Commit Graph

15 Commits

Author SHA1 Message Date
Michael S. Tsirkin
52f91c3723 zaurus: fix buffer overrun on invalid state load
CVE-2013-4540

Within scoop_gpio_handler_update, if prev_level has a high bit set, then
we get bit > 16 and that causes a buffer overrun.

Since prev_level comes from wire indirectly, this can
happen on invalid state load.

Similarly for gpio_level and gpio_dir.

To fix, limit to 16 bit.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
Andreas Färber
b8bcf811bf max7310: QOM'ify
Replace FROM_I2C_SLAVE() usages with QOM cast macro.
Rename parent field.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-14 16:22:32 +01:00
Markus Armbruster
1b111dc121 hw: cannot_instantiate_with_device_add_yet due to pointer props
Pointer properties can be set only by code, not by device_add.  A
device with a pointer property can work with device_add only when the
property may remain null.

This is the case for property "interrupt_vector" of device
"etraxfs,pic".  Add a comment there.

Set cannot_instantiate_with_device_add_yet for the other devices with
pointer properties, with a comment explaining why.

Juha Riihimäki and Peter Maydell deserve my thanks for making "pointer
property must not remain null" blatantly obvious in the OMAP devices.

Only device "smbus-eeprom" is actually changed.  The others are all
sysbus devices, which get cannot_instantiate_with_device_add_yet set
in their abstract base's class init function.  Setting it again in
their class init function is technically redundant, but serves as
insurance for when sysbus devices become available with device_add,
and as documentation.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> (for ETRAX)
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-12-24 17:27:17 +01:00
Andreas Färber
a009de46bd gpio/zaurus: QOM cast cleanup
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:06:57 +02:00
Andreas Färber
1ed09e2f43 puv3_gpio: QOM cast cleanup
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:06:57 +02:00
Andreas Färber
692a76d1c4 pl061: QOM'ify pl061 and pl061_luminary
Let pl061_luminary inherit from pl061, with differing instance_init.
Introduce type constant and use QOM casts.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:06:46 +02:00
Andreas Färber
ee663e96e4 pl061: Rename pl061_state to PL061State
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:06:46 +02:00
Andreas Färber
74d1e352be omap_gpio: QOM cast cleanup for omap2_gpif_s
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:06:46 +02:00
Andreas Färber
1d300b5f6f omap_gpio: QOM cast cleanup for omap_gpif_s
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:06:46 +02:00
Paolo Bonzini
b716368778 hw/gpio: pass owner to memory_region_init* functions
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-07-04 17:42:47 +02:00
Paolo Bonzini
2c9b15cab1 memory: add owner argument to initialization functions
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-07-04 17:42:44 +02:00
Stefan Weil
e1fe50dcb3 Remove unneeded type casts
cpu_physical_memory_read, cpu_physical_memory_write take any pointer
as 2nd argument without needing a type cast.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-19 11:36:33 +02:00
Paolo Bonzini
5193899a5a hw: move GPIO interfaces to hw/gpio/, configure with default-configs/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08 18:13:16 +02:00
Paolo Bonzini
49ab747f66 hw: move target-independent files to subdirectories
This patch tackles all files that are compiled once, moving
them to subdirectories of hw/.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08 18:13:12 +02:00
Paolo Bonzini
1fd6bb44ed hw: make subdirectories for devices
Prepare the new directory structure.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08 18:13:11 +02:00