- 21 4月, 2017 1 次提交
-
-
由 Suramya Shah 提交于
Signed-off-by: NSuramya Shah <shah.suramya@gmail.com> Message-id: 20170415180316.2694-1-shah.suramya@gmail.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 28 1月, 2017 1 次提交
-
-
由 Marc-André Lureau 提交于
Pick a uniform chardev type name. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 09 1月, 2017 1 次提交
-
-
由 Corey Minyard 提交于
Add a return value to the event handler. Some I2C devices will NAK if they have no data, so allow them to do this. This required the following changes: Go through all the event handlers and change them to return int and return 0. Modify i2c_start_transfer to terminate the transaction on a NAK. Modify smbus handing to not assert if a NAK occurs on a second operation, and terminate the transaction and return -1 instead. Add some information on semantics to I2CSlaveClass. Signed-off-by: NCorey Minyard <cminyard@mvista.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 27 12月, 2016 2 次提交
-
-
由 Alastair D'Silva 提交于
Add a NULL check for i2c slave init callbacks, so that we no longer need to implement empty init functions. Signed-off-by: NAlastair D'Silva <alastair@d-silva.org> Message-id: 20161202054617.6749-4-alastair@au1.ibm.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> [PMM: squashed in later tweak from Alistair to if() phrasing] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Alastair D'Silva 提交于
Remove trailing whitespace in hw/arm/pxa2xx.c Signed-off-by: NAlastair D'Silva <alastair@d-silva.org> Message-id: 20161202054617.6749-3-alastair@au1.ibm.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 28 10月, 2016 1 次提交
-
-
由 Guenter Roeck 提交于
The code used default values for PXA270 to configure CCCR. For PXA255, the resulting register value is invalid (unsupported) and resulted in a division by zero in the Linux kernel. Use default values from datasheet instead. Signed-off-by: NGuenter Roeck <linux@roeck-us.net> Message-id: 1477361273-18888-1-git-send-email-linux@roeck-us.net [PMM: fixed tabs-vs-spaces nit] Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 24 10月, 2016 5 次提交
-
-
由 Marc-André Lureau 提交于
No need to keep explicit_fe_open around if it affects only a qemu_chr_fe_set_handlers(). Use an additional argument instead. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-24-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
In most cases, front ends do not care about the side effect of CharBackend, so we can simply skip the checks and call the qemu_chr_fe functions even without associated CharDriver. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-20-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Now that all front end use qemu_chr_fe_init(), we can move chardev claiming in init(), and add a function deinit() to release the chardev and cleanup handlers. The qemu_chr_fe_claim_no_fail() for property are gone, since the property will raise an error instead. In other cases, where there is already an error path, an error is raised instead. Finally, other cases are handled by &error_abort in qemu_chr_fe_init(). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-19-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
This also switches from qemu_chr_add_handlers() to qemu_chr_fe_set_handlers(). Note that qemu_chr_fe_set_handlers() now takes the focus when fe_open (qemu_chr_add_handlers() did take the focus) Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-16-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Store the property in a CharBackend instead of CharDriverState*. This also replace systematically chr by chr.chr to access the CharDriverState*. The following patches will replace it with calls to qemu_chr_fe CharBackend functions. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-12-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 18 10月, 2016 1 次提交
-
-
由 Vijay Kumar B 提交于
If a name is provided, the same name is assigned to both the I2C controllers. Leaving it NULL, causes names to be automatically assigned with an ID suffix, giving unique names to each controller. This helps us to uniquely identify each controller in the device tree, for example when adding an I2C device. Signed-off-by: NVijay Kumar B. <vijaykumar@zilogic.com> Reviewed-by: NDeepak S. <deepak@zilogic.com> Message-id: 1476351885-8905-1-git-send-email-vijaykumar@zilogic.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 14 9月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
The qemu_chr_fe_write method will return -1 on EAGAIN if the chardev backend write would block. Almost no callers of the qemu_chr_fe_write() method check the return value, instead blindly assuming data was successfully sent. In most cases this will lead to silent data loss on interactive consoles, but in some cases (eg RNG EGD) it'll just cause corruption of the protocol being spoken. We unfortunately can't fix the virtio-console code, due to a bug in the Linux guest drivers, which would cause the entire Linux kernel to hang if we delay processing of the incoming data in any way. Fixing this requires first fixing the guest driver to not hold spinlocks while writing to the hvc device backend. Fixes bug: https://bugs.launchpad.net/qemu/+bug/1586756Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473170165-540-4-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 13 6月, 2016 1 次提交
-
-
由 Eduardo Habkost 提交于
Simplify initialization logic by removing the usb_enabled() check. The USB controller is part of the SoC, so it doesn't make sense to create a system where it is not present. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: qemu-arm@nongnu.org, Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1465419025-21519-2-git-send-email-ehabkost@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 12 5月, 2016 1 次提交
