- 20 6月, 2016 1 次提交
-
-
由 Eduardo Habkost 提交于
error_propagate() already ignores local_err==NULL, so there's no need to check it before calling. Coccinelle patch used to perform the changes added to scripts/coccinelle/error_propagate_null.cocci. Reviewed-by: NEric Blake <eblake@redhat.com> Acked-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <1465855078-19435-2-git-send-email-ehabkost@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
- 17 6月, 2016 1 次提交
-
-
由 Paolo Bonzini 提交于
qemu/osdep.h checks whether MAP_ANONYMOUS is defined, but this check is bogus without a previous inclusion of sys/mman.h. Include it in sysemu/os-posix.h and remove it from everywhere else. Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 14 6月, 2016 1 次提交
-
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NStefano Stabellini <sstabellini@kernel.org> Signed-off-by: NStefano Stabellini <sstabellini@kernel.org>
-
- 13 6月, 2016 2 次提交
-
-
由 Peter Maydell 提交于
Use stl_le_p() and ldl_le_p() to read and write data from buffers, rather than using pointer casts and cpu_to_le32() for writes and le32_to_cpup() for reads. This: * avoids lots of casts * works even if the buffer isn't as aligned as the host would like * avoids using the *_to_cpup() functions which we want to get rid of Note that there may still be some places where a pointer from the guest is cast to a pointer to a host structure; these would also have to be changed for the device to work on a host CPU which enforces alignment restrictions. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1465573077-29221-1-git-send-email-peter.maydell@linaro.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
This patch changes usb-host behavior in case we hostbus= and hostaddr= properties are used to identify the usb device in question. Instead of adding the device to the hotplug watchlist we try to open directly using the given bus number and device address. Putting a device specified by hostaddr to the hotplug watchlist isn't a great idea as the address isn't a fixed property. It changes every time the device is plugged in. So considering this case as "use the device at bus:addr _now_" is more sane. Also usb-host will throw errors in case it can't initialize the host device. Note: For devices on the hotplug watchlist (hostport or vendorid or productid specified) qemu continues to ignore errors and keeps monitoring the usb bus to see if the device eventually shows up. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1464945175-28939-1-git-send-email-kraxel@redhat.com
-
- 07 6月, 2016 3 次提交
-
-
由 Laurent Vivier 提交于
Replace (((n) + (d) - 1) /(d)) by DIV_ROUND_UP(n,d). This patch is the result of coccinelle script scripts/coccinelle/round.cocci CC: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: NLaurent Vivier <lvivier@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
由 Laurent Vivier 提交于
muldiv64(a, 1, b) is like "a / b". This patch is the result of coccinelle script scripts/coccinelle/remove_muldiv64.cocci. Signed-off-by: NLaurent Vivier <lvivier@redhat.com> Reviewed-by: NRichard Henderson <rth@twiddle.net> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
由 Laurent Vivier 提交于
muldiv64() is "uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)" Some time it is used as muldiv64(uint32_t a, uint64_t b, uint32_t c)" This patch is the result of coccinelle script scripts/coccinelle/swap_muldiv64.cocci to reorder arguments. Signed-off-by: NLaurent Vivier <lvivier@redhat.com> Reviewed-by: NRichard Henderson <rth@twiddle.net> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 23 5月, 2016 2 次提交
-
-
由 Thomas Huth 提交于
QEMU currently crashes when an OHCI controller is instantiated with too many ports, e.g. "-device pci-ohci,num-ports=100,masterbus=1". Thus add a proper check in usb_ohci_init() to make sure that we do not use more than OHCI_MAX_PORTS = 15 ports here. Ticket: https://bugs.launchpad.net/qemu/+bug/1581308Signed-off-by: NThomas Huth <thuth@redhat.com> Message-id: 1463995387-11710-1-git-send-email-thuth@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Juergen Gross 提交于
Add a backend for para-virtualized USB devices for xen domains. The backend is using host-libusb to forward USB requests from a domain via libusb to the real device(s) passed through. Signed-off-by: NJuergen Gross <jgross@suse.com> Acked-by: NAnthony PERARD <anthony.perard@citrix.com> Message-id: 1463062421-613-4-git-send-email-jgross@suse.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 11 5月, 2016 3 次提交
-
-
由 Stefan Weil 提交于
This is a hack to support compilation with Mingw-w64 which provides a libusb-1.0 package, but no poll.h. Signed-off-by: NStefan Weil <sw@weilnetz.de> Message-id: 1458630800-10088-1-git-send-email-sw@weilnetz.de Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Isaac Lozano 提交于
