qemu-e2k/hw at 90865af7d901a2aa5eeadfb488f3a9d4aaf70605 - qemu-e2k - Expired Mentality Git

OpenE2K/qemu-e2k

History

Xuzhou Cheng 90865af7d9 hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure

pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the
instance_size initialization. This results in accessing out-of-bound
memory when setting 'chip-id' and 'phb-id', and eventually crashes
glib's malloc functionality with the following message:

  "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 3232 bytes"

This issue was noticed only when running qtests with QEMU Windows
32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose
this bug though.

Fixes: 9ae1329ee2fe ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge")
Fixes: 4f9924c4d4cf ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20220920103159.1865256-29-bmeng.cn@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>

2022-09-20 12:31:53 -03:00

..

trivial typos: namesapce

2022-06-28 11:06:44 +02:00

acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug()

2022-07-26 10:37:46 -04:00

hw/adc: Make adci[*] R/W in NPCM7XX ADC

2022-07-18 13:20:14 +01:00

Remove qemu-common.h include from most units

2022-04-06 14:31:55 +02:00

target/arm: Make boards pass base address to armv7m_load_kernel()

2022-09-14 11:19:40 +01:00

hw/audio/cs4231a: Const'ify global tables

2022-06-11 11:44:50 +02:00

Remove qemu-common.h include from most units

2022-04-06 14:31:55 +02:00

virtio-scsi: fix race in virtio_scsi_dataplane_start()

2022-08-17 07:07:37 -04:00

acpi: serial-is: replace ISADeviceClass::build_aml with AcpiDevAmlIfClass:build_dev_aml

2022-06-09 19:32:48 -04:00

hw/core: fix platform bus node name

2022-09-07 09:18:33 +02:00

cpu/core: Fix "help" of CPU core device types

2021-04-09 16:05:16 -04:00

Do not include exec/address-spaces.h if it's not really necessary

2021-05-02 17:24:51 +02:00

hw/cxl: Correctly handle variable sized mailbox input payloads.

2022-08-17 13:08:11 -04:00

xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command

2022-08-08 11:40:06 +02:00

ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY

2022-05-19 16:19:03 +01:00

hw/gpio/aspeed: Don't let guests modify input pins

2022-07-14 16:24:38 +02:00

lasips2: remove legacy lasips2_initfn() function

2022-07-18 19:28:46 +01:00

hw/hyperv/vmbus: Remove unused vmbus_load/save_req()

2022-05-30 19:49:42 +02:00

hw/i2c/pmbus: Add idle state to return 0xff's

2022-07-14 16:24:38 +02:00

util: accept iova_tree_remove_parameter by value

2022-09-02 10:22:39 +08:00

block: Change blk_{pread,pwrite}() param order

2022-07-12 12:14:56 +02:00

pckbd: remove legacy i8042_mm_init() function

2022-07-18 19:28:46 +01:00

hw/intc: Move mtimer/mtimecmp to aclint

2022-09-07 09:19:10 +02:00

qbus: Rename qbus_create_inplace() to qbus_init()

2021-09-30 13:42:10 +01:00

ipmi:smbus: Add a check around a memcpy

2022-08-01 06:40:50 -05:00

hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it

2022-06-29 00:24:59 +02:00

hw/loongarch: remove acpi-build.c unused variable 'aml_len'

2022-08-05 10:02:07 -07:00

goldfish_rtc: Add big-endian property

2022-09-04 07:02:56 +01:00

mem/cxl_type3: Add read and write functions for associated hostmem.

2022-05-13 07:57:26 -04:00

Remove qemu-common.h include from most units

2022-04-06 14:31:55 +02:00

hw/mips/malta: turn off x86 specific features of PIIX4_PM

2022-08-08 23:23:11 +02:00

hw/arm/bcm2835_property: Add support for RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS

2022-09-14 11:19:39 +01:00

net: tulip: Restrict DMA engine to memories

2022-09-02 10:22:39 +08:00

hw/nios2: virt: pass random seed to fdt

2022-07-22 19:01:44 +02:00

qbus: Rename qbus_create_inplace() to qbus_init()

2021-09-30 13:42:10 +01:00

hw/nvme: do not enable ioeventfd by default

2022-08-01 12:01:21 +02:00

block: Change blk_{pread,pwrite}() param order

2022-07-12 12:14:56 +02:00

hw/openrisc: virt: pass random seed to fdt

2022-09-04 07:02:57 +01:00

trivial patches pull request 20220629

2022-06-30 04:49:40 +05:30

pci-bridge/cxl_downstream: Add a CXL switch downstream port

2022-06-16 12:54:57 -04:00

hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure

2022-09-20 12:31:53 -03:00

hw/pcmcia: Do not register PCMCIA type if not required

2021-05-02 17:24:50 +02:00

hw/ppc: spapr: Use qemu_vfree() to free spapr->htab

2022-09-20 12:31:53 -03:00

hw/pvrdma: Some cosmetic fixes

2022-04-26 12:25:14 +02:00

vfio-user: handle reset of remote device

2022-06-15 16:43:42 +01:00

hw/riscv: virt: Add PMU DT node to the device tree

2022-09-07 09:19:15 +02:00

goldfish_rtc: Add big-endian property

2022-09-04 07:02:56 +01:00

hw/rx: pass random seed to fdt

2022-07-22 19:01:44 +02:00

s390x/cpumodel: add stfl197 processor-activity-instrumentation extension 1

2022-08-25 21:59:04 +02:00

scsi: Reject commands if the CDB length exceeds buf_len

2022-09-01 07:42:37 +02:00

block: Change blk_{pread,pwrite}() param order

2022-07-12 12:14:56 +02:00

hw/sensor: Add Renesas ISL69259 device model

2022-07-14 16:24:38 +02:00

Use g_new() & friends where that makes obvious sense

2022-03-21 15:44:44 +01:00

hw/smbios: Add table 4 parameter, "processor-id"

2022-03-06 05:28:55 -05:00

machine: make memory-backend a link property

2022-05-12 12:29:44 +02:00

hw: Reuse TYPE_I8042 define

2022-06-11 11:44:50 +02:00

aspeed/smc: Fix potential overflow

2022-06-30 09:21:13 +02:00

hw/intc: Move mtimer/mtimecmp to aclint

2022-09-07 09:19:10 +02:00

tpm_crb: Avoid backend startup just before shutdown under Xen

2022-09-09 17:55:59 -04:00

hw/tricore: fix inclusion of tricore_testboard

2021-07-20 20:10:21 +02:00

scsi: Add buf_len parameter to scsi_req_new()

2022-09-01 07:42:37 +02:00

ui/console: Do not return a value with ui_info

2022-06-14 10:34:37 +02:00

vdpa: Delete CVQ migration blocker

2022-09-02 10:22:39 +08:00

ppc/spapr: Implement H_WATCHDOG

2022-07-06 10:22:38 -03:00

xen/pass-through: don't create needless register group

2022-07-05 14:19:48 +01:00

Warn user if the vga flag is passed but no vga device is created

2022-05-09 08:21:14 +02:00

hw/xtensa: fix reset value of MIROUT register of MX PIC

2022-05-06 15:27:40 -07:00

Kconfig

hw/loongarch: Add support loongson3 virt machine type.

2022-06-06 18:09:03 +00:00

meson.build

hw/loongarch: Add support loongson3 virt machine type.

2022-06-06 18:09:03 +00:00