qemu-e2k/hw/ppc
Peter Maydell eda3f17bcd hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map()
In dcr_write_dma(), there is code that uses cpu_physical_memory_map()
to implement a DMA transfer.  That function takes a 'plen' argument,
which points to a hwaddr which is used for both input and output: the
caller must set it to the size of the range it wants to map, and on
return it is updated to the actual length mapped. The dcr_write_dma()
code fails to initialize rlen and wlen, so will end up mapping an
unpredictable amount of memory.

Initialize the length values correctly, and check that we managed to
map the entire range before using the fast-path memmove().

This was spotted by Coverity, which points out that we never
initialized the variables before using them.

Fixes: Coverity CID 1487137, 1487150
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220726182341.1888115-2-peter.maydell@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28 10:31:54 -03:00
..
e500-ccsr.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
e500.c hw/ppc: pass random seed to fdt 2022-07-18 13:59:43 -03:00
e500.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
e500plat.c hw/ppc/e500plat: Only try to add valid dynamic sysbus devices to platform bus 2021-04-06 11:49:14 +01:00
fdt.c
fw_cfg.c hw/ppc: Implement fw_cfg_arch_key_name() 2019-05-23 14:10:31 +02:00
Kconfig hw/ppc/Kconfig: Add dependency PEGASOS2 -> ATI_VGA 2021-07-20 20:10:20 +02:00
mac_newworld.c ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
mac_oldworld.c ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
mac.h hw/ppc/mac.h: Remove MAX_CPUS macro 2021-12-17 17:57:12 +01:00
meson.build spapr: Implement Open Firmware client interface 2021-07-09 10:38:19 +10:00
mpc8544_guts.c ppc/ppc4xx: Convert printfs() 2022-01-04 07:55:34 +01:00
mpc8544ds.c ppc/e500: use memdev for RAM 2020-02-19 16:50:00 +00:00
pef.c ppc/pef.c: initialize cgs->ready in kvmppc_svm_init() 2021-06-03 18:10:31 +10:00
pegasos2.c ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
pnv_bmc.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
pnv_core.c ppc/pnv: Rename "id" to "quad-id" in PnvQuad 2021-09-29 19:37:38 +10:00
pnv_homer.c ppc/pnv: Add a HOMER model to POWER10 2022-03-02 06:51:39 +01:00
pnv_lpc.c ppc/pnv: Remove PnvLpcController::psi link 2022-04-20 18:00:30 -03:00
pnv_occ.c ppc/pnv: Remove PnvOCC::psi link 2022-04-20 18:00:30 -03:00
pnv_pnor.c block: Change blk_{pread,pwrite}() param order 2022-07-12 12:14:56 +02:00
pnv_psi.c ppc/pnv: Remove useless checks in set_irq handlers 2022-04-20 18:00:30 -03:00
pnv_xscom.c ppc/pnv: Add a comment on the "primary-topology-index" property 2021-09-29 19:37:38 +10:00
pnv.c ppc/pnv: make pnv_chip_power8_pic_print_info() use chip8->phbs[] 2022-07-06 10:22:37 -03:00
ppc4xx_devs.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
ppc4xx_pci.c ppc/ppc4xx: Convert printfs() 2022-01-04 07:55:34 +01:00
ppc405_boards.c hw/ppc/ppc405_boards: Initialize g_autofree pointer 2022-04-20 18:00:30 -03:00
ppc405_uc.c ppc/40x: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
ppc405.h ppc/ppc405: Fix bi_pci_enetaddr2 field in U-Boot board information 2021-12-17 17:57:17 +01:00
ppc440_bamboo.c ppc/40x: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
ppc440_pcix.c Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
ppc440_uc.c hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map() 2022-07-28 10:31:54 -03:00
ppc440.h
ppc_booke.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
ppc.c ppc/e500: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
ppce500_spin.c powerpc tcg: Fix Lesser GPL version number 2020-11-15 16:38:50 +01:00
prep_systemio.c ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
prep.c ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
rs6000_mc.c Do not include hw/boards.h if it's not really necessary 2021-05-02 17:24:51 +02:00
sam460ex.c ppc/40x: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
spapr_caps.c Trivial: 3 char repeat typos 2022-06-28 11:06:02 +02:00
spapr_cpu_core.c hw/ppc: free env->tb_env in spapr_unrealize_vcpu() 2022-04-04 08:49:06 +02:00
spapr_drc.c hw/ppc/spapr_drc.c: use g_autofree in spapr_drc_by_index() 2022-03-02 06:51:40 +01:00
spapr_events.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
spapr_hcall.c ppc: Check partition and process table alignment 2022-07-18 13:59:43 -03:00
spapr_iommu.c spapr/ddw: Reset DMA when the last non-default window is removed 2022-07-06 10:22:37 -03:00
spapr_irq.c spapr/xics: Drop unused argument to xics_kvm_has_broken_disconnect() 2020-12-14 15:50:55 +11:00
spapr_numa.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr_nvdimm.c hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c 2022-07-28 10:31:54 -03:00
spapr_ovec.c spapr: Improve handling of memory unplug with old guests 2021-01-19 10:20:29 +11:00
spapr_pci_nvlink2.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr_pci_vfio.c pci: Export pci_for_each_device_under_bus*() 2021-11-01 19:36:11 -04:00
spapr_pci.c spapr/ddw: Implement 64bit query extension 2022-07-06 10:22:37 -03:00
spapr_rng.c Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
spapr_rtas_ddw.c spapr/ddw: Implement 64bit query extension 2022-07-06 10:22:37 -03:00
spapr_rtas.c hw/ppc: change indentation to spaces from TABs 2022-04-20 18:00:30 -03:00
spapr_rtc.c rtc: Have event RTC_CHANGE identify the RTC by QOM path 2022-02-28 11:39:35 +01:00
spapr_softmmu.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
spapr_tpm_proxy.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr_vio.c hw/ppc/spapr_vio.c: use g_autofree in spapr_dt_vdevice() 2022-03-02 06:51:40 +01:00
spapr_vof.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr.c ppc: Check partition and process table alignment 2022-07-18 13:59:43 -03:00
trace-events ppc/ppc405: Restore TCR and STR write handlers 2022-01-04 07:55:34 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
virtex_ml507.c ppc/40x: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
vof.c ppc/vof: Fix uninitialized string tracing 2022-04-20 18:00:30 -03:00