qemu/hw/acpi
Michael S. Tsirkin 9bd6565cce acpi: validate hotplug selector on access
When bus is looked up on a pci write, we didn't
validate that the lookup succeeded.
Fuzzers thus can trigger QEMU crash by dereferencing the NULL
bus pointer.

Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device")
Fixes: CVE-2021-4158
Cc: "Igor Mammedov" <imammedo@redhat.com>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
2022-01-06 06:11:38 -05:00
..
acpi_interface.c acpi: extend ACPI interface to provide send_event hook 2016-06-07 15:36:54 +03:00
acpi-cpu-hotplug-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-mem-hotplug-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-nvdimm-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-pci-hotplug-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-stub.c Include qmp-commands.h exactly where needed 2018-02-09 13:52:10 +01:00
acpi-x86-stub.c acpi: x86: set enabled when composing _MAT entries 2021-10-05 17:30:57 -04:00
aml-build-stub.c acpi: add aml builder stubs 2020-10-21 11:36:19 +02:00
aml-build.c hw/acpi/aml-build: Add PPTT table 2021-10-21 08:03:58 -07:00
bios-linker-loader.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
core.c acpi/core: always set SCI_EN when SMM isn't supported 2021-02-23 10:58:42 -05:00
cpu_hotplug.c qom: Put name parameter before value / visitor parameter 2020-07-10 15:18:08 +02:00
cpu.c acpi: x86: set enabled when composing _MAT entries 2021-10-05 17:30:57 -04:00
generic_event_device.c acpi/ged: fix reset cause 2021-07-03 03:12:35 -04:00
ghes-stub.c hw/acpi: Provide function acpi_ghes_present() 2021-06-21 16:49:37 +01:00
ghes.c acpi: acpi_build_hest: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00
hmat.c acpi: build_hmat: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00
hmat.h acpi: Permit OEM ID and OEM table ID fields to be changed 2021-02-05 08:52:59 -05:00
ich9.c hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type 2021-11-15 09:44:46 -05:00
ipmi-stub.c ipmi: Fix SSIF ACPI handling to use the right CRS 2019-09-20 14:08:10 -05:00
ipmi.c ipmi: Fix SSIF ACPI handling to use the right CRS 2019-09-20 14:08:10 -05:00
Kconfig hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
memory_hotplug.c memory_hotplug.c: send DEVICE_UNPLUG_GUEST_ERROR in acpi_memory_hotplug_write() 2021-09-30 12:26:06 +10:00
meson.build hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
nvdimm.c nvdimm: release the correct device list 2021-10-05 17:30:57 -04:00
pci.c acpi: build_mcfg: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00
pcihp.c acpi: validate hotplug selector on access 2022-01-06 06:11:38 -05:00
piix4.c hw/acpi: define PIIX4 acpi pci hotplug property strings at a single place 2021-09-04 09:07:45 -04:00
tco.c hw/acpi/tco: Remove unused definitions 2020-09-09 15:26:41 +02:00
tpm.c docs: fix references to docs/specs/tpm.rst 2021-06-02 06:51:09 +02:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
utils.c acpi: Set proper maximum size for "etc/acpi/rsdp" blob 2021-03-22 18:58:19 -04:00
viot.c hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
viot.h hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
vmgenid.c acpi: vmgenid_build_acpi: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00