qemu-e2k

History

Thomas Huth effaf5a240 hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394) The loop condition in xhci_ring_chain_length() is under control of the guest, and additionally the code does not check for failed DMA transfers (e.g. if reaching the end of the RAM), so the loop there could run for a very long time or even forever. Fix it by checking the return value of dma_memory_read() and by introducing a maximum loop length. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646 Message-Id: <20220804131300.96368-1-thuth@redhat.com> Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>		2022-08-16 11:37:19 +02:00
..
bus.c
canokey.c	hw: canokey: Remove HS support as not compliant to the spec	2022-07-01 12:39:51 +02:00
canokey.h	hw/usb: Add CanoKey Implementation	2022-06-14 10:34:36 +02:00
ccid-card-emulated.c	modules: introduces module_kconfig directive	2022-06-06 09:26:53 +02:00
ccid-card-passthru.c	modules: introduces module_kconfig directive	2022-06-06 09:26:53 +02:00
ccid.h
chipidea.c
combined-packet.c
core.c
desc-msos.c
desc.c	usb: allow max 8192 bytes for desc	2022-01-13 10:22:37 +01:00
desc.h	usb: allow max 8192 bytes for desc	2022-01-13 10:22:37 +01:00
dev-audio.c
dev-hid.c	hid: Implement support for side and extra buttons	2022-02-22 17:15:36 +01:00
dev-hub.c
dev-mtp.c	Remove qemu-common.h include from most units	2022-04-06 14:31:55 +02:00
dev-network.c
dev-serial.c
dev-smartcard-reader.c	include: move C/util-related declarations to cutils.h	2022-04-06 14:31:43 +02:00
dev-storage-bot.c
dev-storage-classic.c
dev-storage.c
dev-uas.c	uas: add missing return	2022-01-13 10:58:05 +01:00
dev-wacom.c	hw/usb/dev-wacom: add missing HID descriptor	2022-01-13 10:22:00 +01:00
hcd-dwc2.c
hcd-dwc2.h	Clean up header guards that don't match their file name	2022-05-11 16:49:06 +02:00
hcd-dwc3.c
hcd-ehci-pci.c
hcd-ehci-sysbus.c
hcd-ehci.c	hw/usb/hcd-ehci: fix writeback order	2022-06-14 10:34:36 +02:00
hcd-ehci.h
hcd-musb.c
hcd-ohci-pci.c
hcd-ohci.c	usb/ohci: Don't use packet from OHCIState for isochronous transfers	2022-03-04 09:34:21 +01:00
hcd-ohci.h
hcd-uhci.c
hcd-uhci.h
hcd-xhci-nec.c
hcd-xhci-pci.c
hcd-xhci-pci.h
hcd-xhci-sysbus.c
hcd-xhci-sysbus.h
hcd-xhci.c	hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)	2022-08-16 11:37:19 +02:00
hcd-xhci.h
host-libusb.c	modules: introduces module_kconfig directive	2022-06-06 09:26:53 +02:00
host.h
imx-usb-phy.c
Kconfig	meson: Add CanoKey	2022-06-14 10:34:36 +02:00
libhw.c	dma: Let dma_memory_map() take MemTxAttrs argument	2021-12-30 17:16:32 +01:00
meson.build	meson: Add CanoKey	2022-06-14 10:34:36 +02:00
pcap.c
quirks-ftdi-ids.h
quirks-pl2303-ids.h
quirks.c
quirks.h
redirect.c	usbredir: avoid queuing hello packet on snapshot restore	2022-06-14 10:34:36 +02:00
trace-events	hw/usb/canokey: Add trace events	2022-06-14 10:34:36 +02:00
trace.h
tusb6010.c
u2f-emulated.c
u2f-passthru.c
u2f.c
u2f.h	misc: fix commonly doubled up words	2022-08-01 11:58:02 +02:00
vt82c686-uhci-pci.c
xen-usb.c
xlnx-usb-subsystem.c
xlnx-versal-usb2-ctrl-regs.c