git URL for virglrenderer 2018-11-12 11:26:02 +00:00
fp tests/fp/fp-test: add floating point tests 2018-10-05 12:57:41 -05:00
guest-debug tests/guest-debug: fix scoping of failcount 2018-11-13 10:47:59 +00:00
image-fuzzer python: futurize -f lib2to3.fixes.fix_renames 2018-06-08 14:39:24 -03:00
keys
libqos tests/libqos: Utilize newer glib spawn check 2018-08-31 09:53:09 +02:00
migration migration-test: Only generate a single target architecture 2018-10-11 19:58:26 +01:00
multiboot tests/multiboot: Add .gitignore 2018-03-21 15:13:40 +01:00
qapi-schema tests: add a qmp success-response test 2018-08-31 09:53:10 +02:00
qemu-iotests iotests: fix nbd test 233 to work correctly with raw images 2018-11-22 16:43:52 +01:00
rocker
tcg tests/tcg/multiarch: fix 32bit linux-test on 64bit host 2018-11-14 11:07:06 +00:00
vm tests/vm: Do not abuse parallelism when HOST != TARGET architecture 2018-10-26 22:03:21 +08:00
vmstate-static-checker-data
.gitignore tests/.gitignore: don't ignore docker tests 2018-07-24 11:45:25 +01:00
ac97-test.c
acpi-utils.c
acpi-utils.h
ahci-test.c Testing patches for 2018-08-16 2018-08-16 09:50:54 +01:00
atomic64-bench.c tests: add atomic64-bench 2018-10-02 18:47:55 +02:00
atomic_add-bench.c tests/atomic_add-bench: add -p to enable sync profiler 2018-08-23 18:46:25 +02:00
benchmark-crypto-cipher.c crypto: expand algorithm coverage for cipher benchmark 2018-10-24 19:03:37 +01:00
benchmark-crypto-hash.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
benchmark-crypto-hmac.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
bios-tables-test.c tests/bios-tables-test: add 64-bit PCI MMIO aperture round-up test on Q35 2018-11-05 13:24:02 -05:00
boot-order-test.c fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
boot-sector.c tests/boot-sector: Add magic bytes to s390x boot code header 2018-06-08 13:17:39 -04:00
boot-sector.h tests/boot-sector: Drop dependence on global_qtest 2018-02-14 11:43:41 +01:00
boot-serial-test.c tests/boot-serial-test: Add microbit board testcase 2018-11-02 14:03:33 +00:00
cdrom-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
check-block-qdict.c tests: fix crumple/recursive leak 2018-08-15 08:12:19 +02:00
check-block.sh qemu-iotests: convert pwd and $(pwd) to $PWD 2018-11-19 10:08:19 -06:00
check-qdict.c tests: Restore check-qdict unit test 2018-10-10 08:00:00 +02:00
check-qjson.c tests/check-qjson: fix a leak 2018-10-09 13:44:12 +02:00
check-qlist.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qlit.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnull.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnum.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qobject.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
check-qom-interface.c
check-qom-proplist.c tests/qom-proplist: check class properties iterator 2018-10-05 16:27:09 +04:00
check-qstring.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
cpu-plug-test.c vl.c deprecate incorrect CPUs topology 2018-10-24 06:44:59 -03:00
crypto-tls-psk-helpers.c crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-psk-helpers.h crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-x509-helpers.c tests: call qcrypto_init instead of gnutls_global_init 2018-07-24 17:33:39 +01:00
crypto-tls-x509-helpers.h crypto: require gnutls >= 3.1.18 for building QEMU 2018-10-19 12:26:57 +01:00
device-introspect-test.c tests/device-introspect: Test with all machines, not only with "none" 2018-08-23 18:46:25 +02:00
display-vga-test.c
drive_del-test.c tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
ds1338-test.c libqos: Use explicit QTestState for i2c operations 2018-02-14 11:43:41 +01:00
e1000-test.c
e1000e-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
eepro100-test.c
endianness-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
es1370-test.c
fdc-test.c libqtest: Remove qtest_qmp_discard_response() & friends 2018-08-16 08:42:06 +02:00
fw_cfg-test.c fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
hd-geo-test.c block: Remove deprecated -drive geometry options 2018-08-15 12:50:39 +02:00
hexloader-test.c tests: Move tests/hex-loader-check-data/ to tests/data/hex-loader/ 2018-11-05 13:23:46 -05:00
i440fx-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
i82801b11-test.c
ide-test.c tests/ide: Free pcibus when finishing a test 2018-11-19 21:59:44 +01:00
