qemu-e2k/hw/usb
Guenter Roeck 3202b2628b hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
The i.MX USB Phy driver does not check register ranges, resulting in out of
bounds accesses if an attempt is made to access non-existing PHY registers.
Add range check and conditionally report bad accesses to fix the problem.

While at it, also conditionally log attempted writes to non-existing or
read-only registers.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-id: 20230316234926.208874-1-linux@roeck-us.net
Link: https://gitlab.com/qemu-project/qemu/-/issues/1408
Fixes: 0701a5efa0 ("hw/usb: Add basic i.MX USB Phy support")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-21 13:19:07 +00:00
..
bus.c qapi: introduce x-query-usb QMP command 2021-11-02 15:55:14 +00:00
canokey.c hw: canokey: Remove HS support as not compliant to the spec 2022-07-01 12:39:51 +02:00
canokey.h hw/usb: Add CanoKey Implementation 2022-06-14 10:34:36 +02:00
ccid-card-emulated.c ccid-card-emulated: fix cast warning/error 2023-01-16 18:46:03 +01:00
ccid-card-passthru.c modules: introduces module_kconfig directive 2022-06-06 09:26:53 +02:00
ccid.h
chipidea.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
combined-packet.c usb: limit combined packets to 1 MiB (CVE-2021-3527) 2021-05-05 15:06:01 +02:00
core.c
desc-msos.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
desc.c usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
desc.h usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
dev-audio.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
dev-hid.c hid: Implement support for side and extra buttons 2022-02-22 17:15:36 +01:00
dev-hub.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
dev-mtp.c hw/usb: dev-mtp: Use g_mkdir() 2022-10-31 20:37:58 +00:00
dev-network.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
dev-serial.c usb: remove support for -usbdevice parameters 2021-03-15 17:00:58 +01:00
dev-smartcard-reader.c hw/usb/dev-smartcard-reader: Avoid forward-declaring CCIDBus 2023-02-27 22:29:02 +01:00
dev-storage-bot.c Don't include headers already included by qemu/osdep.h 2023-02-08 07:28:05 +01:00
dev-storage-classic.c Don't include headers already included by qemu/osdep.h 2023-02-08 07:28:05 +01:00
dev-storage.c usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert 2022-09-27 07:32:30 +02:00
dev-uas.c Replace use of qdev_reset_all() with device_cold_reset() 2022-12-16 15:55:32 +00:00
dev-wacom.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
hcd-dwc2.c dma: Let dma_memory_read/write() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
hcd-dwc2.h Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
hcd-dwc3.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
hcd-ehci-pci.c
hcd-ehci-sysbus.c hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize() 2021-03-26 09:14:48 +01:00
hcd-ehci.c hw/usb/hcd-ehci: fix writeback order 2022-06-14 10:34:36 +02:00
hcd-ehci.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-musb.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
hcd-ohci-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-ohci.c hw/usb/ohci: Implement resume on connection status change 2023-03-08 00:37:48 +01:00
hcd-ohci.h hw/usb/ohci: Use OHCIState type definition 2023-02-27 22:29:02 +01:00
hcd-uhci.c hw/usb/uhci: Replace container_of() by UHCI_GET_CLASS() QOM macro 2023-02-27 22:29:02 +01:00
hcd-uhci.h hw/usb/uhci: Declare QOM macros using OBJECT_DECLARE_TYPE() 2023-02-27 22:29:02 +01:00
hcd-xhci-nec.c hw/usb/xhci-nec: Replace container_of() by NEC_XHCI() QOM cast macro 2023-02-27 22:29:02 +01:00
hcd-xhci-pci.c hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset() 2022-11-23 12:28:51 +01:00
hcd-xhci-pci.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-xhci-sysbus.c hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset() 2022-11-23 12:28:51 +01:00
hcd-xhci-sysbus.h
hcd-xhci.c hw/usb/hcd-xhci.c: spelling: tranfer 2022-11-23 12:26:25 +01:00
hcd-xhci.h hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X 2021-05-28 09:10:20 +02:00
host-libusb.c host-libusb: Remove unused variable 2022-11-11 09:12:10 +01:00
host.h
imx-usb-phy.c hw/usb/imx: Fix out of bounds access in imx_usbphy_read() 2023-03-21 13:19:07 +00:00
Kconfig meson: Add CanoKey 2022-06-14 10:34:36 +02:00
libhw.c dma: Let dma_memory_map() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
meson.build hw/xen: Build PV backend drivers for CONFIG_XEN_BUS 2023-03-07 17:04:30 +00:00
pcap.c
quirks-ftdi-ids.h hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
quirks-pl2303-ids.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
quirks.c
quirks.h Drop the deprecated lm32 target 2021-05-12 18:20:25 +02:00
redirect.c Revert "usbredir: avoid queuing hello packet on snapshot restore" 2022-11-23 11:53:37 +01:00
trace-events hw/usb/ohci: Add trace points for register access 2023-02-27 22:29:02 +01:00
trace.h
tusb6010.c
u2f-emulated.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
u2f-passthru.c
u2f.c usb: remove '-usbdevice u2f-key' 2021-03-15 17:00:58 +01:00
u2f.h hw/usb/u2f: Declare QOM macros using OBJECT_DECLARE_TYPE() 2023-02-27 22:29:02 +01:00
vt82c686-uhci-pci.c hw/usb/vt82c686-uhci-pci: Use PCI IRQ routing 2023-03-08 00:37:48 +01:00
xen-usb.c hw/xen: Use XEN_PAGE_SIZE in PV backend drivers 2023-03-07 17:04:30 +00:00
xlnx-usb-subsystem.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xlnx-versal-usb2-ctrl-regs.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00