From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, kwolf@redhat.com, jsnow@redhat.com,
berrange@redhat.com, mreitz@redhat.com
Subject: [Qemu-devel] [PATCH v4 0/8] off-by-one and NULL pointer accesses detected by static analysis
Date: Fri, 19 Oct 2018 21:38:58 +0100 [thread overview]
Message-ID: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com> (raw)
Below are a number of fixes to some off-by-one, read outside array bounds, and
NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait).
https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13
I have also included a patch to add a command-line option to configure to
select if AVX2 is used or not (keeping the existing behaviour by default).
My motivation was avoiding an issue with the static analysis tool but NetSpectre
was announced as I was working on this and I felt it may have more general uses.
v1 -> v2
Based on feedback from Eric Blake:
patch2: reworded commit message to clarify issue
patch6: Reverted common qlist routines and added assert to qlist_dump instead
patch7: Fixed incorrect logic
patch8: Added QEMU_BUILD_BUG_ON to catch future іnstance at compile-time
v2 -> v3
Based on feedback from Eric Blake:
patch6: removed double space from commit message
patch8: removed unnecessary comment and updated QEMU_BUILD_BUG_ON to use ARRAY_SIZE
Added Eric's R-b to patches 6,7,8
v3 -> v4
Based on feedback from Max Reitz:
patch2: Added R-b from John Snow
patch3: fixed blk_get_attached_dev_id() instead of checking return value
patch4: switched to assert()
patch5: numerous changes based on feedback from Max
patch6: updated commit message
patch7: (was patch8): Added Max's R-b
patch8: (new): patch fixing NULL pointer dereference in kvm_arch_init_vcpu()
I also dropped the 'io: potential unnecessary check in qio_channel_command_new_spawn()'
patch from v3 - it was correct but of no benefit to staic analysis checking
Liam Merwick (8):
configure: Provide option to explicitly disable AVX2
job: Fix off-by-one assert checks for JobSTT and JobVerbTable
block: Null pointer dereference in blk_root_get_parent_desc()
qemu-img: assert block_job_get() does not return NULL in img_commit()
block: Fix potential Null pointer dereferences in vvfat.c
block: dump_qlist() may dereference a Null pointer
qcow2: Read outside array bounds in qcow2_pre_write_overlap_check()
kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu()
block/block-backend.c | 6 +++++-
block/qapi.c | 2 ++
block/qcow2-refcount.c | 18 ++++++++++--------
block/vvfat.c | 33 ++++++++++++++++++++++++++++-----
configure | 11 +++++++++--
dtc | 2 +-
job.c | 4 ++--
qemu-img.c | 1 +
target/i386/kvm.c | 4 +++-
9 files changed, 61 insertions(+), 20 deletions(-)
--
1.8.3.1
next reply other threads:[~2018-10-19 20:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-19 20:38 Liam Merwick [this message]
2018-10-19 20:38 ` [Qemu-devel] [PATCH v4 1/8] configure: Provide option to explicitly disable AVX2 Liam Merwick
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 2/8] job: Fix off-by-one assert checks for JobSTT and JobVerbTable Liam Merwick
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 3/8] block: Null pointer dereference in blk_root_get_parent_desc() Liam Merwick
2018-11-04 23:57 ` Max Reitz
2018-11-05 21:38 ` Liam Merwick
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 4/8] qemu-img: assert block_job_get() does not return NULL in img_commit() Liam Merwick
2018-11-04 23:59 ` Max Reitz
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 5/8] block: Fix potential Null pointer dereferences in vvfat.c Liam Merwick
2018-11-05 0:19 ` Max Reitz
2018-11-05 21:38 ` Liam Merwick
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 6/8] block: dump_qlist() may dereference a Null pointer Liam Merwick
2018-11-05 0:07 ` Max Reitz
2018-11-05 21:38 ` Liam Merwick
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 7/8] qcow2: Read outside array bounds in qcow2_pre_write_overlap_check() Liam Merwick
2018-10-19 20:39 ` [Qemu-devel] [PATCH v4 8/8] kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu() Liam Merwick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com \
--to=liam.merwick@oracle.com \
--cc=berrange@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).