Go to file
P J P b947ac2bf2 e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)
While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.

[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]

Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
2015-09-15 12:51:02 +01:00
audio ossaudio: fix memory leak 2015-07-08 13:11:01 +02:00
backends baum: Fix build with debugging enabled 2015-09-11 10:21:38 +03:00
block * Support for jemalloc 2015-09-14 16:13:16 +01:00
bsd-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
crypto crypto: fix built-in AES decrypt function 2015-07-27 12:22:01 +02:00
default-configs virtio-vga: enable for i386 2015-09-11 12:18:37 +03:00
disas typofixes - v4 2015-09-11 10:45:43 +03:00
docs typofixes - v4 2015-09-11 10:45:43 +03:00
dtc@65cc4d2748 dtc: Update dtc / libfdt submodule to version 1.4.0 2015-06-03 23:56:49 +02:00
fpu target-s390x: define default NaN values 2015-06-05 01:37:58 +02:00
fsdev maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
gdb-xml s390x/gdb: support reading/writing of control registers 2015-09-07 16:10:43 +02:00
hw e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815) 2015-09-15 12:51:02 +01:00
include * Support for jemalloc 2015-09-14 16:13:16 +01:00
libcacard typofixes - v4 2015-09-11 10:45:43 +03:00
libdecnumber typofixes - v4 2015-09-11 10:45:43 +03:00
linux-headers linux-headers: Update to 4.2-rc1 2015-07-06 17:59:01 +02:00
linux-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
migration maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
net trivial: remove trailing newline from error_report 2015-09-11 10:21:38 +03:00
pc-bios pc-bios/s390-ccw: rebuild image 2015-09-07 16:10:43 +02:00
pixman@87eea99e44 pixman: update internal copy to pixman-0.32.6 2014-09-15 08:14:19 +02:00
po Update language files for QEMU 2.4.0 2015-09-11 10:21:38 +03:00
qapi qcow2: add option to clean unused cache entries after some time 2015-09-04 21:00:32 +02:00
qga typofixes - v4 2015-09-11 10:45:43 +03:00
qobject Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qom * Support for jemalloc 2015-09-14 16:13:16 +01:00
roms pseries: Update SLOF firmware image to qemu-slof-20150429 2015-07-07 17:44:49 +02:00
scripts qapi: Fix cgen() for Python older than 2.7 2015-09-14 18:02:59 +01:00
slirp qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
stubs main-loop: introduce qemu_mutex_iothread_locked 2015-07-01 15:45:50 +02:00
target-alpha tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-arm target-arm: Add VMPIDR_EL2 2015-09-14 14:39:51 +01:00
target-cris tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-lm32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-m68k tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-microblaze tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-mips tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-moxie tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-openrisc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-ppc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-s390x * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-sh4 sh4-next: 2015-09-14 10:46:38 +01:00
target-sparc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-tricore tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-unicore32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-xtensa tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
tcg * Support for jemalloc 2015-09-14 16:13:16 +01:00
tests * Support for jemalloc 2015-09-14 16:13:16 +01:00
trace Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
ui maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
util * Support for jemalloc 2015-09-14 16:13:16 +01:00
.exrc qemu: add .exrc 2012-09-07 09:02:44 +03:00
.gitignore qemu-ga: Add .msi files to .gitignore 2015-09-01 11:07:08 -05:00
.gitmodules PPC: Add u-boot firmware for e500 2014-06-16 13:24:35 +02:00
.mailmap Update mailmap 2013-09-05 09:40:31 -05:00
.travis.yml .travis.yml: Add "--enable-modules" 2015-01-26 12:27:05 +01:00
