1. 30 May, 2014 2 commits
  2. 28 May, 2014 3 commits
  3. 22 Apr, 2014 1 commit
    • Kevin Wolf's avatar
      block: Add errp to bdrv_new() · 98522f63
      Kevin Wolf authored
      
      
      This patch adds an errp parameter to bdrv_new() and updates all its
      callers. The next patches will make use of this in order to check for
      duplicate IDs. Most of the callers know that their ID is fine, so they
      can simply assert that there is no error.
      
      Behaviour doesn't change with this patch yet as bdrv_new() doesn't
      actually assign errors to errp.
      
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      Reviewed-by: default avatarEric Blake <eblake@redhat.com>
      98522f63
  4. 01 Apr, 2014 1 commit
  5. 21 Feb, 2014 3 commits
  6. 17 Feb, 2014 1 commit
  7. 06 Jan, 2014 1 commit
  8. 13 Dec, 2013 1 commit
    • Stefan Weil's avatar
      block/vvfat: Fix compiler warnings for OpenBSD · f671d173
      Stefan Weil authored
      
      
      The buildbot shows these compiler warnings:
      
      block/vvfat.c: In function 'create_short_and_long_name':
      block/vvfat.c:620: warning: array size (8) smaller than bound length (11)
      block/vvfat.c:620: warning: array size (8) smaller than bound length (11)
      block/vvfat.c:635: warning: array size (8) smaller than bound length (11)
      block/vvfat.c:635: warning: array size (8) smaller than bound length (11)
      
      They are caused by tricky code where 8 characters for the name are followed
      by 3 characters for the extension, and some operations touch both name and
      extension.
      
      Using an 11 character name which includes the extension fixes the compiler
      warning, satisfies cppcheck, valgrind and maybe other static and dynamic
      code checkers, and even simplifies some parts of the code.
      
      Signed-off-by: default avatarStefan Weil <sw@weilnetz.de>
      Reviewed-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      f671d173
  9. 12 Sep, 2013 3 commits
  10. 06 Sep, 2013 4 commits
  11. 18 Jul, 2013 1 commit
  12. 22 Apr, 2013 2 commits
  13. 22 Mar, 2013 1 commit
  14. 15 Mar, 2013 1 commit
  15. 11 Jan, 2013 1 commit
  16. 19 Dec, 2012 3 commits
  17. 15 Aug, 2012 2 commits
  18. 17 Jul, 2012 2 commits
    • Markus Armbruster's avatar
      vvfat: Do not clobber the user's geometry · 4480e0f9
      Markus Armbruster authored
      
      
      vvfat creates a virtual VFAT filesystem with a certain logical
      geometry that depends on its options.  It sets the "geometry hint" to
      this geometry.  It is the only block driver to do this.
      
      The geometry hint is about about *physical* geometry, and used only by
      certain hard disk device models.
      
      vvfat's hint is normally invisible for device models, because
      bdrv_open() puts a raw format on top of vvfat's fat protocol.  That
      raw format is where drive_init() puts the user's geometry (if any),
      and where the device model gets it from.
      
      Nobody complained, because the default physical geometry is the same
      as vvfat's logical geometry:
      
          opts        LCHS        def. PCHS
                      1024,16,63  same
          :32:        1024,16,63  same
          :16:        1024,16,63  same
          :12:          64,16,63  same
      
      Except when you specify :floppy:
      
          opts        LCHS        def. PCHS
             :floppy:   80, 2,36  5,16,63
          :32:floppy:   80, 2,36  5,16,63
          :16:floppy:   80, 2,36  5,16,63
          :12:floppy:   80, 2,18  2,16,63
      
      Silly thing to do for use with a hard disk.
      
      However, the "raw" format can be suppressed by adding an
      redundant-looking "format=vvfat" to "file=fat:FOO".  Then, vvfat's
      hint clobbers the user's geometry, i.e. -drive options cyls, heads,
      secs get silently ignored.  Don't do that.
      
