qemu/hw/display
Gerd Hoffmann 7e486f7577 vmsvga: shadow fifo registers
The fifo is normal ram.  So kvm vcpu threads and qemu iothread can
access the fifo in parallel without syncronization.  Which in turn
implies we can't use the fifo pointers in-place because the guest
can try changing them underneath us.  So add shadows for them, to
make sure the guest can't modify them after we've applied sanity
checks.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-4-git-send-email-kraxel@redhat.com
2016-06-06 09:04:24 +02:00
..
ads7846.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
bcm2835_fb.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
blizzard.c hw/display/blizzard: Remove blizzard_template.h 2016-05-12 13:22:30 +01:00
cg3.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
cirrus_vga_rop2.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
cirrus_vga_rop.h cirrus: Fix host CPU blits 2014-07-11 10:17:02 +02:00
cirrus_vga.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
exynos4210_fimd.c hw/display: QOM'ify exynos4210_fimd.c 2016-05-12 13:22:27 +01:00
framebuffer.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
framebuffer.h framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer 2015-07-24 13:57:45 +02:00
g364fb.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
jazz_led.c hw/display: QOM'ify jazz_led.c 2016-05-13 09:33:38 +01:00
Makefile.objs bcm2835_fb: add framebuffer device for Raspberry Pi 2016-03-16 17:42:18 +00:00
milkymist-tmu2.c lm32: Clean up includes 2016-01-29 15:07:22 +00:00
milkymist-vgafb_template.h milkymist-vgafb: swap pixel data in source buffer 2014-02-04 19:34:30 +01:00
milkymist-vgafb.c lm32: Clean up includes 2016-01-29 15:07:22 +00:00
omap_dss.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
omap_lcd_template.h omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
omap_lcdc.c omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
pl110_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
pl110.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
pxa2xx_lcd.c arm: Clean up includes 2016-01-29 15:07:23 +00:00
pxa2xx_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
qxl-logger.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl-render.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl.c qxl: lock current_async update in qxl_soft_reset 2016-03-01 07:51:32 +01:00
qxl.h qxl: allow to specify head limit to qxl driver 2015-07-16 17:31:05 +02:00
sm501_template.h hw: use ld_p/st_p instead of ld_raw/st_raw 2014-06-05 16:04:17 +02:00
sm501.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
ssd0303.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
ssd0323.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
tc6393xb_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
tc6393xb.c qemu-common: stop including qemu/host-utils.h from qemu-common.h 2016-05-19 16:42:28 +02:00
tcx.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
vga_int.h vga: add sr_vbe register set 2016-05-23 14:28:25 +02:00
vga-helpers.h vga: Rename vga_template.h to vga-helpers.h 2014-09-30 13:34:09 +02:00
vga-isa-mm.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga-isa.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga-pci.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga.c vga: add sr_vbe register set 2016-05-23 14:28:25 +02:00
vga.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
virtio-gpu-3d.c virtio-gpu: check max_outputs only 2016-05-23 13:30:03 +02:00
virtio-gpu-pci.c virtio: Clean up includes 2016-01-29 15:07:23 +00:00
virtio-gpu.c virtio-gpu: fix scanout rectangles 2016-06-03 09:05:28 +02:00
virtio-vga.c virtio-vga: propagate on gpu realized error 2016-05-23 13:30:03 +02:00
vmware_vga.c vmsvga: shadow fifo registers 2016-06-06 09:04:24 +02:00
xenfb.c xenfb: use the correct condition to avoid excessive looping 2016-04-12 10:16:08 -07:00