accel.c accel: Create accel object when initializing machine 2014-10-09 15:36:14 +02:00
aio-posix.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
aio-win32.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
arch_init.c smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00
async.c AioContext: force event loop iteration using BH 2015-07-29 10:02:06 +01:00
balloon.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
block.c opts: produce valid command line in qemu_opts_print 2015-09-11 10:21:38 +03:00
blockdev-nbd.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
blockdev.c block: more check for replaced node 2015-09-02 14:56:39 +01:00
blockjob.c blockjob: add block_job_release function 2015-07-07 14:27:14 +01:00
bootdevice.c misc: fix typos in copyright declaration 2015-03-26 14:21:43 +01:00
bt-host.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
bt-vhci.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
Changelog Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
CODING_STYLE CODING_STYLE: update mixed declaration rules 2015-09-09 15:34:54 +02:00
configure * Support for jemalloc 2015-09-14 16:13:16 +01:00
COPYING
COPYING.LIB
coroutine-gthread.c glib-compat.h: add new thread API emulation on top of pre-2.31 API 2014-06-10 07:44:01 +02:00
coroutine-sigaltstack.c coroutine-sigaltstack: Change jmp_buf to sigjmp_buf 2014-11-11 11:07:55 +03:00
coroutine-ucontext.c coroutine-ucontext: use __thread 2015-01-13 13:43:28 +00:00
coroutine-win32.c coroutine-win32.c: Add noinline attribute to work around gcc bug 2014-06-26 14:08:14 +01:00
cpu-exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
cpus.c cpus: remove tcg_halt_cond and tcg_cpu_thread globals 2015-09-09 15:34:55 +02:00
cputlb.c tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
device_tree.c device_tree: Fix a typo 2015-07-27 22:44:47 +03:00
device-hotplug.c pci-hotplug-old: Has been dead for five major releases, bury 2015-03-01 12:37:54 +01:00
disas.c disas: Defeature print_target_address 2015-08-14 23:40:32 +02:00
dma-helpers.c range: remove useless inclusions 2015-04-30 16:05:48 +03:00
dump.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
gdbstub.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
HACKING HACKING: Document vaddr type usage 2013-07-23 02:41:31 +02:00
hmp-commands.hx hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.h hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
iohandler.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
ioport.c - miscellaneous cleanups for TCG (Emilio) and NBD (Bogdan) 2015-04-30 12:04:11 +01:00
iothread.c rcu: actually register threads that have RCU read-side critical sections 2015-07-24 13:57:45 +02:00
kvm-all.c s390x/kvm: make setting of in-kernel irq routes more efficient 2015-09-07 16:10:43 +02:00
kvm-stub.c kvm: some fixes to kvm_resamplefds_allowed 2015-07-06 12:15:14 -06:00
LICENSE vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00
main-loop.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
MAINTAINERS First batch of s390x patches for 2.5: 2015-09-03 14:33:03 +01:00
Makefile Makefile: qemu-ga: fix msi target error message 2015-09-01 13:16:26 -05:00
Makefile.objs crypto: introduce new module for computing hash digests 2015-07-07 12:04:07 +02:00
Makefile.target Makefile.target: include top level build dir in vpath 2015-09-09 15:34:54 +02:00
memory_mapping.c memory_mapping: Rework cpu related includes 2015-06-26 16:00:50 +02:00
memory.c Merge memory_region_init_reservation() into memory_region_init_io() 2015-08-13 11:26:21 +01:00
module-common.c module: implement module loading 2014-02-20 13:14:18 +01:00
monitor.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
nbd.c qemu-nbd: only send a limited number of errno codes on the wire 2015-05-08 14:45:11 +02:00
numa.c maint: remove double semicolons in many files 2015-09-11 10:21:38 +03:00
os-posix.c rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
os-win32.c maint: remove unused include for signal.h 2015-09-11 10:21:38 +03:00