intel-hda-test.c
io-channel-helpers.c
io-channel-helpers.h
ioh3420-test.c
iothread.c
iothread.h
ipmi-bt-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
ipmi-kcs-test.c
ipoctal232-test.c
ivshmem-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
libqtest.c qtest: log QEMU command line 2018-11-20 10:49:12 +01:00
libqtest.h tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
m25p80-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
m48t59-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
machine-none-test.c ppc: Remove deprecated ppcemb target 2018-08-28 11:31:23 +10:00
Makefile.include nvme: fix out-of-bounds access to the CMB 2018-11-22 16:43:52 +01:00
megasas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
migration-test.c tests/migration-test: Disable s390x test when running with TCG 2018-10-24 07:27:25 +01:00
ne2000-test.c
numa-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
nvme-test.c nvme: fix out-of-bounds access to the CMB 2018-11-22 16:43:52 +01:00
pca9552-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
pcnet-test.c
pkix_asn1_tab.c
pnv-xscom-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
prom-env-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
ptimer-test-stubs.c qemu-timer: introduce timer attributes 2018-10-19 13:44:03 +02:00
ptimer-test.c ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option 2018-07-09 14:51:34 +01:00
ptimer-test.h
pvpanic-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
pxe-test.c tests/boot-sector: Drop dependence on global_qtest 2018-02-14 11:43:41 +01:00
q35-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qemu-iotests-quick.sh
qht-bench.c qht-bench: add -p flag to precompute hash values 2018-09-26 08:55:54 -07:00
qmp-cmd-test.c tests: add qmp/object-add-without-props test 2018-08-31 09:53:10 +02:00
qmp-test.c tests: add qmp/missing-any-arg test 2018-11-19 21:56:36 +01:00
qom-test.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
rcutorture.c rcutorture: remove synchronize_rcu from readers 2018-03-12 16:12:47 +01:00
requirements.txt Acceptance tests: add make rule for running them 2018-10-30 21:13:54 -03:00
rtas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
rtc-test.c
rtl8139-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
sdhci-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
socket-helpers.c sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
socket-helpers.h sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
spapr-phb-test.c
tco-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-aio-multithread.c
test-aio.c coroutine: add test-aio coroutine queue chaining test case 2018-03-27 13:05:28 +01:00
test-arm-mptimer.c
test-base64.c
test-bdrv-drain.c tests/test-bdrv-drain: Fix too late qemu_event_reset() 2018-10-01 19:13:55 +02:00
test-bitcnt.c
test-bitops.c
test-block-backend.c block: test blk_aio_flush() with blk->root == NULL 2018-03-02 18:39:07 +01:00
test-blockjob-txn.c tests/test-blockjob-txn: move .exit to .clean 2018-09-25 15:31:15 +02:00
test-blockjob.c test-blockjob: Acquire AioContext around job_cancel_sync() 2018-09-25 15:50:15 +02:00
test-bufferiszero.c
test-char.c tests/test-char: Check websocket chardev functionality 2018-11-01 12:13:09 +04:00
test-clone-visitor.c
test-coroutine.c
test-crypto-afsplit.c
test-crypto-block.c crypto: require nettle >= 2.7.1 for building QEMU 2018-10-19 14:41:47 +01:00
test-crypto-cipher.c
test-crypto-hash.c
test-crypto-hmac.c
test-crypto-ivgen.c
test-crypto-pbkdf.c
test-crypto-secret.c
test-crypto-tlscredsx509.c crypto: require gnutls >= 3.1.18 for building QEMU 2018-10-19 12:26:57 +01:00
test-crypto-tlssession.c tests: fix TLS handshake failure with TLS 1.3 2018-07-24 17:36:12 +01:00
test-crypto-xts.c crypto: add testing for unaligned buffers with XTS cipher mode 2018-10-24 19:03:37 +01:00
test-cutils.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-filter-mirror.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-filter-redirector.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-hbitmap.c test-hbitmap: Add non-advancing iter_next tests 2018-06-18 17:04:56 +02:00
test-hmp.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
test-image-locking.c tests: Add unit tests for image locking 2018-11-12 17:46:57 +01:00
test-int128.c
test-io-channel-buffer.c