If an application uses libmtp on the guest system, it will complain with the warning message: LIBMTP WARNING: VendorExtensionID: ffffffff LIBMTP WARNING: VendorExtensionDesc: (null) LIBMTP WARNING: this typically means the device is PTP (i.e. a camera) but not a MTP device at all. Trying to continue anyway. This is because libmtp expects a MTP Vendor Extension ID of 0x00000006 and a MTP Version of 0x0064. These numbers are taken from Microsoft's MTP Vendor Extension Identification Message page and are what most physical devices show. Signed-off-by: NIsaac Lozano <109lozanoi@gmail.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1460892593-5908-1-git-send-email-109lozanoi@gmail.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Roman Kagan 提交于
This patch is a rough fix to a memory corruption we are observing when running VMs with xhci USB controller and OVMF firmware. Specifically, on the following call chain xhci_reset xhci_disable_slot xhci_disable_ep xhci_set_ep_state QEMU overwrites guest memory using stale guest addresses. This doesn't happen when the guest (firmware) driver sets up xhci for the first time as there are no slots configured yet. However when the firmware hands over the control to the OS some slots and endpoints are already set up with their context in the guest RAM. Now the OS' driver resets the controller again and xhci_set_ep_state then reads and writes that memory which is now owned by the OS. As a quick fix, skip calling xhci_set_ep_state in xhci_disable_ep if the device context base address array pointer is zero (indicating we're in the HC reset and no DMA is possible). Cc: qemu-stable@nongnu.org Signed-off-by: NRoman Kagan <rkagan@virtuozzo.com> Message-id: 1462384435-1034-1-git-send-email-rkagan@virtuozzo.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 25 4月, 2016 1 次提交
-
-
由 Gerd Hoffmann 提交于
commit "5f77e06b usb: add pid check at the first of uhci_handle_td()" moved the pid verification to the start of the uhci_handle_td function, to simplify the error handling (we don't have to free stuff which we didn't allocate in the first place ...). Problem is now the check fires too often, it raises error IRQs even for TDs which we are not going to process because they are not set active. So, lets move down the check a bit, so it is done only for active TDs, but still before we are going to allocate stuff to process the requested transfer. Reported-by: NJoe Clifford <joe@thunderbug.co.uk> Tested-by: NJoe Clifford <joe@thunderbug.co.uk> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1461321893-15811-1-git-send-email-kraxel@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 22 4月, 2016 1 次提交
-
-
由 Fam Zheng 提交于
All callers pass "false" keeping the old semantics. The windows implementation doesn't distinguish the flag yet. On posix, it is passed down to the underlying aio context. Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 19 4月, 2016 2 次提交
-
-
由 Gerd Hoffmann 提交于
This reverts commit 156a2e4d. Breaks FreeBSD. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
Commit "156a2e4d ehci: make idt processing more robust" tries to avoid a DoS by the guest (create a circular iTD queue and let qemu ehci emulation run in circles forever). Unfortunately this has two problems: First it misses the case of siTDs, and second it reportedly breaks FreeBSD. So lets go for a different approach: just count the number of iTDs and siTDs we have seen per frame and apply a limit. That should really catch all cases now. Reported-by: N杜少博 <dushaobo@360.cn> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 23 3月, 2016 3 次提交
-
-
由 Veronia Bahaa 提交于
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: NVeronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Rutuja Shah 提交于
This patch replaces get_ticks_per_sec() calls with the macro NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec() is then removed. This replacement improves the readability and understandability of code. For example, timer_mod(fdctrl->result_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50)); NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns matches the unit of the expression on the right side of the plus. Signed-off-by: NRutuja Shah <rutu.shah.26@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Markus Armbruster 提交于
Commit 57cb38b3 included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 18 3月, 2016 6 次提交
-
-
由 Prasad J Pandit 提交于
USB Ehci emulation supports host controller capability registers. But its mmio '.write' function was missing, which lead to a null pointer dereference issue. Add a do nothing 'ehci_caps_write' definition to avoid it; Do nothing because capability registers are Read Only(RO). Reported-by: NZuozhi Fzz <zuozhi.fzz@alibaba-inc.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Matthew Fortune 提交于