-
-
由 xiaoqiang.zhao 提交于
Drop the use of old SysBus init function and use instance_init Signed-off-by: Nxiaoqiang zhao <zxq_yx_007@163.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 23 3月, 2016 3 次提交
-
-
由 Veronia Bahaa 提交于
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: NVeronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Markus Armbruster 提交于
Commit 57cb38b3 included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 21 1月, 2016 1 次提交
-
-
由 Alistair Francis 提交于
Move the ssi.h include file into the ssi directory. While touching the code also fix the typdef lines as checkpatch complains. Signed-off-by: NAlistair Francis <alistair.francis@xilinx.com> Reviewed-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 19 1月, 2016 1 次提交
-
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1449505425-32022-4-git-send-email-peter.maydell@linaro.org
-
- 09 10月, 2015 1 次提交
-
-
由 Paolo Bonzini 提交于
This causes the region to outlive the object, because it attaches the region to /machine. This is not nice for the "realize" method, but much worse for "instance_init" because it can cause dangling pointers after a simple object_new/object_unref pair. Reported-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Tested-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com> Reviewed-by: NThomas Huth <thuth@redhat.com>
-
- 18 9月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
Symptom: $ qemu-system-x86_64 -m 10000000 Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456: upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory Aborted (core dumped) Root cause: commit ef701d7b screwed up handling of out-of-memory conditions. Before the commit, we report the error and exit(1), in one place, ram_block_add(). The commit lifts the error handling up the call chain some, to three places. Fine. Except it uses &error_abort in these places, changing the behavior from exit(1) to abort(), and thus undoing the work of commit 39228250 "exec: Don't abort when we can't allocate guest memory". The three places are: * memory_region_init_ram() Commit 49946538 (right after commit ef701d7b) lifted the error handling further, through memory_region_init_ram(), multiplying the incorrect use of &error_abort. Later on, imitation of existing (bad) code may have created more. * memory_region_init_ram_ptr() The &error_abort is still there. * memory_region_init_rom_device() Doesn't need fixing, because commit 33e0eb52 (soon after commit ef701d7b) lifted the error handling further, and in the process changed it from &error_abort to passing it up the call chain. Correct, because the callers are realize() methods. Fix the error handling after memory_region_init_ram() with a Coccinelle semantic patch: @r@ expression mr, owner, name, size, err; position p; @@ memory_region_init_ram(mr, owner, name, size, ( - &error_abort + &error_fatal | err@p ) ); @script:python@ p << r.p; @@ print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column) When the last argument is &error_abort, it gets replaced by &error_fatal. This is the fix. If the last argument is anything else, its position is reported. This lets us check the fix is complete. Four positions get reported: * ram_backend_memory_alloc() Error is passed up the call chain, ultimately through user_creatable_complete(). As far as I can tell, it's callers all handle the error sanely. * fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize() DeviceClass.realize() methods, errors handled sanely further up the call chain. We're good. Test case again behaves: $ qemu-system-x86_64 -m 10000000 qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory [Exit 1 ] The next commits will repair the rest of commit ef701d7b's damage. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com> Reviewed-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
-
- 07 9月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Coccinelle semantic patch: @@ type T; @@ -g_malloc(sizeof(T)) +g_new(T, 1) @@ type T; @@ -g_try_malloc(sizeof(T)) +g_try_new(T, 1) @@ type T; @@ -g_malloc0(sizeof(T)) +g_new0(T, 1) @@ type T; @@ -g_try_malloc0(sizeof(T)) +g_try_new0(T, 1) @@ type T; expression n; @@ -g_malloc(sizeof(T) * (n)) +g_new(T, n) @@ type T; expression n; @@ -g_try_malloc(sizeof(T) * (n)) +g_try_new(T, n) @@ type T; expression n; @@ -g_malloc0(sizeof(T) * (n)) +g_new0(T, n) @@ type T; expression n; @@ -g_try_malloc0(sizeof(T) * (n)) +g_try_new0(T, n) @@ type T; expression p, n; @@ -g_realloc(p, sizeof(T) * (n)) +g_renew(T, p, n) @@ type T; expression p, n; @@ -g_try_realloc(p, sizeof(T) * (n)) +g_try_renew(T, p, n) @@ type T; expression n; @@ -(T *)g_new(T, n) +g_new(T, n) @@ type T; expression n; @@ -(T *)g_new0(T, n) +g_new0(T, n) @@ type T; expression p, n; @@ -(T *)g_renew(T, p, n) +g_renew(T, p, n) Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1440524394-15640-1-git-send-email-armbru@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 16 6月, 2015 4 次提交
-
-
由 Peter Maydell 提交于
The pxa2xx-ssp device is already a QOM device but is still using the old-style register_savevm(); convert to VMState. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1434117989-7367-5-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
The pxa2xx_ssp device was missing a reset method; add one. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPeter Crosthwaite <peter..crosthwaite@xilinx.com> Message-id: 1434117989-7367-4-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Convert the pxa2xx-fir device to QOM, including using a VMState for its migration info. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1434117989-7367-3-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