      No change without format=vvfat.  With it, the user's hard disk
      geometry (-drive options cyls, heads, secs) is now obeyed, and the
      default hard disk geometry with :floppy: now matches the one without
      format=vvfat.
      
      Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      4480e0f9
    • Markus Armbruster's avatar
      vvfat: Fix partition table · f91cbefe
      Markus Armbruster authored
      
      
      Unless parameter ":floppy:" is given, vvfat creates a virtual image
      with DOS MBR defining a single partition which holds the FAT file
      system.  The size of the virtual image depends on the width of the
      FAT: 32 MiB (CHS 64, 16, 63) for 12 bit FAT, 504 MiB (CHS 1024, 16,
      63) for 16 and 32 bit FAT, leaving (64*16-1)*63 = 64449 and
      (1024*16-1)*64 = 1032129 sectors for the partition.
      
      However, it screws up the end of the partition in the MBR:
      
          FAT width param.  start CHS  end CHS     start LBA  size
              :32:          0,1,1      1023,14,63       63    1032065
              :16:          0,1,1      1023,14,55       63    1032057
              :12:          0,1,1        63,14,55       63      64377
      
      The actual FAT file system nevertheless assumes the partition has
      1032129 or 64449 sectors.  Oops.
      
      Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      f91cbefe
  19. 30 May, 2012 2 commits
    • Jim Meyering's avatar
      block: prevent snapshot mode $TMPDIR symlink attack · c2d76497
      Jim Meyering authored
      In snapshot mode, bdrv_open creates an empty temporary file without
      checking for mkstemp or close failure, and ignoring the possibility
      of a buffer overrun given a surprisingly long $TMPDIR.
      Change the get_tmp_filename function to return int (not void),
      so that it can inform its two callers of those failures.
      Also avoid the risk of buffer overrun and do not ignore mkstemp
      or close failure.
      Update both callers (in block.c and vvfat.c) to propagate
      temp-file-creation failure to their callers.
      
      get_tmp_filename creates and closes an empty file, while its
      callers later open that presumed-existing file with O_CREAT.
      The problem was that a malicious user could provoke mkstemp failure
      and race to create a symlink with the selected temporary file name,
      thus causing the qemu process (usually root owned) to open through
      the symlink, overwriting an attacker-chosen file.
      
      This addresses CVE-2012-2652.
      http://bugzilla.redhat.com/CVE-2012-2652
      
      
      
      Signed-off-by: default avatarJim Meyering <meyering@redhat.com>
      Reviewed-by: default avatarStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      c2d76497
    • Jim Meyering's avatar
      block: prevent snapshot mode $TMPDIR symlink attack · eba25057
      Jim Meyering authored
      In snapshot mode, bdrv_open creates an empty temporary file without
      checking for mkstemp or close failure, and ignoring the possibility
      of a buffer overrun given a surprisingly long $TMPDIR.
      Change the get_tmp_filename function to return int (not void),
      so that it can inform its two callers of those failures.
      Also avoid the risk of buffer overrun and do not ignore mkstemp
      or close failure.
      Update both callers (in block.c and vvfat.c) to propagate
      temp-file-creation failure to their callers.
      
      get_tmp_filename creates and closes an empty file, while its
      callers later open that presumed-existing file with O_CREAT.
      The problem was that a malicious user could provoke mkstemp failure
      and race to create a symlink with the selected temporary file name,
      thus causing the qemu process (usually root owned) to open through
      the symlink, overwriting an attacker-chosen file.
      
      This addresses CVE-2012-2652.
      http://bugzilla.redhat.com/CVE-2012-2652
      
      
      
      Reviewed-by: default avatarStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
      Signed-off-by: default avatarJim Meyering <meyering@redhat.com>
      Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
      eba25057
  20. 10 May, 2012 1 commit
  21. 13 Jan, 2012 1 commit
  22. 05 Dec, 2011 1 commit
  23. 23 Nov, 2011 1 commit
  24. 11 Nov, 2011 1 commit