mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f2dd05b9f
qemu/include/hw
History
Dmitry Frolov f59caeca76 hw/cxl: Fix out of bound array access 
According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up
to 16. This also corresponds to CXL r3.0 spec. So, the fw->target_hbs[]
array is iterated from 0 to 15. But it is statically declared of length 8.
Thus, out of bound array access may occur.

Fixes: c28db9e000 ("hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV")
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Link: https://lore.kernel.org/r/20230913101055.754709-1-frolov@swemel.ru
Cc: qemu-stable@nongnu.org
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit de5bbfc602)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-10-03 02:00:54 +03:00
..
acpi tpm: Extend common APIs to support TPM TIS I2C 2023-04-20 08:17:15 -04:00
adc hw/arm/npcm7xx: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
arm arm: spelling fixes 2023-07-25 17:13:53 +03:00
audio
block hw/block: replace TABs with space 2023-03-24 11:45:46 +01:00
char escc: emulate dip switch language layout settings on SUN keyboard 2023-06-28 10:54:25 +01:00
core plugins: force slow path when plugins instrument memory ops 2023-07-03 12:51:58 +01:00
cpu
cris include: Include headers where needed 2023-01-08 01:54:22 -05:00
cxl hw/cxl: Fix out of bound array access 2023-10-03 02:00:54 +03:00
display include: Include headers where needed 2023-01-08 01:54:22 -05:00
dma include: Include headers where needed 2023-01-08 01:54:22 -05:00
firmware
gpio
hyperv
i2c hw/i2c/aspeed: Fix Tx count and Rx size error in buffer pool mode 2023-09-21 19:35:19 +03:00
i386 include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts 2023-08-03 16:16:17 -04:00
ide hw/ide: Extract bmdma_status_writeb() 2023-07-11 00:11:25 +02:00
input hw/input: Clean up includes 2023-02-08 07:16:23 +01:00
intc arm: spelling fixes 2023-07-25 17:13:53 +03:00
ipack
ipmi
isa hw/isa/vt82c686: Remove via_isa_set_irq() 2023-07-11 00:11:25 +02:00
kvm
loongarch hw/loongarch/virt: Set max 256 cpus support on loongarch virt machine 2023-05-15 19:09:33 +08:00
m68k q800: move macfb device to Q800MachineState 2023-06-22 09:30:11 +02:00
mem
mips hw/mips/bootloader: Handle buffers as opaque arrays 2023-01-13 09:32:32 +01:00
misc hw/misc: sifive_e_aon: Support the watchdog timer of HiFive 1 rev b. 2023-07-10 22:29:14 +10:00
net hw/net/dp8393x.c: move TYPE_DP8393X and dp8393xState into dp8393x.h 2023-06-22 09:25:40 +02:00
nubus
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-02 03:10:46 -05:00
openrisc
pci pcie: Specify 0 for ARI next function numbers 2023-07-10 18:59:32 -04:00
pci-bridge
pci-host hw/pci-host/i440fx: Resolve i440fx_init() 2023-07-10 16:29:17 -04:00
ppc hw/ppc: Reset timebase facilities on machine reset 2023-09-25 23:44:30 +03:00
rdma
remote include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
riscv hw/riscv: sifive_e: Support the watchdog timer of HiFive 1 rev b. 2023-07-10 22:29:15 +10:00
rtc hw/rtc: Rename rtc_[get|set]_memory -> mc146818rtc_[get|set]_cmos_data 2023-02-27 22:29:02 +01:00
rx
s390x s390x: spelling fixes 2023-07-25 17:13:45 +03:00
scsi scsi: fetch unit attention when creating the request 2023-07-14 11:10:58 +02:00
sd hw: sd: allwinner-sdhost: Add sun50i-a64 SoC support 2023-06-06 10:19:33 +01:00
sensor
sh4
southbridge hw/isa/piix3: Resolve redundant TYPE_PIIX3_XEN_DEVICE 2023-06-07 15:07:10 +01:00
sparc
ssi Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
timer hw: Replace isa_get_irq() by isa_bus_get_irq() when ISABus is available 2023-02-27 22:29:02 +01:00
tricore Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
usb include: Include headers where needed 2023-01-08 01:54:22 -05:00
vfio vfio/migration: Return bool type for vfio_migration_realize() 2023-07-10 09:52:52 +02:00
virtio include/hw/virtio/virtio-gpu: Fix virtio-gpu with blob on big endian hosts 2023-08-23 16:58:41 +03:00
watchdog hw/watchdog: Allwinner WDT emulation for system reset 2023-04-20 10:21:13 +01:00
xen xen: Don't pass MemoryListener around by value 2023-08-01 10:22:33 +01:00
xtensa
boards.h memory-device: Track used region size in DeviceMemoryState 2023-07-12 09:25:37 +02:00
clock.h
elf_ops.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
fw-path-provider.h
hotplug.h pci: fix 'hotplugglable' property behavior 2023-03-07 12:38:59 -05:00
hw.h
ide.h hw/ide: Declare ide_get_[geometry/bios_chs_trans] in 'hw/ide/internal.h' 2023-02-27 22:29:02 +01:00
irq.h
loader-fit.h
loader.h hw: arm: Support direct boot for Linux/arm64 EFI zboot images 2023-03-06 14:08:12 +00:00
nmi.h
or-irq.h hw: Replace qemu_or_irq typedef by OrIRQState 2023-02-27 13:27:05 +00:00
pcmcia.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
platform-bus.h
ptimer.h
qdev-clock.h
qdev-core.h include/hw: document the device_class_set_parent_* fns 2023-07-10 18:59:32 -04:00
qdev-dma.h
qdev-properties-system.h
qdev-properties.h
register.h
registerfields.h
resettable.h
stream.h
sysbus.h
usb.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vmstate-if.h