test-io-channel-command.c
test-io-channel-file.c io: Fix QIOChannelFile when creating and opening read-write 2018-02-15 16:54:57 +00:00
test-io-channel-socket.c sockets: pull code for testing IP availability out of specific test 2018-03-13 18:06:06 +00:00
test-io-channel-tls.c tests: use error_abort in places expecting errors 2018-07-24 17:35:57 +01:00
test-io-task.c qio: non-default context for threaded qtask 2018-03-06 10:19:05 +00:00
test-iov.c
test-keyval.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-logging.c
test-mul64.c
test-netfilter.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-opts-visitor.c
test-qapi-util.c
test-qdev-global-props.c
test-qdist.c
test-qemu-opts.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-qga.c tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
test-qht-par.c
test-qht.c qht: drop ht argument from qht iterators 2018-09-26 08:55:54 -07:00
test-qmp-cmds.c tests: add a qmp success-response test 2018-08-31 09:53:10 +02:00
test-qmp-event.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
test-qobject-input-visitor.c test-qobject-input-visitor: Avoid format string ambiguity 2018-08-16 08:42:06 +02:00
test-qobject-output-visitor.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-rcu-list.c test-rcu-list: access n_reclaims and n_nodes_removed with atomic64 2018-10-02 18:47:55 +02:00
test-rcu-simpleq.c tests: add test-list-simpleq 2018-08-23 18:46:25 +02:00
test-rcu-tailq.c tests: add test-rcu-tailq 2018-08-23 18:46:25 +02:00
test-replication.c test-replication: Lock AioContext around blk_unref() 2018-10-01 19:13:55 +02:00
test-shift128.c
test-string-input-visitor.c
test-string-output-visitor.c tests/qapi: use ARRAY_SIZE macro 2018-02-10 10:45:14 +03:00
test-thread-pool.c Remove unnecessary variables for function return value 2018-05-20 08:48:13 +03:00
test-throttle.c
test-timed-average.c
test-util-sockets.c monitor: Fix unsafe sharing of @cur_mon among threads 2018-07-23 14:00:03 +02:00
test-uuid.c
test-visitor-serialization.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-vmstate.c tests: don't silence error reporting for all tests 2018-07-24 17:35:23 +01:00
test-write-threshold.c
test-x86-cpuid-compat.c build-sys: remove glib_subprocess check 2018-08-23 18:46:25 +02:00
test-x86-cpuid.c
test-xbzrle.c
tmp105-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
tpci200-test.c
tpm-crb-swtpm-test.c test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-crb-test.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-emu.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-emu.h tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-tests.c tests: tpm: Use g_test_message rather than fprintf 2018-11-14 16:12:24 -05:00
tpm-tests.h test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-tis-swtpm-test.c test: Add swtpm migration test for the TPM TIS interface 2018-06-06 15:44:12 -04:00
tpm-tis-test.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-util.c tests/tpm: Display if swtpm is not found or --tpm2 not supported 2018-10-30 13:53:15 -04:00
tpm-util.h tests/tpm: Display if swtpm is not found or --tpm2 not supported 2018-10-30 13:53:15 -04:00
usb-hcd-ehci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-ohci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-uhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-xhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
vhost-user-bridge.c vhost-user-bridge: support host notifier 2018-05-24 21:14:11 +03:00
vhost-user-test.c hostmem-memfd: add checks before adding hostmem-memfd & properties 2018-10-02 18:47:55 +02:00
virtio-9p-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
virtio-balloon-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-blk-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-ccw-test.c tests: virtio: separate ccw tests from libqos 2018-08-23 13:32:50 +02:00
virtio-console-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-net-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-rng-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-scsi-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-serial-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
vmgenid-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
vmxnet3-test.c
wdt_ib700-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00