qemu/include/hw
Dmitry Frolov de5bbfc602 hw/cxl: Fix out of bound array access
According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up
to 16. This also corresponds to CXL r3.0 spec. So, the fw->target_hbs[]
array is iterated from 0 to 15. But it is statically declared of length 8.
Thus, out of bound array access may occur.

Fixes: c28db9e000 ("hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV")
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Link: https://lore.kernel.org/r/20230913101055.754709-1-frolov@swemel.ru
Cc: qemu-stable@nongnu.org
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-09-21 11:31:18 +03:00
..
acpi include/: spelling fixes 2023-09-08 13:08:52 +03:00
adc hw/arm/npcm7xx: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
arm hw/arm/versal: Connect the CFRAME_REG and CFRAME_BCAST_REG 2023-09-08 16:41:35 +01:00
audio introduce -audio as a replacement for -soundhw 2022-05-14 12:33:44 +02:00
block m25p80: Introduce an helper to retrieve the BlockBackend of a device 2023-09-01 11:40:04 +02:00
char include/: spelling fixes 2023-09-08 13:08:52 +03:00
core accel/tcg: Simplify tlb_plugin_lookup 2023-09-16 14:57:15 +00:00
cpu Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
cris include: Include headers where needed 2023-01-08 01:54:22 -05:00
cxl hw/cxl: Fix out of bound array access 2023-09-21 11:31:18 +03:00
display include: Include headers where needed 2023-01-08 01:54:22 -05:00
dma include: Include headers where needed 2023-01-08 01:54:22 -05:00
firmware hw/smbios: add core_count2 to smbios table type 4 2022-11-07 14:08:17 -05:00
gpio hw/gpio/nrf51: implement DETECT signal 2023-08-22 17:30:59 +01:00
hyperv include/: spelling fixes 2023-09-08 13:08:52 +03:00
i2c aspeed queue: 2023-09-06 11:14:55 -04:00
i386 i386: spelling fixes 2023-09-20 07:54:34 +03:00
ide hw/ide: Extract bmdma_status_writeb() 2023-07-11 00:11:25 +02:00
input hw/input: Clean up includes 2023-02-08 07:16:23 +01:00
intc arm: spelling fixes 2023-07-25 17:13:53 +03:00
ipack ipack: Rename ipack_bus_new_inplace() to ipack_bus_init() 2021-09-30 13:42:10 +01:00
ipmi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
isa hw/isa/vt82c686: Remove via_isa_set_irq() 2023-07-11 00:11:25 +02:00
loongarch hw/loongarch/virt: Set max 256 cpus support on loongarch virt machine 2023-05-15 19:09:33 +08:00
m68k q800: move macfb device to Q800MachineState 2023-06-22 09:30:11 +02:00
mem nvdimm: Reject writing label data to ROM instead of crashing QEMU 2023-09-19 10:23:21 +02:00
mips hw/mips/bootloader: Handle buffers as opaque arrays 2023-01-13 09:32:32 +01:00
misc target-arm queue: 2023-09-11 09:10:37 -04:00
net include/: spelling fixes 2023-09-08 13:08:52 +03:00
nubus Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
nvram bulk: Do not declare function prototypes using 'extern' keyword 2023-08-31 19:47:43 +02:00
openrisc hw/openrisc: Split re-usable boot time apis out to boot.c 2022-09-04 07:02:56 +01:00
pci trivial patches for 2023-09-08 2023-09-08 10:06:25 -04:00
pci-bridge pci/pci_expander_bridge: For CXL HB delay the HB register memory region setup. 2022-06-09 19:32:49 -04:00
pci-host spapr: Remove support for NVIDIA V100 GPU with NVLink2 2023-09-18 07:25:28 -03:00
ppc ppc: spelling fixes 2023-09-20 07:54:34 +03:00
rdma qapi: introduce x-query-rdma QMP command 2021-11-02 15:55:14 +00:00
remote include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
riscv riscv: spelling fixes 2023-09-08 13:08:52 +03:00
rtc hw/rtc/aspeed_rtc: Use 64-bit offset for holding time_t difference 2023-08-31 09:45:18 +01:00
rx Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
s390x s390x: spelling fixes 2023-07-25 17:13:45 +03:00
scsi scsi: fetch unit attention when creating the request 2023-07-14 11:10:58 +02:00
sd hw/sd: Introduce a "sd-card" SPI variant model 2023-09-01 11:40:04 +02:00
sensor hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators 2022-07-14 16:24:38 +02:00
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
southbridge hw/isa/piix3: Resolve redundant TYPE_PIIX3_XEN_DEVICE 2023-06-07 15:07:10 +01:00
sparc hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
ssi include/: spelling fixes 2023-09-08 13:08:52 +03:00
timer hw: Replace isa_get_irq() by isa_bus_get_irq() when ISABus is available 2023-02-27 22:29:02 +01:00
tricore Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
usb include: Include headers where needed 2023-01-08 01:54:22 -05:00
vfio vfio/migration: Refactor PRE_COPY and RUNNING state checks 2023-09-11 08:34:05 +02:00
virtio include/: spelling fixes 2023-09-08 13:08:52 +03:00
watchdog hw/watchdog: Allwinner WDT emulation for system reset 2023-04-20 10:21:13 +01:00
xen xen_arm: Initialize RAM and add hi/low memory regions 2023-08-30 18:23:08 -07:00
xtensa Include hw/irq.h a lot less 2019-08-16 13:31:52 +02:00
boards.h include/: spelling fixes 2023-09-08 13:08:52 +03:00
clock.h include/: spelling fixes 2023-09-08 13:08:52 +03:00
elf_ops.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
fw-path-provider.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
hotplug.h pci: fix 'hotplugglable' property behavior 2023-03-07 12:38:59 -05:00
hw.h compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
ide.h hw/ide: Declare ide_get_[geometry/bios_chs_trans] in 'hw/ide/internal.h' 2023-02-27 22:29:02 +01:00
irq.h hw/core/irq: remove unused 'qemu_irq_split' function 2022-04-21 11:37:04 +01:00
loader-fit.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
loader.h hw: arm: Support direct boot for Linux/arm64 EFI zboot images 2023-03-06 14:08:12 +00:00
nmi.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
or-irq.h hw: Replace qemu_or_irq typedef by OrIRQState 2023-02-27 13:27:05 +00:00
pcmcia.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
platform-bus.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ptimer.h ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
qdev-clock.h clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
qdev-core.h bulk: Do not declare function prototypes using 'extern' keyword 2023-08-31 19:47:43 +02:00
qdev-dma.h
qdev-properties-system.h qdev: Reuse DEFINE_PROP in all DEFINE_PROP_* macros 2020-12-18 15:20:17 -05:00
qdev-properties.h qdev-properties: Add a new macro with bitmask check for uint64_t property 2022-05-14 12:32:41 +02:00
register.h hw/core/register: Add more 64-bit utilities 2021-09-01 11:59:12 +10:00
registerfields.h hw/registerfields: Add shared fields macros 2022-06-22 09:49:34 +02:00
resettable.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
stream.h hw/core/stream: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
sysbus.h qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros 2020-09-18 14:12:32 -04:00
usb.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vmstate-if.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00