[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 13665a: vfio: Fix overrun after readlink() fi
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 13665a: vfio: Fix overrun after readlink() fills buffer co... |
|
Date: |
Thu, 27 Feb 2014 04:00:04 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 13665a2d2f675341e73618fcd7f9d36b6c68b509
https://github.com/qemu/qemu/commit/13665a2d2f675341e73618fcd7f9d36b6c68b509
Author: Markus Armbruster <address@hidden>
Date: 2014-02-26 (Wed, 26 Feb 2014)
Changed paths:
M hw/misc/vfio.c
Log Message:
-----------
vfio: Fix overrun after readlink() fills buffer completely
readlink() returns the number of bytes written to the buffer, and it
doesn't write a terminating null byte. vfio_init() writes it itself.
Overruns the buffer when readlink() filled it completely.
Fix by treating readlink() filling the buffer completely as error,
like we do in pci-assign.c's assign_failed_examine().
Spotted by Coverity.
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>
Commit: 82d07945652f16078b172d2bd46659e8f5f30d8e
https://github.com/qemu/qemu/commit/82d07945652f16078b172d2bd46659e8f5f30d8e
Author: Markus Armbruster <address@hidden>
Date: 2014-02-26 (Wed, 26 Feb 2014)
Changed paths:
M hw/i386/kvm/pci-assign.c
Log Message:
-----------
pci-assign: Fix potential read beyond buffer on -EBUSY
readlink() doesn't write a terminating null byte.
assign_failed_examine() passes the unterminated string to strrchr().
Oops. Terminate it.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>
Commit: 52aa17cbd800b9e71b67cf7f80c3498183d34ec8
https://github.com/qemu/qemu/commit/52aa17cbd800b9e71b67cf7f80c3498183d34ec8
Author: Bandan Das <address@hidden>
Date: 2014-02-26 (Wed, 26 Feb 2014)
Changed paths:
M qdev-monitor.c
Log Message:
-----------
qdev-monitor: set DeviceState opts before calling realize
Setting opts before the realize property is set allows the
following patch to make decisions based on whether the user
specified "rombar". This also avoids having to create a new
tristate property especially for this purpose
Reviewed-by: Andreas Färber <address@hidden>
Signed-off-by: Bandan Das <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>
Commit: 4b9430294ed406a00f045d825ada146aecf32309
https://github.com/qemu/qemu/commit/4b9430294ed406a00f045d825ada146aecf32309
Author: Bandan Das <address@hidden>
Date: 2014-02-26 (Wed, 26 Feb 2014)
Changed paths:
M hw/misc/vfio.c
Log Message:
-----------
vfio: blacklist loading of unstable roms
Certain cards such as the Broadcom BCM57810 have rom quirks
that exhibit unstable system behavior duing device assignment. In
the particular case of 57810, rom execution hangs and if a FLR
follows, the device becomes inoperable until a power cycle. This
change blacklists loading of rom for such cards unless the user
specifies a romfile or rombar=1 on the cmd line
Signed-off-by: Bandan Das <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>
Commit: 73795cea968ba2e9342a3122cd66d52d13d46a61
https://github.com/qemu/qemu/commit/73795cea968ba2e9342a3122cd66d52d13d46a61
Author: Peter Maydell <address@hidden>
Date: 2014-02-27 (Thu, 27 Feb 2014)
Changed paths:
M hw/i386/kvm/pci-assign.c
M hw/misc/vfio.c
M qdev-monitor.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0' into staging
Updates include:
- Coverify fixes for vfio & pci-assign (Markus)
- VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)
# gpg: Signature made Wed 26 Feb 2014 18:15:28 GMT using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found
* remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0:
vfio: blacklist loading of unstable roms
qdev-monitor: set DeviceState opts before calling realize
pci-assign: Fix potential read beyond buffer on -EBUSY
vfio: Fix overrun after readlink() fills buffer completely
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/2ce5868ca145...73795cea968b
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 13665a: vfio: Fix overrun after readlink() fills buffer co...,
GitHub <=