qemu/include/hw
Peter Delevoryas 87bd33e8b0 hw: aspeed_gpio: Fix GPIO array indexing
The gpio array is declared as a dense array:

  qemu_irq gpios[ASPEED_GPIO_NR_PINS];

(AST2500 has 228, AST2400 has 216, AST2600 has 208)

However, this array is used like a matrix of GPIO sets
(e.g. gpio[NR_SETS][NR_PINS_PER_SET] = gpio[8][32])

  size_t offset = set * GPIOS_PER_SET + gpio;
  qemu_set_irq(s->gpios[offset], !!(new & mask));

This can result in an out-of-bounds access to "s->gpios" because the
gpio sets do _not_ have the same length. Some of the groups (e.g.
GPIOAB) only have 4 pins. 228 != 8 * 32 == 256.

To fix this, I converted the gpio array from dense to sparse, to that
match both the hardware layout and this existing indexing code.

Fixes: 4b7f956862 ("hw/gpio: Add basic Aspeed GPIO model for AST2400 and AST2500")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20211008033501.934729-2-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-10-12 08:20:08 +02:00
..
acpi hw/i386/acpi: fix conflicting IO address range for acpi pci hotplug in q35 2021-10-05 17:30:57 -04:00
adc adc: Move the max111x driver to the adc directory 2021-06-17 07:10:32 -05:00
arm hw/arm: xlnx-zcu102: Add Xilinx eFUSE device 2021-09-30 13:42:10 +01:00
audio
block block: Add backend_defaults property 2021-07-06 14:28:55 +01:00
char hw/char/mchp_pfsoc_mmuart: QOM'ify PolarFire MMUART 2021-10-07 08:41:33 +10:00
core hw/core/cpu: Re-sort the non-pointers to the end of CPUClass 2021-10-05 16:53:17 -07:00
cpu Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
cris hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
display macfb: add vertical blank interrupt 2021-10-08 13:31:03 +02:00
dma hw/dma/xlnx-zdma Always expect 'dma' link property to be set 2021-08-26 17:01:59 +01:00
firmware hw/smbios: support for type 41 (onboard devices extended information) 2021-05-14 10:26:18 -04:00
gpio hw: aspeed_gpio: Fix GPIO array indexing 2021-10-12 08:20:08 +02:00
hyperv Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
i2c aspeed/i2c: QOMify AspeedI2CBus 2021-10-12 08:20:08 +02:00
i386 acpi: x86: set enabled when composing _MAT entries 2021-10-05 17:30:57 -04:00
ide ide: Rename ide_bus_new() to ide_bus_init() 2021-09-30 13:44:13 +01:00
input hw/input/lm832x: Define TYPE_LM8323 in public header 2021-07-08 14:15:01 -05:00
intc hw/intc: Upgrade the SiFive CLINT implementation to RISC-V ACLINT 2021-09-21 07:56:49 +10:00
ipack ipack: Rename ipack_bus_new_inplace() to ipack_bus_init() 2021-09-30 13:42:10 +01:00
ipmi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
isa hw/ide: Fix crash when plugging a piix3-ide device into the x-remote machine 2021-07-19 10:08:45 +02:00
kvm target/i386: always create kvmclock device 2020-09-30 19:11:36 +02:00
m68k hw/m68k/next-cube: Add missing header comment to next-cube.h 2021-01-19 09:11:52 +01:00
mem pc-dimm: remove unnecessary get_vmstate_memory_region() method 2021-05-14 10:26:18 -04:00
mips hw/mips: Add a bootloader helper 2021-02-21 18:41:04 +01:00
misc aspeed: Emulate the AST2600A3 2021-09-20 08:50:59 +02:00
net hw/net: Add npcm7xx emc model 2021-03-05 15:17:34 +00:00
nubus nubus: add support for slot IRQs 2021-09-29 10:45:19 +02:00
nvram hw/nvram: Introduce Xilinx battery-backed ram 2021-09-30 13:42:10 +01:00
pci pci: Rename pci_root_bus_new_inplace() to pci_root_bus_init() 2021-09-30 13:42:10 +01:00
pci-bridge Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pci-host hw/pci: remove all references to find_i440fx function 2021-09-04 17:34:05 -04:00
ppc hw/intc: openpic: Clean up the styles 2021-09-30 12:26:06 +10:00
rdma Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
remote multi-process: perform device reset in the remote process 2021-02-10 09:23:28 +00:00
riscv hw/riscv: virt: Add optional ACLINT support to virt machine 2021-09-21 07:56:49 +10:00
rtc m48t59: remove legacy m48t59_init() function 2020-10-18 16:21:42 +01:00
rx Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
s390x s390x: Replace PAGE_SIZE, PAGE_SHIFT and PAGE_MASK 2021-09-06 16:25:27 +02:00
scsi scsi: Replace scsi_bus_new() with scsi_bus_init(), scsi_bus_init_named() 2021-09-30 13:42:10 +01:00
sd Pull request trivial patches 20210220 2021-02-21 12:12:18 +00:00
sensor sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00
sh4 hw/sh4: Add missing license 2021-03-06 16:18:42 +01:00
southbridge Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
sparc hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
ssi aspeed/smc: Remove unused attribute 'irqline' 2021-10-12 08:20:08 +02:00
timer hw/timer: Add SiFive PWM support 2021-09-21 07:56:49 +10:00
tricore hw/tricore: Add testdevice for tests in tests/tcg/ 2021-05-18 09:36:21 +01:00
usb Remove leading underscores from QEMU defines 2021-06-21 05:49:01 +02:00
vfio vfio: Query and store the maximum number of possible DMA mappings 2021-07-08 15:54:45 -04:00
virtio vhost-vsock: handle common features in vhost-vsock-common 2021-10-05 17:30:57 -04:00
watchdog watchdog: aspeed: Sanitize control register values 2021-09-20 08:50:59 +02:00
xen xen: Free xenforeignmemory_resource at exit 2021-05-10 13:43:58 +01:00
xtensa
boards.h machine: Move smp_prefer_sockets to struct SMPCompatProps 2021-10-01 15:29:15 +02:00
clock.h clock: Provide builtin multiplier/divider 2021-09-01 11:08:19 +01:00
elf_ops.h Remove the deprecated moxie target 2021-05-12 17:42:23 +02:00
fw-path-provider.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
hotplug.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
hw.h
ide.h
irq.h
loader-fit.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
loader.h hw/loader: Restrict PC_ROM_* definitions to hw/i386/pc 2021-09-27 10:57:21 +02:00
nmi.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
or-irq.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
pcmcia.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
platform-bus.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ptimer.h ptimer: Add new ptimer_set_period_from_clock() function 2021-01-29 15:54:42 +00:00
qdev-clock.h clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
qdev-core.h qbus: Rename qbus_create() to qbus_new() 2021-09-30 13:44:08 +01:00
qdev-dma.h
qdev-properties-system.h qdev: Reuse DEFINE_PROP in all DEFINE_PROP_* macros 2020-12-18 15:20:17 -05:00
qdev-properties.h qdev-properties: PropertyInfo: add realized_set_allowed field 2021-09-01 12:57:31 +02:00
register.h hw/core/register: Add more 64-bit utilities 2021-09-01 11:59:12 +10:00
registerfields.h hw/registerfields: Use 64-bit bitfield for FIELD_DP64 2021-09-01 11:59:12 +10:00
resettable.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
stream.h hw/core/stream: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
sysbus.h qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros 2020-09-18 14:12:32 -04:00
usb.h usb: drop usb_host_dev_is_scsi_storage hook 2021-07-09 18:21:33 +02:00
vmstate-if.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00