qemu/hw
Gerd Hoffmann 7e486f7577 vmsvga: shadow fifo registers
The fifo is normal ram.  So kvm vcpu threads and qemu iothread can
access the fifo in parallel without syncronization.  Which in turn
implies we can't use the fifo pointers in-place because the guest
can try changing them underneath us.  So add shadows for them, to
make sure the guest can't modify them after we've applied sanity
checks.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-4-git-send-email-kraxel@redhat.com
2016-06-06 09:04:24 +02:00
..
9pfs 9p: drop unused declaration from coth.h 2016-05-18 15:04:27 +03:00
acpi acpi: do not use TARGET_PAGE_SIZE 2016-05-19 16:42:28 +02:00
alpha alpha: include cpu-qom.h in files that require AlphaCPU 2016-05-19 16:42:27 +02:00
arm Add ENET device to i.MX6 SOC. 2016-06-02 10:42:46 +08:00
audio hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
block dma-helpers: change interface to byte-based 2016-05-25 19:04:11 +02:00
bt bt: rewrite csrhci_write to avoid out-of-bounds writes 2016-05-29 09:11:11 +02:00
char hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
core qdev: Start disentangling bus from device 2016-05-26 14:06:41 +01:00
cpu explicitly include qom/cpu.h 2016-05-19 16:42:27 +02:00
cris hw/char: QOM'ify etraxfs_ser.c 2016-05-29 09:11:10 +02:00
display vmsvga: shadow fifo registers 2016-06-06 09:04:24 +02:00
dma hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
gpio hw: clean up hw/hw.h includes 2016-05-19 16:42:30 +02:00
i2c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
i386 pc: Set CPU model-id on compat_props for pc <= 2.4 2016-05-23 13:19:36 -03:00
ide dma-helpers: change BlockBackend to opaque value in DMAIOFunc 2016-05-25 19:04:11 +02:00
input hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
intc ioapic: clear remote irr bit for edge-triggered interrupts 2016-05-23 16:53:43 +02:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
isa explicitly include qom/cpu.h 2016-05-19 16:42:27 +02:00
lm32 hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
microblaze util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
mips mips: use MIPSCPU instead of CPUMIPSState 2016-05-19 16:42:27 +02:00
misc memory: remove qemu_get_ram_fd, qemu_set_ram_fd, qemu_ram_block_host_ptr 2016-05-29 09:11:12 +02:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net -----BEGIN PGP SIGNATURE----- 2016-06-02 14:26:57 +01:00
nvram vl: Replace DT_NOGRAPHIC with machine option 2016-05-20 14:28:54 -03:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci pcie: Introduce function for DSN capability creation 2016-06-02 10:42:26 +08:00
pci-bridge hw/pci-bridge: Add missing unref in case register-bus fails 2016-04-07 19:57:33 +03:00
pci-host hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc ppc: Do some batching of TCG tlb flushes 2016-05-30 13:20:04 +10:00
s390x s390: use FILE instead of QEMUFile for creating text file 2016-05-26 11:31:05 +05:30
scsi scsi-generic: Merge block max xfer len in INQUIRY response 2016-05-29 09:11:12 +02:00
sd hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
sh4 cpu: move exec-all.h inclusion out of cpu.h 2016-05-19 16:42:29 +02:00
smbios include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
sparc vl: Replace DT_NOGRAPHIC with machine option 2016-05-20 14:28:54 -03:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
timer aspeed: include qemu/log.h 2016-05-20 13:09:22 +01:00
tpm tpm: Fix write to file descriptor function 2016-04-13 19:52:34 +03:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb usb/ohci: Fix crash with when specifying too many num-ports 2016-05-23 14:59:40 +02:00
vfio vfio: Check that IOMMU MR translates to system address space 2016-05-26 11:12:09 -06:00
virtio memory: split memory_region_from_host from qemu_ram_addr_from_host 2016-05-29 09:11:12 +02:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen xen: write information about supported backends 2016-05-23 13:30:03 +02:00
xenpv xen: add pvUSB backend 2016-05-23 13:30:03 +02:00
xtensa qemu-common: push cpu.h inclusion out of qemu-common.h 2016-05-19 16:42:29 +02:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00