Google Git
Sign in
qemu-android / qemu-android / 92615a5ab96cd2b4981e2aaef40bece6cd7553b6
commit92615a5ab96cd2b4981e2aaef40bece6cd7553b6[log] [tgz]
authorDavid Gibson <david@gibson.dropbear.id.au>Mon Apr 02 14:17:35 2012 +1000
committerAndreas Färber <afaerber@suse.de>Sun Apr 15 20:02:09 2012 +0200
treed3a7437e69595b1da0e5c8bc2169d1ccd40a88fe
parent45e45ed2d61fb287adf03e49c74c152bfd2c975a [diff]
pseries: Fix RTAS based config access

On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO.  This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.

We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common().  Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.

This patch fixes these bugs.

Cc: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Fix typos spotted by mst]
Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed
tree: d3a7437e69595b1da0e5c8bc2169d1ccd40a88fe
  1. audio/
  2. block/
  3. bsd-user/
  4. darwin-user/
  5. default-configs/
  6. docs/
  7. fpu/
  8. fsdev/
  9. gdb-xml/
  10. hw/
  11. include/
  12. libcacard/
  13. linux-headers/
  14. linux-user/
  15. net/
  16. pc-bios/
  17. qapi/
  18. qga/
  19. QMP/
  20. qom/
  21. roms/
  22. scripts/
  23. slirp/
  24. sysconfigs/
  25. target-alpha/
  26. target-arm/
  27. target-cris/
  28. target-i386/
  29. target-lm32/
  30. target-m68k/
  31. target-microblaze/
  32. target-mips/
  33. target-ppc/
  34. target-s390x/
  35. target-sh4/
  36. target-sparc/
  37. target-unicore32/
  38. target-xtensa/
  39. tcg/
  40. tests/
  41. trace/
  42. ui/
  43. .gitignore
  44. .gitmodules
  45. .mailmap
  46. a.out.h
  47. acl.c
  48. acl.h
  49. aes.c
  50. aes.h
  51. aio.c
  52. alpha-dis.c
  53. alpha.ld
  54. arch_init.c
  55. arch_init.h
  56. arm-dis.c
  57. arm-semi.c
  58. arm.ld
  59. async.c
  60. balloon.c
  61. balloon.h
  62. bitmap.c
  63. bitmap.h
  64. bitops.c
  65. bitops.h
  66. block-migration.c
  67. block-migration.h
  68. block.c
  69. block.h
  70. block_int.h
  71. blockdev.c
  72. blockdev.h
  73. bswap.h
  74. bt-host.c
  75. bt-host.h
  76. bt-vhci.c
  77. buffered_file.c
  78. buffered_file.h
  79. cache-utils.c
  80. cache-utils.h
  81. Changelog
  82. cmd.c
  83. cmd.h
  84. CODING_STYLE
  85. compatfd.c
  86. compatfd.h
  87. compiler.h
  88. config.h
  89. configure
  90. console.c
  91. console.h
  92. COPYING
  93. COPYING.LIB
  94. coroutine-gthread.c
  95. coroutine-sigaltstack.c
  96. coroutine-ucontext.c
  97. coroutine-win32.c
  98. cpu-all.h
  99. cpu-common.h
  100. cpu-defs.h
  101. cpu-exec.c
  102. cpus.c
  103. cpus.h
  104. cris-dis.c
  105. cursor.c
  106. cursor_hidden.xpm
  107. cursor_left_ptr.xpm
  108. cutils.c
  109. def-helper.h
  110. device_tree.c
  111. device_tree.h
  112. dis-asm.h
  113. disas.c
  114. disas.h
  115. dma-helpers.c
  116. dma.h
  117. dyngen-exec.h
  118. elf.h
  119. envlist.c
  120. envlist.h
  121. error.c
  122. error.h
  123. error_int.h
  124. event_notifier.c
  125. event_notifier.h
  126. exec-all.h
  127. exec-memory.h
  128. exec-obsolete.h
  129. exec.c
  130. gdbstub.c
  131. gdbstub.h
  132. gen-icount.h
  133. HACKING
  134. hmp-commands.hx
  135. hmp.c
  136. hmp.h
  137. host-utils.c
  138. host-utils.h
  139. hppa-dis.c
  140. hppa.ld
  141. i386-dis.c
  142. i386.ld
  143. ia64-dis.c
  144. ia64.ld
  145. input.c
  146. int128.h
  147. iohandler.c
  148. ioport-user.c
  149. ioport.c
  150. ioport.h
  151. iorange.h
  152. iov.c
  153. iov.h
