From patchwork Fri Aug 31 18:16:04 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Liam Merwick <liam.merwick@oracle.com>
X-Patchwork-Id: 10584307
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 03DFE920
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Fri, 31 Aug 2018 18:16:03 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E709E2C53B
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Fri, 31 Aug 2018 18:16:02 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D9E2F2C547; Fri, 31 Aug 2018 18:16:02 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 64A9C2C53B
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Fri, 31 Aug 2018 18:16:02 +0000 (UTC)
Received: from localhost ([::1]:56107 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1fvnxh-0000S8-MM
	for patchwork-qemu-devel@patchwork.kernel.org;
 Fri, 31 Aug 2018 14:16:01 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50018)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1fvnwE-0007CY-1l
	for qemu-devel@nongnu.org; Fri, 31 Aug 2018 14:14:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1fvnwB-0005tA-Cp
	for qemu-devel@nongnu.org; Fri, 31 Aug 2018 14:14:30 -0400
Received: from userp2130.oracle.com ([156.151.31.86]:50462)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1fvnwB-0005t0-41
	for qemu-devel@nongnu.org; Fri, 31 Aug 2018 14:14:27 -0400
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
	by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w7VIDsiu061969
	for <qemu-devel@nongnu.org>; Fri, 31 Aug 2018 18:14:26 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : subject :
	date : message-id : mime-version : content-type :
	content-transfer-encoding; s=corp-2018-07-02;
	bh=rOLy93Mj5Zo47EpXvOw5yarbewzobEGa558QQhSEqRU=;
	b=vouaj2sL7ojd46vjNYLgw8jHs9U0hWZd8eSHHuREvF8wDtKRXziG4d/Az90V8uLlfiZj
	HGuIqqEldfXj0E0RBp48CBvVE0435Om9sBjEXCdeh7Wda1STbpeowZlS+P4gcC/suY9k
	0WXKictUWLk8rzamoIMrxhIIOatD5NP25Kqfk4lHHfw1C6NE7q+MysB2Q4q7YcEEmw4o
	+qx6ZP+pygm0A0nLoI7N7xb5cxF17WkeojU6gXb3hnJ2mOsC2amn7S3GHE0a18fkmSW0
	KbCRmLm7oLUsHDWyt/RETVAqAhDDJVLNPO4k68/OVouzp9kVPD73m58JrCCO8edqbPWw
	xw==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp2130.oracle.com with ESMTP id 2m2xhucv78-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Fri, 31 Aug 2018 18:14:26 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w7VIEPnG010883
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK) for <qemu-devel@nongnu.org>; Fri, 31 Aug 2018 18:14:25 GMT
Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11])
	by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w7VIEOBa021023
	for <qemu-devel@nongnu.org>; Fri, 31 Aug 2018 18:14:24 GMT
Received: from ol7.nl.oracle.com (/10.175.61.138)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 31 Aug 2018 11:14:24 -0700
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 31 Aug 2018 19:16:04 +0100
Message-Id: <1535739372-24454-1-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9001
	signatures=668708
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1808310183
X-MIME-Autoconverted: from 8bit to quoted-printable by userp2130.oracle.com id
	w7VIDsiu061969
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 156.151.31.86
Subject: [Qemu-devel] [PATCH v3 0/8] off-by-one and NULL pointer accesses
 detected by static analysis
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Below are a number of fixes to some off-by-one, read outside array bounds, and
NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait).
https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13

I have also included a patch to add a command-line option to configure to
select if AVX2 is used or not (keeping the existing behaviour by default).
My motivation was avoiding an issue with the static analysis tool but NetSpectre
was announced as I was working on this and I felt it may have more general uses.

v1 -> v2
Based on feedback from Eric Blake:
patch2: reworded commit message to clarify issue
patch6: Reverted common qlist routines and added assert to qlist_dump instead
patch7: Fixed incorrect logic
patch8: Added QEMU_BUILD_BUG_ON to catch future іnstance at compile-time

v2 -> v3
Based on feedback from Eric Blake:
patch6: removed double space from commit message
patch8: removed unnecessary comment and updated QEMU_BUILD_BUG_ON to use ARRAY_SIZE
Added Eric's R-b to patches 6,7,8

Liam Merwick (8):
  configure: Provide option to explicitly disable AVX2
  job: Fix off-by-one assert checks for JobSTT and JobVerbTable
  block: Null pointer dereference in blk_root_get_parent_desc()
  qemu-img: potential Null pointer deref in img_commit()
  block: Fix potential Null pointer dereferences in vvfat.c
  block: dump_qlist() may dereference a Null pointer
  io: potential unnecessary check in qio_channel_command_new_spawn()
  qcow2: Read outside array bounds in qcow2_pre_write_overlap_check()

 block/block-backend.c  |  2 +-
 block/qapi.c           |  2 ++
 block/qcow2-refcount.c | 18 ++++++++--------
 block/vvfat.c          | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
 configure              | 11 ++++++++--
 io/channel-command.c   |  3 +--
 job.c                  |  4 ++--
 qemu-img.c             |  3 +++
 8 files changed, 84 insertions(+), 15 deletions(-)