qemu/hw
Peter Maydell ee03cca88e hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
In gic_deactivate_irq() the interrupt number comes from the guest
(on a write to the GICC_DIR register), so we need to sanity check
that it isn't out of range before we use it as an array index.
Handle this in a similar manner to the check we do in
gic_complete_irq() for the GICC_EOI register.

The array overrun is not disastrous because the calling code
uses (value & 0x3ff) to extract the interrupt field, so the
only out-of-range values possible are 1020..1023, which allow
overrunning only from irq_state[] into the following
irq_target[] array which the guest can already manipulate.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
2018-07-16 17:18:41 +01:00
..
9pfs 9p: darwin: Explicitly cast comparisons of mode_t with -1 2018-06-29 12:32:10 +02:00
acpi nvdimm: make persistence option symbolic 2018-06-11 22:19:57 +03:00
adc Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
alpha hw/alpha: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
arm hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr 2018-07-09 14:51:34 +01:00
audio audio/hda: fix CID 1393631 2018-07-03 11:45:33 +02:00
block Revert "block: Remove deprecated -drive geometry options" 2018-07-10 14:36:12 +02:00
bt hw/bt: Replace fprintf(stderr, "*\n" with error_report() 2018-01-22 09:51:00 +01:00
char Pull request 2018-06-30 13:59:53 +01:00
core Machine/NUMA fixes for -rc0 2018-07-09 21:31:40 +01:00
cpu hw: use "qemu/osdep.h" as first #include in source files 2017-12-18 17:07:02 +03:00
cris hw/cris: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
display sm501: Fix warning about unreachable code 2018-07-16 11:19:10 +10:00
dma hw/dma/omap_dma: Use qemu_log_mask(GUEST_ERROR) instead of fprintf 2018-06-26 17:50:40 +01:00
gpio hw/i2c: Use DeviceClass::realize instead of I2CSlaveClass::init 2018-06-01 15:14:31 +02:00
hppa hw/hppa: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
i2c ppc4xx_i2c: Rewrite to model hardware more closely 2018-07-03 09:56:52 +10:00
i386 pc, virtio: fixes 2018-07-03 09:49:20 +01:00
ide Revert "block: Remove deprecated -drive option serial" 2018-07-10 14:36:11 +02:00
input hw/input/tsc2005: Convert a fprintf() call to trace events 2018-06-29 15:04:18 +01:00
intc hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() 2018-07-16 17:18:41 +01:00
ipack hw/ipack: Use the IEC binary prefix definitions 2018-07-02 15:41:12 +02:00
ipmi object: fix OBJ_PROP_LINK_UNREF_ON_RELEASE ambivalence 2018-06-12 12:07:30 +02:00
isa hw/isa/smc37c669: Change the parallel I/O base to 378H 2018-06-16 19:46:54 -10:00
lm32 hw/lm32: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
m68k hw/m68k: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
mem pc-dimm: get_memory_region() will not fail after realize 2018-06-28 19:05:34 +02:00
microblaze hw/microblaze: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
mips * IEC units series (Philippe) 2018-07-02 19:07:19 +01:00
misc aspeed: Implement write-1-{set, clear} for AST2500 strapping 2018-07-16 17:18:41 +01:00
moxie Change references to serial_hds[] to serial_hd() 2018-04-26 13:57:00 +01:00
net etsec: fix IRQ (un)masking 2018-07-16 11:18:09 +10:00
nios2 hw/nios2: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
nvram hw/ppc: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
openrisc Change references to serial_hds[] to serial_hd() 2018-04-26 13:57:00 +01:00
pci virtio,vhost,pci,pc: features, cleanups 2018-03-20 15:48:34 +00:00
pci-bridge virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
pci-host hw/ppc: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
pcmcia
ppc sam460ex: Correct use after free error 2018-07-16 11:18:32 +10:00
rdma hw/rdma: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
riscv hw/riscv/sifive_u: Connect the Cadence GEM Ethernet device 2018-07-05 15:24:25 -07:00
s390x error: Remove NULL checks on error_propagate() calls 2018-07-11 14:36:54 +02:00
scsi scsi-disk: Block Device Characteristics emulation fix 2018-07-12 18:24:08 +02:00
sd hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset' 2018-07-09 14:51:34 +01:00
sh4 hw/sh4: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
smbios hw/smbios: Use the IEC binary prefix definitions 2018-07-02 15:41:12 +02:00
sparc * IEC units series (Philippe) 2018-07-02 19:07:19 +01:00
sparc64 * IEC units series (Philippe) 2018-07-02 19:07:19 +01:00
ssi hw/ssi/omap_spi: Use qemu_log_mask(GUEST_ERROR) instead of fprintf 2018-06-26 17:50:40 +01:00
timer hw/timer/cmsdk-apb-timer: run or stop timer on writes to RELOAD and VALUE 2018-07-09 14:51:34 +01:00
tpm tpm: extend TPM TIS with state migration support 2018-05-24 12:07:04 -04:00
tricore hw/tricore: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
unicore32 hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h 2018-03-12 16:12:48 +01:00
usb Revert "block: Remove deprecated -drive option serial" 2018-07-10 14:36:11 +02:00
vfio vfio/pci: do not set the PCIDevice 'has_rom' attribute 2018-07-11 13:43:57 -06:00
virtio virtio-rng: process pending requests on DRIVER_OK 2018-06-28 04:46:16 +03:00
watchdog hw/watchdog/wdt_i6300esb: Convert away from old_mmio 2018-06-15 15:23:34 +01:00
xen xen: Don't use memory_region_init_ram_nomigrate() in pci_assign_dev_load_option_rom() 2018-06-22 13:28:42 +01:00
xenpv hw/xen: Use the IEC binary prefix definitions 2018-07-02 15:41:13 +02:00
xtensa hw/xtensa: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
Makefile.objs hw: allow compiling out SCSI 2018-06-01 15:14:31 +02:00