ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/include/hw
History
Zheyu Ma 87511bb878 hw/gpio/aspeed: Add reg_table_count to AspeedGPIOClass 
ASan detected a global-buffer-overflow error in the aspeed_gpio_read()
function. This issue occurred when reading beyond the bounds of the
reg_table.

To enhance the safety and maintainability of the Aspeed GPIO code, this commit
introduces a reg_table_count member to the AspeedGPIOClass structure. This
change ensures that the size of the GPIO register table is explicitly tracked
and initialized, reducing the risk of errors if new register tables are
introduced in the future.

Reproducer:
cat << EOF | qemu-system-aarch64 -display none \
-machine accel=qtest, -m 512M -machine ast1030-evb -qtest stdio
readq 0x7e780272
EOF

ASAN log indicating the issue:
==2602930==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55a5da29e128 at pc 0x55a5d700dc62 bp 0x7fff096c4e90 sp 0x7fff096c4e88
READ of size 2 at 0x55a5da29e128 thread T0
    #0 0x55a5d700dc61 in aspeed_gpio_read hw/gpio/aspeed_gpio.c:564:14
    #1 0x55a5d933f3ab in memory_region_read_accessor system/memory.c:445:11
    #2 0x55a5d92fba40 in access_with_adjusted_size system/memory.c:573:18
    #3 0x55a5d92f842c in memory_region_dispatch_read1 system/memory.c:1426:16
    #4 0x55a5d92f7b68 in memory_region_dispatch_read system/memory.c:1459:9
    #5 0x55a5d9376ad1 in flatview_read_continue_step system/physmem.c:2836:18
    #6 0x55a5d9376399 in flatview_read_continue system/physmem.c:2877:19
    #7 0x55a5d93775b8 in flatview_read system/physmem.c:2907:12

