xemu/hw
Paolo Bonzini 7c16b5bbb6 pci: reject too large ROMs
get_image_size() returns an int64_t, which pci_add_option_rom() assigns
to an "int" without any range checking.  A 32-bit BAR could be up to
2 GiB in size, so reject anything above it.  In order to accomodate
a rounded-up size of 2 GiB, change pci_patch_ids's size argument
to unsigned.

Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210203131828.156467-2-pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
2021-02-05 08:52:58 -05:00
..
9pfs 9pfs: Convert reclaim list to QSLIST 2021-01-22 18:26:40 +01:00
acpi qapi: Use QAPI_LIST_APPEND in trivial cases 2021-01-28 08:08:45 +01:00
adc hw/adc: Add an ADC module for NPCM7XX 2021-01-12 21:19:02 +00:00
alpha vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
arm hw/arm: Display CPU type in machine description 2021-02-03 10:15:51 +00:00
audio audio/via-ac97: Simplify code and set user_creatable to false 2021-01-04 23:24:44 +01:00
avr vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
block block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
char hw/char/exynos4210_uart: Fix missing call to report ready for input 2021-02-02 17:00:54 +00:00
core ptimer: Add new ptimer_set_period_from_clock() function 2021-01-29 15:54:42 +00:00
cpu cpu/core: Register core-id and nr-threads as class properties 2020-09-22 16:48:29 -04:00
cris cris: do not use ram_size global 2020-12-10 12:15:07 -05:00
display display/ui: add a callback to indicate GL state is flushed 2021-02-04 15:58:54 +01:00
dma hw/arm/xlnx-versal: Versal SoC requires ZDMA 2021-02-03 10:15:50 +00:00
gpio hw: gpio: implement gpio-pwr driver for qemu reset/poweroff 2021-01-29 10:47:28 +00:00
hppa hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
hyperv qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
i2c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
i386 hw/misc/pvpanic: split-out generic and bus dependent code 2021-01-29 10:47:28 +00:00
ide block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
input Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
intc hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register 2021-02-02 17:00:55 +00:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
isa vt82c686: Rename superio config related parts 2021-01-04 23:24:44 +01:00
lm32 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
m68k hw/m68k/next-cube: Add vmstate for NeXTPC device 2021-01-19 09:11:52 +01:00
mem nvdimm: check -object memory-backend-file, readonly=on option 2021-02-01 17:07:34 -05:00
microblaze vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
mips docs/system: Remove deprecated 'fulong2e' machine alias 2021-01-14 17:13:54 +01:00
misc hw/misc/pvpanic: add PCI interface support 2021-01-29 10:47:28 +00:00
moxie moxie: do not use ram_size global 2020-12-10 12:15:08 -05:00
net net: checksum: Introduce fine control over checksum type 2021-01-25 17:04:56 +08:00
nios2 * New -action option and set-action QMP command (Alejandro) 2020-12-15 21:24:31 +00:00
nubus meson: convert hw/nubus 2020-08-21 06:30:25 -04:00
nvram hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
openrisc target/openrisc: Move pic_cpu code into CPU object proper 2020-12-15 12:04:30 +00:00
pci pci: reject too large ROMs 2021-02-05 08:52:58 -05:00
pci-bridge Kconfig: Compile PXB for ARM_VIRT 2021-01-17 06:42:54 -05:00
pci-host acpi/gpex: Exclude pxb's resources from PCI0 2021-01-17 06:42:54 -05:00
pcmcia pxa2xx: Move QOM macros to header 2020-08-27 14:04:55 -04:00
ppc block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
rdma Machine queue, 2020-12-23 2021-01-01 22:57:15 +00:00
riscv riscv: Pass RISCVHartArrayState by pointer 2021-01-16 14:34:46 -08:00
rtc pl031: Use timer_free() in the finalize function to avoid memleaks 2021-01-18 11:51:26 +01:00
rx rx: move BIOS load from MCU to board 2020-12-10 12:15:06 -05:00
s390x Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
scsi block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
sd block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
semihosting semihosting: Implement SYS_ISERROR 2021-01-18 10:05:06 +00:00
sh4 hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
smbios i386: do not use ram_size global 2020-12-10 12:15:08 -05:00
sparc sun4m: don't connect two qemu_irqs directly to the same input 2021-01-06 11:41:37 +00:00
sparc64 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
ssi hw/ssi: imx_spi: Correct tx and rx fifo endianness 2021-02-02 17:00:55 +00:00
timer arm: Remove frq properties on CMSDK timer, dualtimer, watchdog, ARMSSE 2021-01-29 15:54:44 +00:00
tpm tpm: tpm_spapr: Remove unused tracepoint 2021-01-25 20:56:38 -05:00
tricore tricore tcg cpus: Fix Lesser GPL version number 2020-11-15 16:40:30 +01:00
unicore32 meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
usb block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
vfio ui: add an optional get_flags callback to GraphicHwOps 2021-02-04 15:58:54 +01:00
virtio hw/virtio-pci: Replace error_report() by qemu_log_mask(GUEST_ERROR) 2021-01-18 11:51:26 +01:00
watchdog arm: Remove frq properties on CMSDK timer, dualtimer, watchdog, ARMSSE 2021-01-29 15:54:44 +00:00
xen qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
Kconfig hw/net/can: ZynqMP CAN device requires PTIMER 2021-02-03 10:15:50 +00:00
meson.build meson: convert hw/arch* 2020-08-21 06:30:33 -04:00