inotify_init1 usage was guarded by a check for linux but does not exist on older distributions like CentOS 5 resulting in build failures. Signed-off-by: NMatthew Fortune <matthew.fortune@imgtec.com> Message-id: 6D39441BF12EF246A7ABCE6654B023536BB85D4A@hhmail02.hh.imgtec.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Peter Xu 提交于
Signed-off-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1457503640-31473-1-git-send-email-peterx@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Peter Xu 提交于
Use heap instead of stack. Signed-off-by: NPeter Xu <peterx@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Peter Xu 提交于
All the callers for xhci_dma_write_u32s() are using mostly 5 * uint32_t in len. To avoid unbound stack warning for the function, make it statically allocated, and assert when it's not big enough in the future. Signed-off-by: NPeter Xu <peterx@redhat.com> Message-id: 1457661106-9569-1-git-send-email-peterx@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Stefan Weil 提交于
Mingw-w64 does not provide sys/ioctl.h and Linux builds don't need it, so remove that include statement. ERROR is defined by wingdi.h (included via windows.h). Undefine it before it is redefined to avoid a compiler warning / error. Signed-off-by: NStefan Weil <sw@weilnetz.de> Message-id: 1458159439-32322-1-git-send-email-sw@weilnetz.de Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 29 2月, 2016 1 次提交
-
-
由 Fam Zheng 提交于
If dropping packets, data is freed, the caller's loop should not continue. Reported by ccc-analyzer. Signed-off-by: NFam Zheng <famz@redhat.com> Message-id: 1456301288-1592-1-git-send-email-famz@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 23 2月, 2016 7 次提交
-
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Gerd Hoffmann 提交于
Allocate timer once, at init time, instead of allocating/freeing it all the time when starting/stopping the bus. Simplifies the code, also fixes bugs (memory leak) due to missing checks whenever the time is already allocated or not. Cc: Prasad J Pandit <pjp@fedoraproject.org> Reported-by: NZuozhi Fzz <zuozhi.fzz@alibaba-inc.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gonglei 提交于
pid can be gotten from uhci device memory in uhci_handle_td(), so the guest can trigger assert qemu if we get an invalid pid. And the uhci spec 2.1.2 tells us The Host Controller sets Host Controller Process Error bit to 1 when it detects a fatal error and indicates that the Host Controller suffered a consistency check failure while processing a Transfer Descriptor. An example of a consistency check failure would be finding an illegal PID field while processing the packet header portion of the TD. When this error occurs, the Host Controller clears the Run/Stop bit in the Command register to prevent further schedule execution. We'd better to set UHCI_STS_HCPERR and kick an interrupt, check the pid value at the first of uhci_handle_td function. https://bugzilla.redhat.com/show_bug.cgi?id=1070027Signed-off-by: NGonglei <arei.gonglei@huawei.com> Message-id: 1455867238-4720-1-git-send-email-arei.gonglei@huawei.com [ applied minor codestyle fix ] Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Prasad J Pandit 提交于
When processing remote NDIS control message packets, the USB Net device emulator uses a fixed length(4096) data buffer. The incoming informationBufferOffset & Length combination could overflow and cross that range. Check control message buffer offsets and length to avoid it. Reported-by: NQinghao Tang <luodalongde@gmail.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Prasad J Pandit 提交于
When processing remote NDIS control message packets, the USB Net device emulator uses a fixed length(4096) data buffer. The incoming packet length could exceed this limit. Add a check to avoid it. Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-id: 1455648821-17340-2-git-send-email-ppandit@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Peter Maydell 提交于
The TUSB6010 is a USB controller (as the name suggests). Move it from hw/timer (where it was accidentally filed in 2013 when we moved everything out of hw/) to hw/usb. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1455883404-10976-1-git-send-email-peter.maydell@linaro.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Prasad J Pandit 提交于
When processing remote NDIS control message packets, the USB Net device emulator checks to see if the USB configuration descriptor object is of RNDIS type(2). But it does not check if it is null, which leads to a null dereference error. Add check to avoid it. Reported-by: NQinghao Tang <luodalongde@gmail.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 11 2月, 2016 2 次提交
-
-
由 Cao jin 提交于
Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
由 Cao jin 提交于
Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 09 2月, 2016 2 次提交
-
-
由 Eric Blake 提交于
Similar to the previous patch, it's nice to have all functions in the tree that involve a visitor and a name for conversion to or from QAPI to consistently stick the 'name' parameter next to the Visitor parameter. Done by manually changing include/qom/object.h and qom/object.c, then running this Coccinelle script and touching up the fallout (Coccinelle insisted on adding some trailing whitespace). @ rule1 @ identifier fn; typedef Object, Visitor, Error; identifier obj, v, opaque, name, errp; @@ void fn - (Object *obj, Visitor *v, void *opaque, const char *name, + (Object *obj, Visitor *v, const char *name, void *opaque, Error **errp) { ... } @@ identifier rule1.fn; expression obj, v, opaque, name, errp; @@ fn(obj, v, - opaque, name, + name, opaque, errp) Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-20-git-send-email-eblake@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Eric Blake 提交于
JSON uses "name":value, but many of our visitor interfaces were called with visit_type_FOO(v, &value, name, errp). This can be a bit confusing to have to mentally swap the parameter order to match JSON order. It's particularly bad for visit_start_struct(), where the 'name' parameter is smack in the middle of the otherwise-related group of 'obj, kind, size' parameters! It's time to do a global swap of the parameter ordering, so that the 'name' parameter is always immediately after the Visitor argument. Additional reason in favor of the swap: the existing include/qjson.h prefers listing 'name' first in json_prop_*(), and I have plans to unify that file with the qapi visitors; listing 'name' first in qapi will minimize churn to the (admittedly few) qjson.h clients. Later patches will then fix docs, object.h, visitor-impl.h, and those clients to match. Done by first patching scripts/qapi*.py by hand to make generated files do what I want, then by running the following Coccinelle script to affect the rest of the code base: $ spatch --sp-file script `git grep -l '\bvisit_' -- '**/*.[ch]'` I then had to apply some touchups (Coccinelle insisted on TAB indentation in visitor.h, and botched the signature of visit_type_enum() by rewriting 'const char *const strings[]' to the syntactically invalid 'const char*const[] strings'). The movement of parameters is sufficient to provoke compiler errors if any callers were missed. // Part 1: Swap declaration order @@ type TV, TErr, TObj, T1, T2; identifier OBJ, ARG1, ARG2; @@ void visit_start_struct -(TV v, TObj OBJ, T1 ARG1, const char *name, T2 ARG2, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp) { ... } @@ type bool, TV, T1; identifier ARG1; @@ bool visit_optional -(TV v, T1 ARG1, const char *name) +(TV v, const char *name, T1 ARG1) { ... } @@ type TV, TErr, TObj, T1; identifier OBJ, ARG1; @@ void visit_get_next_type -(TV v, TObj OBJ, T1 ARG1, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, TErr errp) { ... } @@ type TV, TErr, TObj, T1, T2; identifier OBJ, ARG1, ARG2; @@ void visit_type_enum -(TV v, TObj OBJ, T1 ARG1, T2 ARG2, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp) { ... } @@ type TV, TErr, TObj; identifier OBJ; identifier VISIT_TYPE =~ "^visit_type_"; @@ void VISIT_TYPE -(TV v, TObj OBJ, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, TErr errp) { ... } // Part 2: swap caller order @@ expression V, NAME, OBJ, ARG1, ARG2, ERR; identifier VISIT_TYPE =~ "^visit_type_"; @@ ( -visit_start_struct(V, OBJ, ARG1, NAME, ARG2, ERR) +visit_start_struct(V, NAME, OBJ, ARG1, ARG2, ERR) | -visit_optional(V, ARG1, NAME) +visit_optional(V, NAME, ARG1) | -visit_get_next_type(V, OBJ, ARG1, NAME, ERR) +visit_get_next_type(V, NAME, OBJ, ARG1, ERR) | -visit_type_enum(V, OBJ, ARG1, ARG2, NAME, ERR) +visit_type_enum(V, NAME, OBJ, ARG1, ARG2, ERR) | -VISIT_TYPE(V, OBJ, NAME, ERR) +VISIT_TYPE(V, NAME, OBJ, ERR) ) Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-19-git-send-email-eblake@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
- 02 2月, 2016 2 次提交
-
-
由 Gerd Hoffmann 提交于
After clearing the status register we also have to update the irq line status. Otherwise a irq which happends to be pending at reset time causes a interrupt storm. And the guest can't stop as the status register doesn't indicate any pending interrupt. Both NetBSD and FreeBSD hang on shutdown because of that. Cc: qemu-stable@nongnu.org Reported-by: NAndrey Korolyov <andrey@xdel.ru> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1453203884-4125-1-git-send-email-kraxel@redhat.com
-
由 Prasad J Pandit 提交于
While processing isochronous transfer descriptors(iTD), the page select(PG) field value could lead to an OOB read access. Add check to avoid it. Reported-by: NQinghao Tang <luodalongde@gmail.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-