dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34,541 Commits 59 Branches 1,031 Tags
14b51b6718c304d3051aceeb11664736a38cd272
Commit Graph

14 Commits

Author SHA1 Message Date
Andreas Färber
c4379ce8ef ivshmem: Fix fd leak on error 
Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 3a31cff112)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 2015-01-06 15:43:56 -06:00
Sebastian Krahmer
a95569d24f ivshmem: Fix potential OOB r/w access 
Fix OOB access via malformed incoming_posn parameters
and check that requested memory is actually alloc'ed.

Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
[AF: Rebased, cleanups, avoid fd leak]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

(cherry picked from commit 34bc07c528)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 2015-01-06 15:43:42 -06:00
Stefan Hajnoczi
15905fde7b ivshmem: validate incoming_posn value from server 
Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem
server on the host sends invalid values.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Tighten upper bound check for posn in close_guest_eventfds()]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

(cherry picked from commit 363ba1c72f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 2015-01-06 15:43:21 -06:00
Stefan Hajnoczi
f1a842948a ivshmem: Check ivshmem_read() size argument 
The third argument to the fd_read() callback implemented by
ivshmem_read() is the number of bytes, not a flags field.  Fix this and
check we received enough bytes before accessing the buffer pointer.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Handle partial reads via FIFO]
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

(cherry picked from commit a2e9011b41)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 2015-01-06 15:43:03 -06:00
Cole Robinson
f231b88db1 qerror.h: Remove QERR defines that are only used once 
Just hardcode them in the callers

Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
 2014-04-25 09:19:59 -04:00
Marcel Apfelbaum
9e64f8a3fc hw: set interrupts using pci irq wrappers 
pci_set_irq and the other pci irq wrappers use
PCI_INTERRUPT_PIN config register to compute device
INTx pin to assert/deassert.

An irq is allocated using pci_allocate_irq wrapper
only if is needed by non pci devices.

Removed irq related fields from state if not used anymore.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 2013-10-14 17:11:45 +03:00
Marcel Apfelbaum
125ee0ed9c devices: Associate devices to their logical category 
The category will be used to sort the devices displayed in
the command line help.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Message-id: 1375107465-25767-4-git-send-email-marcel.a@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 2013-07-29 10:37:09 -05:00
Andreas Färber
b7578eaadd misc/ivshmem: QOM parent field cleanup 
Replace direct uses of IVShmemState::dev with QOM casts and rename it to
parent_obj.

Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
 2013-07-23 00:37:34 +02:00
Peter Crosthwaite
eb3fedf3d4 misc/ivshmem: QOM Upcast Sweep 
Define and use standard QOM cast macro. Remove usages of DO_UPCAST()
and direct -> style upcasting.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Simplified casts and converted two more DO_UPCAST()s]
Signed-off-by: Andreas Färber <afaerber@suse.de>
 2013-07-23 00:37:34 +02:00
Paolo Bonzini
3c16154210 hw/m*: pass owner to memory_region_init* functions 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-07-04 17:42:48 +02:00
Paolo Bonzini
2c9b15cab1 memory: add owner argument to initialization functions 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-07-04 17:42:44 +02:00
Stefan Hajnoczi
baefb8bf8e ivshmem: add missing error exit(2) 
If the user fails to specify 'chardev' or 'shm' then we cannot continue.
Exit right away so that we don't invoke shm_open(3) with a NULL pointer.

It would be nice to replace exit(1) with error returns in the PCI device
.init() function, but leave that for another patch since exit(1) is
currently used elsewhere.

Spotted by Coverity.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 2013-06-12 13:17:53 +04:00
Paolo Bonzini
dccfcd0e5f sysemu: avoid proliferation of include/ subdirectories 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-04-15 18:19:25 +02:00
Paolo Bonzini
ba25df88cc hw: move VFIO and ivshmem to hw/misc/ 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-04-08 18:13:14 +02:00