motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-12-29 02:30:29 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/hw
History
Exact
Peter Maydell aead95c7fa hw/net/smc91c111: Ignore attempt to pop from empty RX fifo 
The SMC91C111 includes an MMU Command register which permits
the guest to remove entries from the RX FIFO. The datasheet
does not specify what happens if the guest tries to do this
when the FIFO is already empty; there are no status registers
containing error bits which might be applicable.

Currently we don't guard at all against pop of an empty
RX FIFO, with the result that we allow the guest to drive
the rx_fifo_len index to negative values, which will cause
smc91c111_receive() to write to the rx_fifo[] array out of
bounds when we receive the next packet.

Instead ignore attempts to pop an empty RX FIFO.

Cc: qemu-stable@nongnu.org
Fixes: 80337b66a8 ("NIC emulation for qemu arm-softmmu")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2780
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250207151157.3151776-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 937df81af6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2025-02-17 15:50:29 +03:00
..
9pfs 9pfs: fix regression regarding CVE-2023-2861 2024-12-13 00:21:17 +03:00
acpi hw/acpi: Fix size of HID in build_append_srat_acpi_device_handle() 2024-11-26 17:18:06 -05:00
adc hw/adc: Remove MAX111X device 2024-10-15 15:16:17 +01:00
alpha alpha: switch boards to "default y" 2024-05-03 15:47:47 +02:00
arm virtio,pc,pci: features, fixes, cleanups 2024-11-05 15:47:52 +00:00
audio hw/audio/hda: fix memory leak on audio setup 2024-11-18 13:45:45 +01:00
avr avr: switch boards to "default y" 2024-05-03 15:47:47 +02:00
block Misc HW patch queue 2024-11-06 17:28:45 +00:00
char hw/char/sifive_uart: Fix broken UART on big endian hosts 2024-11-07 08:16:53 +10:00
core hw/core/machine: diagnose wrapping of maxmem 2024-12-03 12:26:24 +01:00
cpu hw: Add a Kconfig switch for the TYPE_CPU_CLUSTER device 2024-04-25 12:48:12 +02:00
cxl hw/cxl: Check for zero length features in cmd_features_set_feature() 2024-11-26 17:18:06 -05:00
display hw/display/vga: Do not reset 'big_endian_fb' in vga_common_reset() 2024-12-03 12:26:24 +01:00
dma hw/dma: Remove omap_dma4 device 2024-10-01 14:58:07 +01:00
fsi hw: Use device_class_set_legacy_reset() instead of opencoding 2024-09-13 15:31:44 +01:00
gpio hw/gpio/mpc8xxx: Prefer DEFINE_TYPES() macro 2024-11-05 23:32:25 +00:00
hppa hw/char: Extract serial-mm 2024-10-03 19:33:23 +02:00
hyperv hw/hyperv: remove return after g_assert_not_reached() 2024-09-24 13:53:35 +02:00
i2c hw/i2c/smbus_eeprom: Prefer DEFINE_TYPES() macro 2024-11-05 23:32:25 +00:00
i386 pci: acpi: Windows 'PCI Label Id' bug workaround 2025-01-17 09:30:54 +03:00
ide hw/ide: Remove DSCM-1XXXX microdrive device model 2024-10-15 15:16:17 +01:00
input hw/input: Remove lm832x device 2024-10-01 14:41:10 +01:00
intc hw/intc/riscv_aplic: Fix APLIC in_clrip and clripnum write emulation 2024-12-22 11:39:16 +03:00
ipack hw/ipack: Constify VMState 2023-12-29 11:17:30 +11:00
ipmi hw/ipmi: Constify VMState 2023-12-29 11:17:30 +11:00
isa hw/char/serial.h: Extract serial-isa.h 2024-10-03 19:33:23 +02:00
loongarch hw/loongarch/boot: Use warn_report when no kernel filename 2024-11-02 15:20:41 +08:00
