[Qemu-commits] [qemu/qemu] b17a90: multiboot: Reject kernels exceeding t

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] b17a90: multiboot: Reject kernels exceeding t

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] b17a90: multiboot: Reject kernels exceeding the address sp...
Date:	Thu, 22 Mar 2018 10:54:12 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: b17a9054a0652a1481be48a6729e972abf02412f
      
https://github.com/qemu/qemu/commit/b17a9054a0652a1481be48a6729e972abf02412f
  Author: Kevin Wolf <address@hidden>
  Date:   2018-03-21 (Wed, 21 Mar 2018)

  Changed paths:
    M hw/i386/multiboot.c

  Log Message:
  -----------
  multiboot: Reject kernels exceeding the address space

The code path where mh_load_end_addr is non-zero in the Multiboot
header checks that mh_load_end_addr >= mh_load_addr and so
mb_load_size is checked.  However, mb_load_size is not checked when
calculated from the file size, when mh_load_end_addr is 0.

If the kernel binary size is larger than can fit in the address space
after load_addr, we ended up with a kernel_size that is smaller than
load_size, which means that we read the file into a too small buffer.

Add a check to reject kernel files with such Multiboot headers.

Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Jack Schwartz <address@hidden>


  Commit: dbf2dce7aabb7723542bd182175904846d70b0f9
      
https://github.com/qemu/qemu/commit/dbf2dce7aabb7723542bd182175904846d70b0f9
  Author: Kevin Wolf <address@hidden>
  Date:   2018-03-21 (Wed, 21 Mar 2018)

  Changed paths:
    M hw/i386/multiboot.c

  Log Message:
  -----------
  multiboot: Check validity of mh_header_addr

I couldn't find a case where this prevents something bad from happening
that isn't already caught by other checks, but let's err on the safe
side and check that mh_header_addr is as expected.

Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Jack Schwartz <address@hidden>


  Commit: 49713c413a65ab4b02124aabe83f8539cc6ece5e
      
https://github.com/qemu/qemu/commit/49713c413a65ab4b02124aabe83f8539cc6ece5e
  Author: Kevin Wolf <address@hidden>
  Date:   2018-03-21 (Wed, 21 Mar 2018)

  Changed paths:
    M tests/multiboot/run_test.sh

  Log Message:
  -----------
  tests/multiboot: Test exit code for every qemu run

Testing the exit code only once after a whole group of tests has
completed is not enough, it catches errors only in the very last qemu
invocation. We need to have the check after each qemu run.

The logging and diff with the reference output is still done once per
group to keep things more managable. This is not a problem because the
log file accumulates the output of all runs.

Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Jack Schwartz <address@hidden>


  Commit: 1c8c426fb44bf5b3ffbcad1b00c7def4b89b03ec
      
https://github.com/qemu/qemu/commit/1c8c426fb44bf5b3ffbcad1b00c7def4b89b03ec
  Author: Kevin Wolf <address@hidden>
  Date:   2018-03-21 (Wed, 21 Mar 2018)

  Changed paths:
    M tests/multiboot/Makefile
    A tests/multiboot/aout_kludge.S
    A tests/multiboot/aout_kludge.out
    M tests/multiboot/run_test.sh

  Log Message:
  -----------
  tests/multiboot: Add tests for the a.out kludge

Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Jack Schwartz <address@hidden>


  Commit: e2679395d598bd40770c22a793c0152576ac211f
      
https://github.com/qemu/qemu/commit/e2679395d598bd40770c22a793c0152576ac211f
  Author: Kevin Wolf <address@hidden>
  Date:   2018-03-21 (Wed, 21 Mar 2018)

  Changed paths:
    A tests/multiboot/.gitignore

  Log Message:
  -----------
  tests/multiboot: Add .gitignore

Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Jack Schwartz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>


  Commit: 211d6260208d079429fd0d447b86ff480d0524ca
      
https://github.com/qemu/qemu/commit/211d6260208d079429fd0d447b86ff480d0524ca
  Author: Peter Maydell <address@hidden>
  Date:   2018-03-22 (Thu, 22 Mar 2018)

  Changed paths:
    M hw/i386/multiboot.c
    A tests/multiboot/.gitignore
    M tests/multiboot/Makefile
    A tests/multiboot/aout_kludge.S
    A tests/multiboot/aout_kludge.out
    M tests/multiboot/run_test.sh

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Multiboot patches

# gpg: Signature made Wed 21 Mar 2018 14:38:36 GMT
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <address@hidden>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  tests/multiboot: Add .gitignore
  tests/multiboot: Add tests for the a.out kludge
  tests/multiboot: Test exit code for every qemu run
  multiboot: Check validity of mh_header_addr
  multiboot: Reject kernels exceeding the address space

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/99728ba3ec9b...211d6260208d

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] b17a90: multiboot: Reject kernels exceeding the address sp..., GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] 0c3365: dump.c: allow fd_write_vmcore to return errno on f...
Next by Date: [Qemu-commits] [qemu/qemu] d522e0: gitmodules: Use the QEMU mirror of qemu-palcode
Previous by thread: [Qemu-commits] [qemu/qemu] 0c3365: dump.c: allow fd_write_vmcore to return errno on f...
Next by thread: [Qemu-commits] [qemu/qemu] d522e0: gitmodules: Use the QEMU mirror of qemu-palcode
Index(es):
- Date
- Thread