qemu/hw/display
Gerd Hoffmann 44b5c1ebfa qxl: map rom r/o
Map qxl rom read-only into the guest, so the guest can't tamper with the
content.  qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list.  A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
2020-03-02 08:24:36 +01:00
..
ads7846.c migration: Define VMSTATE_INSTANCE_ID_ANY 2020-01-20 09:10:23 +01:00
artist.c hw/display/artist: Remove dead code (CID 1419388 & 1419389) 2020-02-18 11:21:47 -08:00
ati_2d.c ati-vga: Fix reverse bit blts 2019-07-05 09:50:33 +02:00
ati_dbg.c ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati_int.h ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati_regs.h ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
bcm2835_fb.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
blizzard.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
bochs-display.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
cg3.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
cirrus_vga_internal.h hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file 2018-10-15 09:57:33 +02:00
cirrus_vga_isa.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
dpcd.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
edid-generate.c Arithmetic error in EDID generation fixed 2020-03-02 08:20:30 +01:00
edid-region.c Include exec/memory.h slightly less 2019-08-16 13:31:52 +02:00
exynos4210_fimd.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
framebuffer.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
framebuffer.h
g364fb.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
i2c-ddc.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
jazz_led.c mips: jazz: Renovate coding style 2019-12-16 13:04:46 +01:00
Kconfig hppa: Add emulation of Artist graphics 2020-01-27 10:49:51 -08:00
macfb.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
Makefile.objs hw/*/Makefile.objs: Move many .o files to common-objs 2020-02-04 09:00:57 +01:00
milkymist-tmu2.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
milkymist-vgafb_template.h
milkymist-vgafb.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
next-fb.c m68k: Add NeXTcube framebuffer device emulation 2019-09-07 08:30:34 +02:00
omap_dss.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
omap_lcd_template.h
omap_lcdc.c Remove unnecessary cast when using the cpu_[physical]_memory API 2020-02-20 14:47:08 +01:00
pl110_template.h
pl110.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
pxa2xx_lcd.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
pxa2xx_template.h
qxl-logger.c
qxl-render.c console: add graphic_hw_update_done() 2020-01-02 13:54:57 +04:00
qxl.c qxl: map rom r/o 2020-03-02 08:24:36 +01:00
qxl.h qxl: introduce hardware revision 5 2020-02-13 08:31:40 +01:00
ramfb-standalone.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
ramfb.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
sii9022.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
sm501_template.h
sm501.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
ssd0303.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ssd0323.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
tc6393xb_template.h
tc6393xb.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
tcx.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
trace-events hppa: Add emulation of Artist graphics 2020-01-27 10:49:51 -08:00
vga_int.h vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vga_regs.h Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
vga-access.h vga: move access helpers to separate include file 2019-09-19 10:37:46 +02:00
vga-helpers.h vga: move access helpers to separate include file 2019-09-19 10:37:46 +02:00
vga-isa-mm.c vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vga-isa.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
vga-pci.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
vga.c vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vhost-user-gpu-pci.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
vhost-user-gpu.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
vhost-user-vga.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
virtio-gpu-3d.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
virtio-gpu-base.c virtio-gpu: split virtio-gpu, introduce virtio-gpu-base 2019-05-29 06:30:45 +02:00
virtio-gpu-pci.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-gpu.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-vga.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-vga.h Clean up a header guard symbols (again) 2019-06-12 13:20:21 +02:00
vmware_vga.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
xenfb.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
xlnx_dp.c display: xlnx_dp: Provide sufficient bytes for silent audio channel 2019-11-21 07:12:28 +01:00