m68k next-kbd: convert to use qemu_input_handler_register() 2024-11-08 11:05:55 +01:00
mem hw/cxl: Fix msix_notify: Assertion vector < dev->msix_entries_nr 2025-01-17 10:57:59 +03:00
microblaze hw/microblaze/s3adsp1800: Declare machine type using DEFINE_TYPES macro 2024-11-05 23:32:13 +00:00
mips hw/mips: Have mips_cpu_create_with_clock() take an endianness argument 2024-10-15 12:21:06 -03:00
misc hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT() 2024-11-18 13:36:39 +01:00
net hw/net/smc91c111: Ignore attempt to pop from empty RX fifo 2025-02-17 15:50:29 +03:00
nubus hw/nubus/nubus-device: Range check 'slot' property 2024-09-08 11:49:49 +02:00
nvme hw/nvme: take a reference on the subsystem on vf realization 2024-12-03 07:28:27 +01:00
nvram hw: Remove unused fw_cfg_init_io 2024-10-03 17:26:06 +03:00
openrisc hw/openrisc/openrisc_sim: keep serial@90000000 as default 2024-12-03 12:26:24 +01:00
pci pci/msix: Fix msix pba read vector poll end calculation 2025-01-17 09:26:23 +03:00
pci-bridge hw/pci-bridge: Make pxb_dev_realize_common() return if it succeeded 2024-11-04 16:03:25 -05:00
pci-host hw/ppc/pegasos2: Fix IRQ routing from pci.0 2024-11-27 02:49:36 +10:00
ppc hw/ppc/pegasos2: Fix IRQ routing from pci.0 2024-11-27 02:49:36 +10:00
remote remote: Remove unused remote_iohub_finalize 2024-10-03 17:26:06 +03:00
riscv hw/riscv/riscv-iommu: fix riscv_iommu_validate_process_ctx() check 2024-11-07 08:19:39 +10:00
rtc Misc HW patch queue 2024-11-06 17:28:45 +00:00
rx kconfig: express dependency of individual boards on libfdt 2024-05-10 15:45:15 +02:00
s390x s390x: Fix CSS migration 2025-01-13 11:25:57 +03:00
scsi scsi: megasas: Internal cdbs have 16-byte length 2024-11-28 18:02:22 +01:00
sd hw/sd/sdhci: Fix coding style 2024-11-18 13:45:42 +01:00
sensor hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access 2024-11-05 10:10:00 +00:00
sh4 Revert "hw/sh4/r2d: Realize IDE controller before accessing it" 2024-10-21 16:40:11 +02:00
smbios smbios: make memory device size configurable per Machine 2024-07-22 20:15:41 -04:00
sparc hw: Use device_class_set_legacy_reset() instead of opencoding 2024-09-13 15:31:44 +01:00
sparc64 hw/char: Extract serial-mm 2024-10-03 19:33:23 +02:00
ssi hw/ssi/pnv_spi: Fixes Coverity CID 1558831 2024-11-04 09:09:15 +10:00
timer hw/timer/exynos4210_mct: fix possible int overflow 2024-11-19 13:02:05 +00:00
tpm hw/tpm: remove break after g_assert_not_reached() 2024-09-24 13:53:35 +02:00
tricore hw: Use device_class_set_legacy_reset() instead of opencoding 2024-09-13 15:31:44 +01:00
ufs hw/ufs: Adjust value to match CPU's endian format 2025-01-15 15:53:53 +03:00
usb hw/usb/canokey: Fix buffer overflow for OUT packet 2025-01-29 22:29:03 +03:00
vfio vfio/iommufd: Fix SIGSEV in iommufd_cdev_attach() 2025-02-12 22:12:02 +03:00
virtio qmp: update vhost-user protocol feature maps 2025-02-11 09:35:19 +03:00
watchdog hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues 2024-11-19 13:02:05 +00:00
xen hw/xen: Avoid use of uninitialized bufioreq_evtchn 2024-10-21 07:53:21 +02:00
xenpv hw/xen: Register framebuffer backend via xen_backend_init() 2024-06-04 11:53:43 +02:00
xtensa hw/xtensa/xtfpga: Remove TARGET_BIG_ENDIAN #ifdef'ry 2024-10-15 12:13:59 -03:00
Kconfig hw: Remove PCMCIA subsystem 2024-10-15 15:16:17 +01:00
meson.build hw: Remove PCMCIA subsystem 2024-10-15 15:16:17 +01:00