haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw
History
Stefan Hajnoczi a2e9011b41 ivshmem: Check ivshmem_read() size argument 
The third argument to the fd_read() callback implemented by
ivshmem_read() is the number of bytes, not a flags field.  Fix this and
check we received enough bytes before accessing the buffer pointer.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Handle partial reads via FIFO]
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31 17:01:44 +01:00
..
9pfs hw/9pfs: Don't return type from host in readdir on local 9p filesystem 2014-09-04 10:51:13 -05:00
acpi qdev: HotplugHandler: Rename unplug callback to unplug_request 2014-10-15 05:03:13 +02:00
alpha ide: Update ide_drive_get to be HBA agnostic 2014-10-03 10:30:33 +01:00
arm arm/virt: enable PSCI emulation support for system emulation 2014-10-24 12:19:13 +01:00
audio ac97: register reset via qom 2014-09-29 10:20:05 +02:00
block blockdev: Fix blockdev-add not to create DriveInfo 2014-10-20 14:03:50 +02:00
bt l2cap: fix access to freed memory 2014-08-15 19:12:48 +04:00
char virtio-serial: Convert to hotplug-handler API 2014-10-15 05:03:13 +02:00
core virtio-scsi fixes, the first part of dynamic sysbus devices, 2014-10-30 13:35:12 +00:00
cpu target-i386: ICC bus: Drop BusState::allow_hotplug 2014-10-15 05:03:13 +02:00
cris hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
display vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect 2014-10-29 12:01:30 +01:00
dma hw/dma/i8257: Silence phony error message 2014-09-16 12:35:02 +02:00
gpio pl061: implement input interrupt logic 2014-09-12 14:06:48 +01:00
i2c Fix debug print warning 2014-09-02 22:38:16 +04:00
i386 kvmvapic: patch_instruction fix 2014-10-31 11:29:02 +01:00
ide hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
input hw/input/tsc210x.c: Delete unused array tsc2101_rates 2014-09-29 18:48:48 +01:00
intc arm_gic: remove unused parameter. 2014-10-24 12:19:11 +01:00
ipack memory: remove memory_region_destroy 2014-08-18 12:06:21 +02:00
isa hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
lm32 hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
m68k memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
mem pc-dimm: Don't check dimm->node when there is non-NUMA config 2014-09-29 19:44:04 +03:00
microblaze hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
mips Block patches 2014-10-22 16:39:49 +01:00
misc ivshmem: Check ivshmem_read() size argument 2014-10-31 17:01:44 +01:00
moxie memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
net bootindex: move calling add_boot_device_patch to bootindex setter function 2014-10-15 10:46:01 +02:00
nvram hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
openrisc memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
pci hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
pci-bridge qdev: HotplugHandler: Rename unplug callback to unplug_request 2014-10-15 05:03:13 +02:00
pci-host - Memory: improve error reporting and avoid crashes on hotplug 2014-09-12 16:55:49 +01:00
pcmcia hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
ppc hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
s390x virtio: link the rng backend through an alias property 2014-10-30 12:59:27 +00:00
scsi virtio-scsi: Fix num_queue input validation 2014-10-31 11:29:02 +01:00
sd hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
sh4 hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
sparc hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
sparc64 hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
ssi ssi: xilinx_spi: Initialise CS GPIOs as NULL 2014-08-15 18:54:40 +04:00
timer mc146818rtc: add missed field to vmstate 2014-09-11 12:20:32 +02:00
tpm hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
tricore hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
unicore32 memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
usb uhci: remove useless DEBUG 2014-10-28 11:38:18 +01:00
virtio virtio: link the rng backend through an alias property 2014-10-30 12:59:27 +00:00
watchdog memory: remove memory_region_destroy 2014-08-18 12:06:21 +02:00
xen hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
xenpv hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
xtensa hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
Makefile.objs pc: implement pc-dimm device abstraction 2014-06-19 16:41:47 +03:00