  154. json-lexer.c
  155. json-lexer.h
  156. json-parser.c
  157. json-parser.h
  158. json-streamer.c
  159. json-streamer.h
  160. kvm-all.c
  161. kvm-stub.c
  162. kvm.h
  163. libfdt_env.h
  164. LICENSE
  165. linux-aio.c
  166. lm32-dis.c
  167. m68k-dis.c
  168. m68k-semi.c
  169. m68k.ld
  170. main-loop.c
  171. main-loop.h
  172. MAINTAINERS
  173. Makefile
  174. Makefile.dis
  175. Makefile.hw
  176. Makefile.objs
  177. Makefile.target
  178. Makefile.user
  179. memory.c
  180. memory.h
  181. microblaze-dis.c
  182. migration-exec.c
  183. migration-fd.c
  184. migration-tcp.c
  185. migration-unix.c
  186. migration.c
  187. migration.h
  188. mips-dis.c
  189. mips.ld
  190. module.c
  191. module.h
  192. monitor.c
  193. monitor.h
  194. nbd.c
  195. nbd.h
  196. net.c
  197. net.h
  198. notify.c
  199. notify.h
  200. os-posix.c
  201. os-win32.c
  202. osdep.c
  203. osdep.h
  204. oslib-posix.c
  205. oslib-win32.c
  206. path.c
  207. pci-ids.txt
  208. pflib.c
  209. pflib.h
  210. poison.h
  211. posix-aio-compat.c
  212. ppc-dis.c
  213. ppc.ld
  214. ppc64.ld
  215. qapi-schema-guest.json
  216. qapi-schema-test.json
  217. qapi-schema.json
  218. qbool.c
  219. qbool.h
  220. qdict-test-data.txt
  221. qdict.c
  222. qdict.h
  223. qemu-aio.h
  224. qemu-barrier.h
  225. qemu-bridge-helper.c
  226. qemu-char.c
  227. qemu-char.h
  228. qemu-common.h
  229. qemu-config.c
  230. qemu-config.h
  231. qemu-coroutine-int.h
  232. qemu-coroutine-io.c
  233. qemu-coroutine-lock.c
  234. qemu-coroutine-sleep.c
  235. qemu-coroutine.c
  236. qemu-coroutine.h
  237. qemu-doc.texi
  238. qemu-error.c
  239. qemu-error.h
  240. qemu-file.h
  241. qemu-ga.c
  242. qemu-img-cmds.hx
  243. qemu-img.c
  244. qemu-img.texi
  245. qemu-io.c
  246. qemu-lock.h
  247. qemu-log.h
  248. qemu-nbd.c
  249. qemu-nbd.texi
  250. qemu-objects.h
  251. qemu-option.c
  252. qemu-option.h
  253. qemu-options-wrapper.h
  254. qemu-options.h
  255. qemu-options.hx
  256. qemu-os-posix.h
  257. qemu-os-win32.h
  258. qemu-progress.c
  259. qemu-queue.h
  260. qemu-sockets.c
  261. qemu-tech.texi
  262. qemu-thread-posix.c
  263. qemu-thread-posix.h
  264. qemu-thread-win32.c
  265. qemu-thread-win32.h
  266. qemu-thread.h
  267. qemu-timer-common.c
  268. qemu-timer.c
  269. qemu-timer.h
  270. qemu-tls.h
  271. qemu-tool.c
  272. qemu-user.c
  273. qemu-x509.h
  274. qemu-xattr.h
  275. qemu.sasl
  276. qemu_socket.h
  277. qerror.c
  278. qerror.h
  279. qfloat.c
  280. qfloat.h
  281. qint.c
  282. qint.h
  283. qjson.c
  284. qjson.h
  285. qlist.c
  286. qlist.h
  287. qmp-commands.hx
  288. qmp.c
  289. qobject.h
  290. qstring.c
  291. qstring.h
  292. qtest.c
  293. qtest.h
  294. range.h
  295. readline.c
  296. readline.h
  297. README
  298. rules.mak
  299. s390-dis.c
  300. s390.ld
  301. savevm.c
  302. sh4-dis.c
  303. softmmu-semi.h
  304. softmmu_defs.h
  305. softmmu_exec.h
  306. softmmu_header.h
  307. softmmu_template.h
  308. sparc-dis.c
  309. sparc.ld
  310. sparc64.ld
  311. spice-qemu-char.c
  312. sysemu.h
  313. targphys.h
  314. tcg-runtime.c
  315. tci-dis.c
  316. tci.c
  317. thunk.c
  318. thunk.h
  319. TODO
  320. trace-events
  321. translate-all.c
  322. uboot_image.h
  323. user-exec.c
  324. VERSION
  325. version.rc
  326. vgafont.h
  327. vl.c
  328. vmstate.h
  329. x86_64.ld
  330. xen-all.c
  331. xen-mapcache.c
  332. xen-mapcache.h
  333. xen-stub.c
  334. xtensa-semi.c