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2355
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
 		2024-07-02 07:52:43 +02:00
..
acpi hw/acpi: Implement the SRAT GI affinity structure 2024-03-12 17:56:55 -04:00
adc hw/arm/npcm7xx: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
arm hw/arm/smmu-common: Replace smmu_iommu_mr with smmu_find_sdev 2024-07-01 12:48:55 +01:00
audio virtio-snd: rewrite invalid tx/rx message handling 2024-04-09 02:31:16 -04:00
block aspeed/smc: Only wire flash devices at reset 2024-03-19 11:58:15 +01:00
char hw/char/stm32l4x5_usart: Enable serial read and write 2024-04-25 10:21:59 +01:00
core cpu: move Qemu[Thread|Cond] setup into common code 2024-06-04 10:02:39 +02:00
cpu Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
cris hw/net/etraxfs-eth: use qemu_configure_nic_device() 2024-02-02 16:23:47 +00:00
cxl hw/cxl/cxl-cdat: Make cxl_doe_cdat_init() return boolean 2024-04-25 12:48:12 +02:00
display hw/display : Add device DM163 2024-04-30 16:02:43 +01:00
dma hw/dma: Pass parent object to i8257_dma_init() 2024-02-15 16:58:46 +01:00
firmware hw/smbios: Remove 'uuid_encoded' argument from smbios_set_defaults() 2024-06-19 12:40:49 +02:00
fsi hw/fsi: Aspeed APB2OPB & On-chip peripheral bus 2024-02-01 08:33:18 +01:00
gpio hw/gpio/aspeed: Add reg_table_count to AspeedGPIOClass 2024-07-02 07:52:43 +02:00
hyperv vmbus: Print a warning when enabled without the recommended set of features 2024-03-08 14:18:56 +01:00
i2c hw/i2c: Implement Broadcom Serial Controller (BSC) 2024-03-05 13:22:55 +00:00
i386 intel_iommu: Implement [set|unset]_iommu_device() callbacks 2024-06-24 23:15:30 +02:00
ide ide, vl: turn -win2k-hack into a property on IDE devices 2024-02-28 00:23:39 +01:00
input hw/input/pckbd: Open-code i8042_setup_a20_line() wrapper 2024-02-22 12:47:35 +01:00
intc hw/intc/loongson_ipi: Provide per core MMIO address spaces 2024-06-19 12:42:03 +02:00
ipack ipack: Rename ipack_bus_new_inplace() to ipack_bus_init() 2021-09-30 13:42:10 +01:00
ipmi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
isa hw/isa/vt82c686: Bring back via_isa_set_irq() 2023-11-28 14:26:37 +01:00
loongarch hw/loongarch/virt: Enable extioi virt extension 2024-06-06 11:56:45 +08:00
m68k m68k: Clean up includes 2024-01-30 21:20:20 +03:00
mem hw/mem/memory-device: Remove legacy_align from memory_device_pre_plug() 2024-06-19 12:40:49 +02:00
mips hw/mips: Inline 'bios.h' definitions 2024-01-05 16:20:15 +01:00
misc hw/misc: In STM32L4x5 EXTI, correct configurable interrupts 2024-07-01 15:40:54 +01:00
net hw/net/npcm_gmac.h: correct typos 2024-02-21 08:16:43 +03:00
nubus hw/nubus: add nubus-virtio-mmio device 2024-02-27 09:36:39 +01:00
nvram hw/nvram: Add BCM2835 OTP device 2024-07-01 12:48:55 +01:00
openrisc hw/openrisc: Split re-usable boot time apis out to boot.c 2022-09-04 07:02:56 +01:00
pci hw/pci: Introduce pci_device_[set|unset]_iommu_device() 2024-06-24 23:15:30 +02:00
pci-bridge hw/cxl: Add a switch mailbox CCI function 2023-11-07 03:39:11 -05:00
pci-host hw/ppc: Avoid using Monitor in pnv_phb4_pic_print_info() 2024-06-19 12:40:49 +02:00
ppc hw/ppc: Avoid using Monitor in pic_print_info() 2024-06-19 12:40:49 +02:00
remote include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
riscv hw/riscv/virt.c: add address-cells in create_fdt_one_aplic() 2024-06-26 22:32:29 +10:00
rtc hw/i386: move rtc-reset-reinjection command out of hw/rtc 2024-05-10 15:45:15 +02:00
rx hw/rx/rx62n: Only call qdev_get_gpio_in() when necessary 2024-02-15 16:58:46 +01:00
s390x s390x/css: Make S390CCWDeviceClass::realize return bool 2024-06-24 08:03:33 +02:00
scsi esp.c: keep track of the DRQ state during DMA 2024-02-13 19:37:28 +00:00
sd hw/sd: Introduce a "sd-card" SPI variant model 2023-09-01 11:40:04 +02:00
sensor hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators 2022-07-14 16:24:38 +02:00
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
southbridge hw/isa/piix: Allow for optional PIT creation in PIIX3 2023-10-22 05:18:17 -04:00
sparc hw/sparc/grlib: split out the headers for each peripherals 2024-02-15 16:58:46 +01:00
ssi aspeed/smc: support different memory region ops for SMC flash region 2024-06-16 21:08:54 +02:00
timer hw/timer: Move HPET_INTCAP definition to "hpet.h" 2024-02-20 20:34:21 +03:00
tricore hw/tricore/testboard: Use qdev_new() instead of QOM basic API 2024-02-22 12:47:40 +01:00
usb include: Include headers where needed 2023-01-08 01:54:22 -05:00
vfio vfio/container: Move vfio_container_destroy() to an instance_finalize() handler 2024-06-24 23:15:31 +02:00
virtio virtio-iommu: Implement set|unset]_iommu_device() callbacks 2024-06-24 23:15:30 +02:00
watchdog aspeed/wdt: Add AST2700 support 2024-06-16 21:08:54 +02:00
xen hw/xen: detect when running inside stubdomain 2024-07-01 14:57:18 +02:00
xtensa Include hw/irq.h a lot less 2019-08-16 13:31:52 +02:00
boards.h machine: allow early use of machine_require_guest_memfd 2024-06-05 11:01:06 +02:00
clock.h hw/clock: Let clock_set_mul_div() return a boolean value 2024-03-26 14:24:06 +01:00
elf_ops.h.inc hw/elf_ops: Rename elf_ops.h -> elf_ops.h.inc 2024-04-25 12:48:12 +02:00
fw-path-provider.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
hotplug.h pci: fix 'hotplugglable' property behavior 2023-03-07 12:38:59 -05:00
hw.h compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
irq.h hw/core/irq: remove unused 'qemu_irq_split' function 2022-04-21 11:37:04 +01:00
loader-fit.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
loader.h monitor: Remove obsolete stubs 2024-06-30 19:51:44 +03:00
nmi.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
or-irq.h hw: Replace qemu_or_irq typedef by OrIRQState 2023-02-27 13:27:05 +00:00
pcmcia.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
platform-bus.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ptimer.h ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
qdev-clock.h clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
qdev-core.h qdev-core: remove DeviceListener from typedefs.h 2024-05-03 15:47:48 +02:00
qdev-dma.h Supply missing header guards 2019-06-12 13:20:21 +02:00
qdev-properties-system.h migration/multifd: Add new migration option zero-page-detection. 2024-03-11 16:57:05 -04:00
qdev-properties.h qdev-properties: alias all object class properties 2023-12-21 22:49:28 +01:00
register.h hw/core/register: Add more 64-bit utilities 2021-09-01 11:59:12 +10:00
registerfields.h hw/registerfields: Add shared fields macros 2022-06-22 09:49:34 +02:00
resettable.h reset: Add RESET_TYPE_SNAPSHOT_LOAD 2024-04-25 10:21:59 +01:00
stream.h hw/core/stream: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
sysbus.h hw/sysbus: Remove now unused sysbus_address_space() 2024-02-26 18:40:21 +01:00
usb.h hw/usb: remove usb_bus_find 2024-02-27 09:37:21 +01:00
vmstate-if.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00