mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw/display
History
Gerd Hoffmann 44b5c1ebfa qxl: map rom r/o 
Map qxl rom read-only into the guest, so the guest can't tamper with the
content.  qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list.  A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
2020-03-02 08:24:36 +01:00
..
ads7846.c
migration: Define VMSTATE_INSTANCE_ID_ANY
2020-01-20 09:10:23 +01:00
artist.c
hw/display/artist: Remove dead code (CID 1419388 & 1419389)
2020-02-18 11:21:47 -08:00
ati_2d.c
ati_dbg.c
ati-vga: Implement dummy VBlank IRQ
2019-08-22 10:04:20 +02:00
ati_int.h
ati-vga: Implement dummy VBlank IRQ
2019-08-22 10:04:20 +02:00
ati_regs.h
ati-vga: Implement dummy VBlank IRQ
2019-08-22 10:04:20 +02:00
ati.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
bcm2835_fb.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
blizzard.c
bochs-display.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
cg3.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
cirrus_vga_internal.h
cirrus_vga_isa.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
dpcd.c
Include migration/vmstate.h less
2019-08-16 13:31:52 +02:00
edid-generate.c
Arithmetic error in EDID generation fixed
2020-03-02 08:20:30 +01:00
edid-region.c
Include exec/memory.h slightly less
2019-08-16 13:31:52 +02:00
exynos4210_fimd.c
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument
2020-02-20 14:47:08 +01:00
framebuffer.c
Include hw/hw.h exactly where needed
2019-08-16 13:31:52 +02:00
framebuffer.h
g364fb.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
i2c-ddc.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
jazz_led.c
mips: jazz: Renovate coding style
2019-12-16 13:04:46 +01:00
Kconfig
hppa: Add emulation of Artist graphics
2020-01-27 10:49:51 -08:00
macfb.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
Makefile.objs
hw/*/Makefile.objs: Move many .o files to common-objs
2020-02-04 09:00:57 +01:00
milkymist-tmu2.c
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument
2020-02-20 14:47:08 +01:00
milkymist-vgafb_template.h
milkymist-vgafb.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
next-fb.c
m68k: Add NeXTcube framebuffer device emulation
2019-09-07 08:30:34 +02:00
omap_dss.c
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument
2020-02-20 14:47:08 +01:00
omap_lcd_template.h
omap_lcdc.c
Remove unnecessary cast when using the cpu_[physical]_memory API
2020-02-20 14:47:08 +01:00
pl110_template.h
pl110.c
Include migration/vmstate.h less
2019-08-16 13:31:52 +02:00
pxa2xx_lcd.c
Include migration/vmstate.h less
2019-08-16 13:31:52 +02:00
pxa2xx_template.h
qxl-logger.c
qxl-render.c
console: add graphic_hw_update_done()
2020-01-02 13:54:57 +04:00
qxl.c
qxl: map rom r/o
2020-03-02 08:24:36 +01:00
qxl.h
qxl: introduce hardware revision 5
2020-02-13 08:31:40 +01:00
ramfb-standalone.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
ramfb.c
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument
2020-02-20 14:47:08 +01:00
sii9022.c
Include migration/vmstate.h less
2019-08-16 13:31:52 +02:00
sm501_template.h
sm501.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
ssd0303.c
Include migration/vmstate.h less
2019-08-16 13:31:52 +02:00
ssd0323.c
Include migration/vmstate.h less
2019-08-16 13:31:52 +02:00
tc6393xb_template.h
tc6393xb.c
Include hw/hw.h exactly where needed
2019-08-16 13:31:52 +02:00
tcx.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
trace-events
hppa: Add emulation of Artist graphics
2020-01-27 10:49:51 -08:00
vga_int.h
vga: cleanup mapping of VRAM for non-PCI VGA
2019-12-18 02:34:13 +01:00
vga_regs.h
vga-access.h
vga: move access helpers to separate include file
2019-09-19 10:37:46 +02:00
vga-helpers.h
vga: move access helpers to separate include file
2019-09-19 10:37:46 +02:00
vga-isa-mm.c
vga: cleanup mapping of VRAM for non-PCI VGA
2019-12-18 02:34:13 +01:00
vga-isa.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
vga-pci.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
vga.c
vga: cleanup mapping of VRAM for non-PCI VGA
2019-12-18 02:34:13 +01:00
vhost-user-gpu-pci.c
vhost-user-gpu.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
vhost-user-vga.c
virtio-gpu-3d.c
virtio-gpu-base.c
virtio-gpu-pci.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
virtio-gpu.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
virtio-vga.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
virtio-vga.h
vmware_vga.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
xenfb.c
Include hw/hw.h exactly where needed
2019-08-16 13:31:52 +02:00
xlnx_dp.c
display: xlnx_dp: Provide sufficient bytes for silent audio channel
2019-11-21 07:12:28 +01:00