haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/include
History
Peter Delevoryas 87bd33e8b0 hw: aspeed_gpio: Fix GPIO array indexing 
The gpio array is declared as a dense array:

  qemu_irq gpios[ASPEED_GPIO_NR_PINS];

(AST2500 has 228, AST2400 has 216, AST2600 has 208)

However, this array is used like a matrix of GPIO sets
(e.g. gpio[NR_SETS][NR_PINS_PER_SET] = gpio[8][32])

  size_t offset = set * GPIOS_PER_SET + gpio;
  qemu_set_irq(s->gpios[offset], !!(new & mask));

This can result in an out-of-bounds access to "s->gpios" because the
gpio sets do _not_ have the same length. Some of the groups (e.g.
GPIOAB) only have 4 pins. 228 != 8 * 32 == 256.

To fix this, I converted the gpio array from dense to sparse, to that
match both the hardware layout and this existing indexing code.

Fixes: 4b7f956862 ("hw/gpio: Add basic Aspeed GPIO model for AST2400 and AST2500")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20211008033501.934729-2-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-10-12 08:20:08 +02:00
..
authz Prefer 'on' | 'off' over 'yes' | 'no' for bool options 2021-01-29 17:07:53 +00:00
block block: introduce max_hw_iov for use in scsi-generic 2021-10-06 10:25:55 +02:00
chardev chardev: add some comments about the class methods 2021-09-14 16:57:11 +04:00
crypto crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
disas Drop the deprecated lm32 target 2021-05-12 18:20:25 +02:00
exec tcg: Split out MemOpIdx to exec/memopidx.h 2021-10-05 16:53:17 -07:00
fpu Remove leading underscores from QEMU defines 2021-06-21 05:49:01 +02:00
hw hw: aspeed_gpio: Fix GPIO array indexing 2021-10-12 08:20:08 +02:00
io io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all helpers 2021-02-10 09:23:28 +00:00
libdecnumber include: Make headers more self-contained 2019-08-16 13:31:51 +02:00
migration vfio: Support for RamDiscardManager in the vIOMMU case 2021-07-08 15:54:45 -04:00
monitor target/i386: Add HMP and QMP interfaces for SGX 2021-09-30 15:30:24 +02:00
net vhost_net: do not assume nvqs is always 2 2021-09-04 17:34:05 -04:00
qapi qapi: introduce forwarding visitor 2021-07-23 18:17:17 +02:00
qemu mirror: Handle errors after READY cancel 2021-10-07 10:26:35 -07:00
qom qom: export more functions for use with non-UserCreatable objects 2021-07-06 08:33:51 +02:00
scsi scsi: inline sg_io_sense_from_errno() into the callers. 2021-03-06 11:42:56 +01:00
semihosting semihosting: Move include/hw/semihosting/ -> include/semihosting/ 2021-03-10 15:34:12 +00:00
standard-headers linux-headers: Update 2021-07-09 11:01:06 +10:00
sysemu block: introduce max_hw_iov for use in scsi-generic 2021-10-06 10:25:55 +02:00
tcg tcg: Split out MemOpIdx to exec/memopidx.h 2021-10-05 16:53:17 -07:00
ui ui/gtk-egl: Wait for the draw signal for dmabuf blobs 2021-09-15 08:41:59 +02:00
user Remove leading underscores from QEMU defines 2021-06-21 05:49:01 +02:00
elf.h linux-user: elf: s390x: Prepare for Vector enhancements facility 2021-06-21 08:48:21 +02:00
glib-compat.h configure: bump min required glib version to 2.56 2021-06-02 09:11:32 +02:00
qemu-common.h qemu-common.h: Update copyright string to 2021 2021-03-09 22:19:24 +01:00
qemu-io.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
trace-tcg.h trace: get rid of generated-events.h/generated-events.c 2016-10-12 09:54:52 +02:00