OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw/display
History
Gerd Hoffmann 5e7bcdcfe6 display/bochs: fix pcie support 
Set QEMU_PCI_CAP_EXPRESS unconditionally in init(), then clear it in
realize() in case the device is not connected to a PCIe bus.

This makes sure the pci config space allocation is big enough, so
accessing the PCIe extended config space doesn't overflow the pci
config space buffer.

PCI(e) config space is guest writable.  Writes are limited by
write mask (which probably is also filled with random stuff),
so the guest can only flip enabled bits.  But I suspect it
still might be exploitable, so rather serious because it might
be a host escape for the guest.  On the other hand the device
is probably not yet in widespread use.

(For a QEMU version without this commit, a mitigation for the
bug is available: use "-device bochs-display" as a conventional pci
device only.)

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190812065221.20907-2-kraxel@redhat.com
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 		2019-08-12 16:36:41 +01:00
..
Kconfig ati-vga: Implement DDC and EDID info from monitor 2019-06-28 10:49:36 +02:00
Makefile.objs hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
ads7846.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
ati.c ati-vga: Fix setting offset together with pitch for r128pro 2019-07-05 09:50:33 +02:00
ati_2d.c ati-vga: Fix reverse bit blts 2019-07-05 09:50:33 +02:00
ati_dbg.c ati-vga: Implement DDC and EDID info from monitor 2019-06-28 10:49:36 +02:00
ati_int.h hw/i2c/bitbang_i2c: Use in-place rather than malloc'd bitbang_i2c_interface struct 2019-07-03 10:51:35 +02:00
ati_regs.h ati-vga: Fixes to offset and pitch registers 2019-06-28 10:49:36 +02:00
bcm2835_fb.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
blizzard.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
bochs-display.c display/bochs: fix pcie support 2019-08-12 16:36:41 +01:00
cg3.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
cirrus_vga.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
cirrus_vga_internal.h
cirrus_vga_isa.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
cirrus_vga_rop.h
cirrus_vga_rop2.h
dpcd.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
edid-generate.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
edid-region.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
exynos4210_fimd.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
framebuffer.c
framebuffer.h
g364fb.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
i2c-ddc.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
jazz_led.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
milkymist-tmu2.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
milkymist-vgafb.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
milkymist-vgafb_template.h
omap_dss.c
omap_lcd_template.h
omap_lcdc.c
pl110.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
pl110_template.h
pxa2xx_lcd.c
pxa2xx_template.h
qxl-logger.c
qxl-render.c
qxl.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
qxl.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
ramfb-standalone.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
ramfb.c hw/display/ramfb: initialize fw-config space with xres/ yres 2019-05-24 09:10:29 +02:00
sii9022.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
sm501.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
sm501_template.h
ssd0303.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
ssd0323.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
tc6393xb.c hw/devices: Move TC6393XB declarations into a new header 2019-04-29 17:57:21 +01:00
tc6393xb_template.h
tcx.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
trace-events trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
vga-helpers.h
vga-isa-mm.c
vga-isa.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
vga-pci.c edid: flip the default to enabled 2019-06-13 09:34:50 +02:00
vga.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
vga_int.h
vga_regs.h Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
vhost-user-gpu-pci.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
vhost-user-gpu.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
vhost-user-vga.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
virtio-gpu-3d.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
virtio-gpu-base.c virtio-gpu: split virtio-gpu, introduce virtio-gpu-base 2019-05-29 06:30:45 +02:00
virtio-gpu-pci.c Revert "hw: report invalid disable-legacy|modern usage for virtio-1-only devs" 2019-07-29 16:57:27 -04:00
virtio-gpu.c virtio-gpu: check if the resource already exists in virtio_gpu_load() 2019-07-03 10:51:06 +02:00
virtio-vga.c Revert "hw: report invalid disable-legacy|modern usage for virtio-1-only devs" 2019-07-29 16:57:27 -04:00
virtio-vga.h Clean up a header guard symbols (again) 2019-06-12 13:20:21 +02:00
vmware_vga.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
xenfb.c xen: Import other xen/io/*.h 2019-06-24 10:42:30 +01:00
xlnx_dp.c hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO 2019-07-15 14:17:03 +01:00