xemu/hw
Alistair Francis f265ae8c79 cadence_gem: Avoid infinite loops with a misconfigured buffer
A guest can write zero to the DMACFG resulting in an infinite loop when
it reaches the while(bytes_to_copy) loop.

To avoid this issue enforce a minimum size for the RX buffer. Hardware
does not have this enforcement and relies on the guest to set a non-zero
value.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Li Qiang <liqiang6-s@360.cn>
Reported-by: P J P <ppandit@redhat.com>
Message-id: 84bb1c391b833275da3f573d4972920cea34c188.1466539342.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-27 15:37:32 +01:00
..
9pfs trace: split out trace events for hw/9pfs/ directory 2016-06-20 17:22:16 +01:00
acpi pc: use new CPU hotplug interface since 2.7 machine type 2016-06-24 05:21:38 +03:00
alpha trace: split out trace events for hw/alpha/ directory 2016-06-20 17:22:17 +01:00
arm trace: split out trace events for hw/arm/ directory 2016-06-20 17:22:16 +01:00
audio -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
block virtio-bus: remove old set_host_notifier callback 2016-06-24 08:47:35 +03:00
bt bt: rewrite csrhci_write to avoid out-of-bounds writes 2016-05-29 09:11:11 +02:00
char cadence_uart: Protect against transmit errors 2016-06-27 15:37:32 +01:00
core qdev: Use GList for global properties 2016-06-17 10:42:21 -03:00
cpu cpu: Abstract CPU core type 2016-06-17 16:33:48 +10:00
cris hw/char: QOM'ify etraxfs_ser.c 2016-05-29 09:11:10 +02:00
display milkymist: fix tmu2.c build failure (missing error.h include) 2016-06-21 13:25:09 +01:00
dma trace: split out trace events for hw/dma/ directory 2016-06-20 17:22:16 +01:00
gpio hw/gpio: QOM'ify zaurus.c 2016-06-14 15:59:13 +01:00
i2c hw/i2c-ddc.c: Implement DDC I2C slave 2016-06-14 15:59:15 +01:00
i386 pc: acpi: drop intermediate PCMachineState.node_cpu 2016-06-24 08:34:47 +03:00
ide error: Remove NULL checks on error_propagate() calls 2016-06-20 16:38:13 +02:00
input trace: split out trace events for hw/input/ directory 2016-06-20 17:22:15 +01:00
intc hw/intc/arm_gicv3: Add missing break 2016-06-27 15:37:32 +01:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi hw/ipmi: fix spelling 2016-06-07 18:02:48 +03:00
isa pc: acpi: introduce AcpiDeviceIfClass.madt_cpu hook 2016-06-24 05:21:16 +03:00
lm32 hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem nvdimm: support nvdimm label 2016-06-24 05:13:57 +03:00
microblaze hw/char: QOM'ify xilinx_uartlite model 2016-06-06 16:59:32 +01:00
mips mips: use MIPSCPU instead of CPUMIPSState 2016-05-19 16:42:27 +02:00
misc -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net cadence_gem: Avoid infinite loops with a misconfigured buffer 2016-06-27 15:37:32 +01:00
nvram trace: split out trace events for hw/nvram/ directory 2016-06-20 17:22:15 +01:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci trace: split out trace events for hw/pci/ directory 2016-06-20 17:22:16 +01:00
pci-bridge fix some coding style problems 2016-06-17 03:28:03 +03:00
pci-host coccinelle: Remove unnecessary variables for function return value 2016-06-20 16:38:13 +02:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc qapi: keep names in 'CpuInstanceProperties' in sync with struct CPUCore 2016-06-27 13:15:06 +10:00
s390x virtio-ccw: convert to ioeventfd callbacks 2016-06-24 08:47:35 +03:00
scsi virtio-bus: remove old set_host_notifier callback 2016-06-24 08:47:35 +03:00
sd -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
sh4 cpu: move exec-all.h inclusion out of cpu.h 2016-05-19 16:42:29 +02:00
smbios ipmi: Add SMBIOS table entry 2016-06-24 05:13:57 +03:00
sparc trace: split out trace events for hw/sparc/ directory 2016-06-20 17:22:16 +01:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
timer -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
tpm tpm: Fix write to file descriptor function 2016-04-13 19:52:34 +03:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb usb-uas: hotplug support 2016-06-22 12:53:26 +02:00
vfio memory: Add reporting of supported page sizes 2016-06-22 11:13:09 +10:00
virtio virtio-bus: remove old set_host_notifier callback 2016-06-24 08:47:35 +03:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen xen: move xen_sysdev to xen_backend.c 2016-06-22 11:28:42 +01:00
xenpv xen: move xen_sysdev to xen_backend.c 2016-06-22 11:28:42 +01:00
xtensa replace muldiv64(a, b, c) by (uint64_t)a * b / c 2016-06-07 18:02:49 +03:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00