xemu/hw
Gerd Hoffmann 44b5c1ebfa qxl: map rom r/o
Map qxl rom read-only into the guest, so the guest can't tamper with the
content.  qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list.  A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
2020-03-02 08:24:36 +01:00
..
9pfs hw/9pfs/9p-synth: added directory for readdir test 2020-02-08 09:29:04 +01:00
acpi mem: move nvdimm_device_list to utilities 2020-02-21 09:15:03 +11:00
adc hw/*/Makefile.objs: Move many .o files to common-objs 2020-02-04 09:00:57 +01:00
alpha alpha/dp264: use memdev for RAM 2020-02-19 16:49:54 +00:00
arm hw/arm/xilinx_zynq: Fix USB port instantiation 2020-02-28 16:14:57 +00:00
audio add device_legacy_reset function to prepare for reset api change 2020-01-30 16:02:03 +00:00
block Xen queue 2020-02-27 2020-02-28 10:27:34 +00:00
char hw/char/exynos4210_uart: Fix memleaks in exynos4210_uart_init 2020-02-13 14:14:55 +00:00
core multifd: Add zstd compression multifd support 2020-02-28 09:25:49 +01:00
cpu cpu/arm11mpcore: Set number of GIC priority bits to 4 2020-02-28 16:14:57 +00:00
cris cris/axis_dev88: use memdev for RAM 2020-02-19 16:49:57 +00:00
display qxl: map rom r/o 2020-03-02 08:24:36 +01:00
dma Avoid address_space_rw() with a constant is_write argument 2020-02-20 14:47:08 +01:00
gpio hw/*/Makefile.objs: Move many .o files to common-objs 2020-02-04 09:00:57 +01:00
hppa Merge tag 'patchew/20200219160953.13771-1-imammedo@redhat.com' of https://github.com/patchew-project/qemu into HEAD 2020-02-25 09:19:00 +01:00
hyperv add device_legacy_reset function to prepare for reset api change 2020-01-30 16:02:03 +00:00
i2c aspeed/i2c: Prevent uninitialized warning 2020-02-06 11:13:24 +01:00
i386 x86/pc: use memdev for RAM 2020-02-19 16:49:58 +00:00
ide hw/ide: Let the DMAIntFunc prototype use a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
input hw/input: Do not enable CONFIG_PCKBD by default 2020-02-04 09:01:31 +01:00
intc hw/intc/arm_gic_kvm: Don't assume kernel can provide a GICv2 2020-02-28 16:14:57 +00:00
ipack qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
ipmi qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
isa hw/input: Do not enable CONFIG_PCKBD by default 2020-02-04 09:01:31 +01:00
lm32 lm32/milkymist: use memdev for RAM 2020-02-19 16:49:58 +00:00
m68k Merge tag 'patchew/20200219160953.13771-1-imammedo@redhat.com' of https://github.com/patchew-project/qemu into HEAD 2020-02-25 09:19:00 +01:00
mem spapr: Add NVDIMM device support 2020-02-21 09:15:04 +11:00
microblaze hw/core/loader: Let load_elf() populate a field with CPU-specific flags 2020-01-29 19:28:52 +01:00
mips hw/mips: Use memory_region_init_rom() with read-only regions 2020-02-27 14:18:47 +01:00
misc Merge branch 'exec_rw_const_v4' of https://github.com/philmd/qemu into HEAD 2020-02-25 13:41:48 +01:00
moxie hw/core/loader: Let load_elf() populate a field with CPU-specific flags 2020-01-29 19:28:52 +01:00
net Merge branch 'exec_rw_const_v4' of https://github.com/philmd/qemu into HEAD 2020-02-25 13:41:48 +01:00
nios2 hw/nios2:fix leak of fdevice tree blob 2020-02-19 10:32:50 +01:00
nubus hw/m68k: add Nubus support 2019-10-28 19:06:47 +01:00
nvram Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
openrisc hw/core/loader: Let load_elf() populate a field with CPU-specific flags 2020-01-29 19:28:52 +01:00
pci qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
pci-bridge qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
pci-host pnv/phb3: Add missing break statement 2020-02-21 09:15:04 +11:00
pcmcia hw/*/Makefile.objs: Move many .o files to common-objs 2020-02-04 09:00:57 +01:00
ppc Merge branch 'exec_rw_const_v4' of https://github.com/philmd/qemu into HEAD 2020-02-25 13:41:48 +01:00
rdma qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
riscv riscv: virt: Use Goldfish RTC device 2020-02-10 12:01:38 -08:00
rtc hw: rtc: Add Goldfish RTC device 2020-02-10 12:01:37 -08:00
s390x s390x: Rename and use constants for short PSW address and mask 2020-02-27 11:10:29 +01:00
scsi Merge branch 'exec_rw_const_v4' of https://github.com/philmd/qemu into HEAD 2020-02-25 13:41:48 +01:00
sd hw: Remove unnecessary cast when calling dma_memory_read() 2020-02-20 14:47:08 +01:00
semihosting semihosting: add qemu_semihosting_console_inc for SYS_READC 2020-01-09 11:41:29 +00:00
sh4 sh4: Fix PCI ISA IO memory subregion 2020-02-21 16:07:02 +00:00
smbios hw/smbios/smbios: Remove unused include 2020-02-06 10:38:57 +01:00
sparc sparc/sun4m: use memdev for RAM 2020-02-19 16:50:01 +00:00
sparc64 sparc/niagara: use memdev for RAM 2020-02-19 16:50:01 +00:00
ssi xilinx_spips: Correct the number of dummy cycles for the FAST_READ_4 cmd 2020-02-21 16:07:02 +00:00
timer stm32f2xx_timer: delay timer_new to avoid memleaks 2020-02-07 14:04:28 +00:00
tpm hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config 2020-02-02 14:07:57 +11:00
tricore hw/core/loader: Let load_elf() populate a field with CPU-specific flags 2020-01-29 19:28:52 +01:00
unicore32 Include hw/irq.h a lot less 2019-08-16 13:31:52 +02:00
usb hw/usb/hcd-ehci-sysbus: Remove obsolete xlnx, ps7-usb class 2020-02-28 16:14:57 +00:00
vfio hw/vfio/display: Remove superfluous semicolon 2020-02-18 20:20:49 +01:00
virtio virtio, pc: fixes, features 2020-02-27 19:15:15 +00:00
watchdog qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
xen xen-bus/block: explicitly assign event channels to an AioContext 2020-02-27 11:50:30 +00:00
xenpv trivial: Remove xenfb_enabled from sysemu.h 2020-02-04 09:00:57 +01:00
xtensa hw/xtensa/xtfpga:fix leak of fdevice tree blob 2020-02-19 10:33:38 +01:00
Kconfig Remove the core bluetooth code 2019-12-17 09:01:14 +01:00
Makefile.objs Remove the core bluetooth code 2019-12-17 09:01:14 +01:00