qemu-e2k/hw/usb
Peter Maydell f8324611c1 hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth()
In xhci_get_port_bandwidth(), we use a variable-length array to
construct the buffer to send back to the guest. Avoid the VLA
by using dma_memory_set() to directly request the memory system
to fill the guest memory with a string of '80's.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230824164818.2652452-1-peter.maydell@linaro.org>
2023-08-31 19:47:43 +02:00
..
bus.c qapi: introduce x-query-usb QMP command 2021-11-02 15:55:14 +00:00
canokey.c hw/usb/canokey: change license to GPLv2+ 2023-07-25 17:24:12 +01:00
canokey.h hw/usb/canokey: change license to GPLv2+ 2023-07-25 17:24:12 +01:00
ccid-card-emulated.c hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
ccid-card-passthru.c modules: introduces module_kconfig directive 2022-06-06 09:26:53 +02:00
ccid.h
chipidea.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
combined-packet.c usb: limit combined packets to 1 MiB (CVE-2021-3527) 2021-05-05 15:06:01 +02:00
core.c
desc-msos.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
desc.c usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
desc.h usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
dev-audio.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
dev-hid.c hid: Implement support for side and extra buttons 2022-02-22 17:15:36 +01:00
dev-hub.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
dev-mtp.c hw/usb: dev-mtp: Use g_mkdir() 2022-10-31 20:37:58 +00:00
dev-network.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
dev-serial.c usb: remove support for -usbdevice parameters 2021-03-15 17:00:58 +01:00
dev-smartcard-reader.c hw/usb/dev-smartcard-reader: Avoid forward-declaring CCIDBus 2023-02-27 22:29:02 +01:00
dev-storage-bot.c Don't include headers already included by qemu/osdep.h 2023-02-08 07:28:05 +01:00
dev-storage-classic.c Don't include headers already included by qemu/osdep.h 2023-02-08 07:28:05 +01:00
dev-storage.c usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert 2022-09-27 07:32:30 +02:00
dev-uas.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
dev-wacom.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
hcd-dwc2.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
hcd-dwc2.h Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
hcd-dwc3.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
hcd-ehci-pci.c hw/usb/hcd-ehci-pci: Simplify using DEVICE_GET_CLASS() macro 2023-06-09 23:38:16 +03:00
hcd-ehci-sysbus.c hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize() 2021-03-26 09:14:48 +01:00
hcd-ehci.c hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
hcd-ehci.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-musb.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
hcd-ohci-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-ohci.c hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
hcd-ohci.h hw/usb/ohci: Use OHCIState type definition 2023-02-27 22:29:02 +01:00
hcd-uhci.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
hcd-uhci.h hw/usb/uhci: Declare QOM macros using OBJECT_DECLARE_TYPE() 2023-02-27 22:29:02 +01:00
hcd-xhci-nec.c hw/usb/xhci-nec: Replace container_of() by NEC_XHCI() QOM cast macro 2023-02-27 22:29:02 +01:00
hcd-xhci-pci.c hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset() 2022-11-23 12:28:51 +01:00
hcd-xhci-pci.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-xhci-sysbus.c hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset() 2022-11-23 12:28:51 +01:00
hcd-xhci-sysbus.h
hcd-xhci.c hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth() 2023-08-31 19:47:43 +02:00
hcd-xhci.h hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X 2021-05-28 09:10:20 +02:00
host-libusb.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
host.h
imx-usb-phy.c hw/usb/imx: Fix out of bounds access in imx_usbphy_read() 2023-03-21 13:19:07 +00:00
Kconfig kconfig: Add PCIe devices to s390x machines 2023-07-14 11:10:57 +02:00
libhw.c dma: Let dma_memory_map() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
pcap.c
quirks-ftdi-ids.h hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
quirks-pl2303-ids.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
quirks.c
quirks.h hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
redirect.c hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
trace-events hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
trace.h
tusb6010.c
u2f-emulated.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
u2f-passthru.c
u2f.c usb: remove '-usbdevice u2f-key' 2021-03-15 17:00:58 +01:00
u2f.h hw/usb/u2f: Declare QOM macros using OBJECT_DECLARE_TYPE() 2023-02-27 22:29:02 +01:00
vt82c686-uhci-pci.c hw/usb/vt82c686-uhci-pci: Use PCI IRQ routing 2023-03-08 00:37:48 +01:00
xen-usb.c hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
xlnx-usb-subsystem.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xlnx-versal-usb2-ctrl-regs.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00