mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,088 Commits 50 Branches 394 Tags
Commit Graph

6381 Commits

Author SHA1 Message Date
Markus Armbruster
7e62255a4b ccid: Fix buffer overrun in handling of VSC_ATR message 
ATR size exceeding the limit is diagnosed, but then we merrily use it
anyway, overrunning card->atr[].

The message is read from a character device.  Obvious security
implications unless the other end of the character device is trusted.

Spotted by Coverity.  CVE-2011-4111.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 2011-11-28 16:20:53 -06:00
Aneesh Kumar K.V
2507718baf 9pfs: improve portability to older systems 
I guess we can also make sure we don't  call local_ioc_getversion at
all.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 2011-11-28 16:19:57 -06:00
Stefan Weil
c16ada980f eepro100: Fix alignment requirement for statistical counters 
According to Intel's Open Source Software Developer Manual,
the dump counters address must be Dword aligned.

The new code enforces this alignment, so s->statsaddr may now
be used with stw_le_pci_dma() and stl_le_pci_dma().

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 2011-11-28 11:36:34 -06:00
Paolo Bonzini
ad0c93328d virtio: add and use virtio_set_features 
vdev->guest_features is not masking features that are not supported by
the guest.  Fix this by introducing a common wrapper to be used by all
virtio bus implementations.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 2011-11-28 11:36:28 -06:00
Paolo Bonzini
ae0f940e6b 9pfs: improve portability to older systems 
Small requirements on "new" features have percolated to virtio-9p-local.c.
In particular, the utimensat wrapper actually only supports dirfd = AT_FDCWD
and flags = AT_SYMLINK_NOFOLLOW in the fallback code.  Remove the arguments
so that virtio-9p-local.c will not use AT_* constants.

At the same time, fail local_ioc_getversion if the ioctl is not supported
by the host.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 2011-11-28 11:36:27 -06:00
Anthony Liguori
13bd0b5026 Merge remote-tracking branch 'kwolf/block-stable' into staging 2011-11-28 11:15:10 -06:00
Anthony Liguori
f04303743a Merge remote-tracking branch 'kraxel/usb.32' into staging 2011-11-28 11:12:39 -06:00
Avi Kivity
f44336c594 omap_l4: rename omap_l4_attach_region() to omap_l4_attach() 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:40:49 +02:00
Avi Kivity
a6dbd3c836 omap_l4: remove omap_l4_attach() 
No longer used.

Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:47 +02:00
Benoît Canet
7487813909 omap_i2c: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:47 +02:00
Benoît Canet
30af1ec729 omap_lcdc: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:47 +02:00
Benoît Canet
1a0726900e omap_spi: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:47 +02:00
Benoît Canet
ba1580299d omap_sx1: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:46 +02:00
Benoît Canet
3892f842c9 omap_l4: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:46 +02:00
Avi Kivity
4852e5d8c3 omap_dss: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:45 +02:00
Avi Kivity
011a98a15b omap2: convert to memory API (part II) 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:45 +02:00
Avi Kivity
9bac7d6c15 omap2: convert to memory API (part I) 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:45 +02:00
Avi Kivity
750ecd444f sysbus: rename sysbus_init_mmio_region() to sysbus_init_mmio() 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:45 +02:00
Avi Kivity
3f7f1c8067 sysbus: remove sysbus_init_mmio() 
No longer used - replaced by sysbus_init_mmio_region().

Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
9a542a4821 bonito: convert cop to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
def344a6ea bonito: convert ldma to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
845cbeb8e3 bonito: convert south bridge pci config to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
183e1d40db bonito: convert north bridge pci config to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
89200979aa bonito: convert north bridge register mapping to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
0aa27efa93 lm32_sys: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:43 +02:00
Benoît Canet
5f2be17af1 lm32_uart: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:42 +02:00
Benoît Canet
663d94467a mcf_intc: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:42 +02:00
Benoît Canet
c65fc1dff3 mcf_fec: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:42 +02:00
Benoît Canet
aa6e4986b8 mcf_uart: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:42 +02:00
Benoît Canet
653fa85c9a mcf5206: convert to memory API 
Signed-off-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:42 +02:00
Avi Kivity
9244b42dea omap_gpio: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:41 +02:00
Avi Kivity
7405165e26 omap_dma: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:41 +02:00
Avi Kivity
6a0148e7b5 omap_sdrc: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:41 +02:00
Avi Kivity
9832b74c14 omap_gp_timer: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:41 +02:00
Avi Kivity
fcb40162bf omap_synctimer: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:41 +02:00
Avi Kivity
0a9ee1a7d5 omap_tap: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:41 +02:00
Avi Kivity
c304fed7eb omap_mmc: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:40 +02:00
Avi Kivity
f32261498c omap_l4: add memory API variant of omap_l4_attach() 
Also add omap_l4_region_size(), since memory API functions need
the size during initialization.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:40 +02:00
Avi Kivity
a56e423c7c omap: eliminate l4_register_io_memory 
This is a trivial wrapper around cpu_register_io_memory(), adding
no value.  Inline it into all callers.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:40 +02:00
Avi Kivity
92c0bba9a9 omap: remove L4_MUX_HACK 
This was introduced apparently to overcome a limitation on the number of
cpu_register_io_memory() calls.  477b24ef91175 (July 2008) removed use
of the hack, but retained the code.  This patch removes the code as well.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrzej Zaborowski <balrogg@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:39 +02:00
Avi Kivity
aee39503df omap_uart: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-28 15:38:39 +02:00
Avi Kivity
f81138ce97 prep_pci: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Avi Kivity
cd5cba7941 ppce500_pci: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Avi Kivity
da726e5e06 ppc4xx_pci: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Avi Kivity
d09510b276 lm32_timer: convert to memory API 
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Benoît Canet
9a9d0b816b sh_serial: convert to memory API 
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Benoît Canet
b279e5efc0 sh_intc: convert interrupt controller to memory API 
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Benoît Canet
89e2945140 sh_timer: convert to memory API 
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Benoît Canet
1a4004c772 sh7750: convert cache and tlb to memory API 
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00
Benoît Canet
382863e2c6 sh7750: convert memory controller/ioport to memory API 
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
 2011-11-24 18:32:03 +02:00