The pxa2xx custom coprocessor registers in cp6 and cp14 do device accesses, so mark the non-constant regs as ARM_CP_IO so that icount works correctly and doesn't abort. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1434117989-7367-2-git-send-email-peter.maydell@linaro.org
-
- 26 4月, 2015 1 次提交
-
-
由 Sergey Fedorov 提交于
Rename the field holding CPACR_EL1 system register state in AArch64 naming style. Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> [PMM: also fixed a couple of missed occurrences in cpu.c] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 09 1月, 2015 1 次提交
-
-
由 Marcel Apfelbaum 提交于
The argument is not longer used and the implementation uses now QOM instead of QemuOpts. Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NAlexander Graf <agraf@suse.de> Message-id: 1420550957-22337-4-git-send-email-marcel@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 07 1月, 2015 1 次提交
-
-
由 Marcel Apfelbaum 提交于
The argument is not longer used and the implementation uses now QOM instead of QemuOpts. Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NAlexander Graf <agraf@suse.de>
-
- 11 12月, 2014 3 次提交
-
-
由 Fabian Aggeler 提交于
When EL3 is running in AArch32 (or ARMv7 with Security Extensions) DACR has a secure and a non-secure instance. Adds definition for DACR32_EL2. Signed-off-by: NFabian Aggeler <aggelerf@ethz.ch> Signed-off-by: NGreg Bellows <greg.bellows@linaro.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1416242878-876-19-git-send-email-greg.bellows@linaro.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Fabian Aggeler 提交于
Adds secure and non-secure bank register suport for TTBR0 and TTBR1. Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as well as a CP register definition for TTBR0_EL3. Added a union containing both EL based array fields and secure and non-secure fields mapped to them. Updated accesses to use A32_BANKED_CURRENT_REG_GET macro. Signed-off-by: NFabian Aggeler <aggelerf@ethz.ch> Signed-off-by: NGreg Bellows <greg.bellows@linaro.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1416242878-876-17-git-send-email-greg.bellows@linaro.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Fabian Aggeler 提交于
Implements SCTLR_EL3 and uses secure/non-secure instance when needed. Signed-off-by: NFabian Aggeler <aggelerf@ethz.ch> Signed-off-by: NGreg Bellows <greg.bellows@linaro.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1416242878-876-14-git-send-email-greg.bellows@linaro.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 20 10月, 2014 2 次提交
-
-
由 Markus Armbruster 提交于
Device models should access their block backends only through the block-backend.h API. Convert them, and drop direct includes of inappropriate headers. Just four uses of BlockDriverState are left: * The Xen paravirtual block device backend (xen_disk.c) opens images itself when set up via xenbus, bypassing blockdev.c. I figure it should go through qmp_blockdev_add() instead. * Device model "usb-storage" prompts for keys. No other device model does, and this one probably shouldn't do it, either. * ide_issue_trim_cb() uses bdrv_aio_discard() instead of blk_aio_discard() because it fishes its backend out of a BlockAIOCB, which has only the BlockDriverState. * PC87312State has an unused BlockDriverState[] member. The next two commits take care of the latter two. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Markus Armbruster 提交于
The patch is big, but all it really does is replacing dinfo->bdrv by blk_bs(blk_by_legacy_dinfo(dinfo)) The replacement is repetitive, but the conversion of device models to BlockBackend is imminent, and will shorten it to just blk_legacy_dinfo(dinfo). Line wrapping muddies the waters a bit. I also omit tests whether dinfo->bdrv is null, because it never is. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NBenoît Canet <benoit.canet@nodalink.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 09 9月, 2014 1 次提交
-
-
由 Hu Tao 提交于
Add parameter errp to memory_region_init_ram and update all call sites to pass in &error_abort. Signed-off-by: NHu Tao <hutao@cn.fujitsu.com> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 01 7月, 2014 1 次提交
-
-
由 Andreas Färber 提交于
Replace qemu_allocate_irqs(foo, bar, 1)[0] with qemu_allocate_irq(foo, bar, 0). This avoids leaking the dereferenced qemu_irq *. Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NAndreas Färber <afaerber@suse.de> [PC Changes: * Applied change to instance in sh4/sh7750.c ] Signed-off-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: NKirill Batuzov <batuzovk@ispras.ru> [AF: Fix IRQ index in sh4/sh7750.c] Cc: qemu-stable@nongnu.org Signed-off-by: NAndreas Färber <afaerber@suse.de>
-
- 13 5月, 2014 1 次提交
-
-
由 Juan Quintela 提交于
After commit 767adce2, they are redundant. This way we don't assign them except when needed. Once there, there were lots of cases where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (apart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: NJuan Quintela <quintela@redhat.com> [PMM: fixed minor conflict, corrected commit message typos] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 06 5月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
CVE-2013-4533 s->rx_level is read from the wire and used to determine how many bytes to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the length of s->rx_fifo[] the buffer can be overrun with arbitrary data from the wire. Fix this by validating rx_level against the size of s->rx_fifo. Cc: Don Koch <dkoch@verizon.com> Reported-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NDon Koch <dkoch@verizon.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 10 3月, 2014 1 次提交
-
-
由 Peter Maydell 提交于
Add missing 'U' suffixes to avoid potentially shifting into the sign bit of a signed integer. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1392988008-15938-2-git-send-email-peter.maydell@linaro.org
-