mii/qemu
1
0
Fork 0
mirror of https://github.com/mii443/qemu.git synced 2025-08-23 23:49:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
stable-3.0
qemu/hw/ppc
History
Prasad J Pandit 8d25276172 ppc/pnv: check size before data buffer access 
While performing PowerNV memory r/w operations, the access length
'sz' could exceed the data[4] buffer size. Add check to avoid OOB
access.

Reported-by: Moguofang <moguofang@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit d07945e78e)
*CVE-2018-18954
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2019-04-02 13:17:03 -05:00
..
e500-ccsr.h
e500.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
e500.h
platform-bus-device: use device plug callback instead of machine_done notifier
2018-05-10 18:10:56 +01:00
e500plat.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
fdt.c
target/ppc: Split page size information into a separate allocation
2018-04-27 18:05:22 +10:00
mac_newworld.c
ppc: fix default VGA display for Mac machines
2018-07-07 12:12:27 +10:00
mac_oldworld.c
ppc: fix default VGA display for Mac machines
2018-07-07 12:12:27 +10:00
mac.h
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
Makefile.objs
hw/ppc: Give sam46ex its own config option
2018-07-03 09:56:52 +10:00
mpc8544_guts.c
shutdown: Add source information to SHUTDOWN and RESET
2017-05-23 13:28:17 +02:00
mpc8544ds.c
ppc: e500: switch E500 based machines to full machine definition
2018-04-27 18:05:23 +10:00
pnv_bmc.c
Include qapi/error.h exactly where needed
2018-02-09 13:50:17 +01:00
pnv_core.c
ppc/pnv: fix pnv_core_realize() error handling
2018-07-03 09:56:51 +10:00
pnv_lpc.c
ppc/pnv: check size before data buffer access
2019-04-02 13:17:03 -05:00
pnv_occ.c
ppc/pnv: Add OCC model stub with interrupt support
2017-04-26 12:00:42 +10:00
pnv_psi.c
ppc/pnv: change powernv_ prefix to pnv_ for overall naming consistency
2018-01-10 12:53:00 +11:00
pnv_xscom.c
Include qapi/error.h exactly where needed
2018-02-09 13:50:17 +01:00
pnv.c
hw: Directly use "qemu/units.h" instead of "qemu/cutils.h"
2018-07-02 15:41:12 +02:00
ppc4xx_devs.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
ppc4xx_pci.c
pci: Rename root bus initialization functions for clarity
2017-12-05 19:13:45 +02:00
ppc405_boards.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
ppc405_uc.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
ppc405.h
ppc4xx: Export ECB and PLB emulation
2017-09-08 09:30:55 +10:00
ppc440_bamboo.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
ppc440_pcix.c
sam460ex: Fix PCI interrupts with multiple devices
2018-08-01 11:01:38 +10:00
ppc440_uc.c
ppc440_uc: Fix a copy/paste error
2018-07-07 12:12:27 +10:00
ppc440.h
ppc440_uc: Basic emulation of PPC440 DMA controller
2018-07-03 09:56:52 +10:00
ppc_booke.c
ppc_booke: drop useless assignment
2017-05-07 09:57:51 +03:00
ppc.c
Include qapi/error.h exactly where needed
2018-02-09 13:50:17 +01:00
ppce500_spin.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
prep_systemio.c
prep: add PReP System I/O
2017-01-31 10:10:13 +11:00
prep.c
ppc: fix default VGA display for PReP machines
2018-07-07 12:12:34 +10:00
rs6000_mc.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
sam460ex.c
sam460ex: Fix PCI interrupts with multiple devices
2018-08-01 11:01:38 +10:00
spapr_caps.c
spapr: compute default value of "hpt-max-page-size" later
2018-07-03 10:20:15 +10:00
spapr_cpu_core.c
spapr_cpu_core: vmstate_[un]register per-CPU data from (un)realizefn
2019-03-18 21:04:30 -05:00
spapr_drc.c
hw/ppc/spapr_drc: Replace error_setg(&error_abort) by error_report() + abort()
2018-06-12 09:33:52 +10:00
spapr_events.c
spapr: split the IRQ allocation sequence
2018-06-21 21:22:53 +10:00
spapr_hcall.c
target/ppc, spapr: Move VPA information to machine_data
2018-06-16 16:32:50 +10:00
spapr_iommu.c
iommu: Add IOMMU index argument to translate method
2018-06-15 15:23:34 +01:00
spapr_ovec.c
Purge uses of banned g_assert_FOO()
2018-06-13 13:47:35 +02:00
spapr_pci_vfio.c
Include qapi/error.h exactly where needed
2018-02-09 13:50:17 +01:00
spapr_pci.c
spapr: split the IRQ allocation sequence
2018-06-21 21:22:53 +10:00
spapr_rng.c
spapr_rng: Convert to DEFINE_PROP_LINK
2017-07-14 12:04:43 +02:00
spapr_rtas_ddw.c
machine: rename MemoryHotplugState to DeviceMemoryState
2018-05-07 10:00:02 -03:00
spapr_rtas.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00
spapr_rtc.c
qapi: Empty out qapi-schema.json
2018-03-02 13:45:50 -06:00
spapr_vio.c
spapr/vio: quiet down the "irq" property accessors
2018-07-07 12:12:27 +10:00
spapr.c
spapr: Correct inverted test in spapr_pc_dimm_node()
2018-07-16 11:18:09 +10:00
trace-events
uninorth: create new uninorth device
2018-05-04 15:00:37 +10:00
virtex_ml507.c
hw/ppc: Use the IEC binary prefix definitions
2018-07-02 15:41:16 +02:00