page_cache.c maint: remove unused include for strings.h 2015-09-11 10:21:38 +03:00
qapi-schema.json qapi-schema: remove legacy<> from doc 2015-09-11 10:21:39 +03:00
qdev-monitor.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qdict-test-data.txt
qemu-bridge-helper.c qemu-bridge-helper: Fix fd leak in main() 2014-06-27 10:39:10 +02:00
qemu-char.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
qemu-coroutine-io.c coroutine-io: Return -errno in case of error 2015-03-18 12:07:21 +01:00
qemu-coroutine-lock.c coroutine: remove unnecessary parentheses in qemu_co_queue_empty 2015-04-30 16:05:49 +03:00
qemu-coroutine-sleep.c coroutine: Drop co_sleep_ns 2014-08-29 10:46:58 +01:00
qemu-coroutine.c coroutine: Clean up qemu_coroutine_enter() 2015-03-09 11:11:59 +01:00
qemu-doc.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-ga.texi qga: start a man page 2015-09-01 13:16:26 -05:00
qemu-img-cmds.hx qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-img.c qemu-img: Fix crash in amend invocation 2015-09-04 20:59:48 +02:00
qemu-img.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-io-cmds.c qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
qemu-io.c qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
qemu-log.c qemu-log: Correct help text of 'log cpu_reset' 2015-02-10 09:27:20 +03:00
qemu-nbd.c Trivial: fix commandline help message 2015-09-11 10:21:38 +03:00
qemu-nbd.texi nbd: Miscellaneous typo fixes. 2014-05-24 00:07:29 +04:00
qemu-options-wrapper.h vl.c: In qemu -h output, only print options for the arch we are running as 2011-12-19 10:27:33 -06:00
qemu-options.h
qemu-options.hx help: dd missing newline 2015-09-11 10:21:38 +03:00
qemu-seccomp.c seccomp: add mlockall to whitelist 2015-01-23 14:07:08 +01:00
qemu-tech.texi qemu-doc: fix typos 2015-07-24 13:57:45 +02:00
qemu-timer.c qemu-timer: initialize "timers_done_ev" to set 2015-07-22 12:41:32 +01:00
qemu.nsi nsis: Improved support for parallel installation of 32 and 64 bit code 2013-11-07 07:02:44 +01:00
qemu.sasl sasl: Avoid 'Could not find keytab file' in syslog 2014-03-15 13:54:18 +04:00
qjson.c QJSON: Use OBJECT_CHECK 2015-05-11 08:59:07 -04:00
qmp-commands.hx s390x: Dump storage keys qmp command 2015-09-03 12:17:54 +02:00
qmp.c qmp: Add example usage of strto*l() qemu wrapper 2015-09-09 15:34:54 +02:00
qtest.c qtest: pre-buffer hex nibs 2015-05-22 15:58:22 -04:00
README Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
rules.mak make: load only required dependency files. 2015-08-13 14:08:25 +03:00
softmmu_template.h softmmu: remove now unused functions 2015-09-11 08:16:05 -07:00
spice-qemu-char.c spice: fix spice_chr_add_watch() pre-condition 2015-05-29 09:56:01 +02:00
tcg-runtime.c tcg: Push tcg-runtime routines into exec/helper-* 2014-05-28 09:33:54 -07:00
tci.c tcg: implement real ext_i32_i64 and extu_i32_i64 ops 2015-08-24 11:10:54 -07:00
thread-pool.c thread-pool: clean up thread_pool_completion_bh() 2015-04-28 15:36:09 +02:00
thunk.c linux-user: Allocate thunk size dynamically 2015-06-15 11:36:58 +03:00
tpm.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
trace-events xen-2015-09-10 2015-09-10 18:25:52 +01:00
translate-all.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
translate-all.h translate-all: remove unnecessary argument to tb_invalidate_phys_range 2015-06-05 17:09:59 +02:00
user-exec.c osdep.h: Remove qemu_printf 2015-08-19 16:29:53 +01:00
VERSION Open 2.5 development tree 2015-08-11 23:15:55 +01:00
version.rc Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
vl.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
xen-common-stub.c accel: Move Xen registration code to xen-common.c 2014-10-04 08:59:15 +02:00
xen-common.c migration: Fix regression for xenfv and pc,accel=xen machine. 2015-08-03 16:13:40 +00:00
xen-hvm-stub.c pc: Remove redundant arguments from xen_hvm_init() 2015-09-10 11:05:40 +03:00
xen-hvm.c xen-2015-09-10 2015-09-10 18:25:52 +01:00
xen-mapcache.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team