SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
FRET-qemu/hw/usb
History
Thomas Huth effaf5a240 hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394) 
The loop condition in xhci_ring_chain_length() is under control of
the guest, and additionally the code does not check for failed DMA
transfers (e.g. if reaching the end of the RAM), so the loop there
could run for a very long time or even forever. Fix it by checking
the return value of dma_memory_read() and by introducing a maximum
loop length.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646
Message-Id: <20220804131300.96368-1-thuth@redhat.com>
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-08-16 11:37:19 +02:00
..
bus.c
qapi: introduce x-query-usb QMP command
2021-11-02 15:55:14 +00:00
canokey.c
hw: canokey: Remove HS support as not compliant to the spec
2022-07-01 12:39:51 +02:00
canokey.h
hw/usb: Add CanoKey Implementation
2022-06-14 10:34:36 +02:00
ccid-card-emulated.c
modules: introduces module_kconfig directive
2022-06-06 09:26:53 +02:00
ccid-card-passthru.c
modules: introduces module_kconfig directive
2022-06-06 09:26:53 +02:00
ccid.h
Use OBJECT_DECLARE_TYPE when possible
2020-09-18 14:12:32 -04:00
chipidea.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
combined-packet.c
usb: limit combined packets to 1 MiB (CVE-2021-3527)
2021-05-05 15:06:01 +02:00
core.c
usb: add pcap support.
2021-01-22 14:51:35 +01:00
desc-msos.c
hw/usb: Fix typo in comments and print
2021-09-01 06:37:13 +02:00
desc.c
usb: allow max 8192 bytes for desc
2022-01-13 10:22:37 +01:00
desc.h
usb: allow max 8192 bytes for desc
2022-01-13 10:22:37 +01:00
dev-audio.c
hw/usb: Fix typo in comments and print
2021-09-01 06:37:13 +02:00
dev-hid.c
hid: Implement support for side and extra buttons
2022-02-22 17:15:36 +01:00
dev-hub.c
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
dev-mtp.c
Remove qemu-common.h include from most units
2022-04-06 14:31:55 +02:00
dev-network.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
dev-serial.c
usb: remove support for -usbdevice parameters
2021-03-15 17:00:58 +01:00
dev-smartcard-reader.c
include: move C/util-related declarations to cutils.h
2022-04-06 14:31:43 +02:00
dev-storage-bot.c
scsi: Replace scsi_bus_new() with scsi_bus_init(), scsi_bus_init_named()
2021-09-30 13:42:10 +01:00
dev-storage-classic.c
scsi: Replace scsi_bus_new() with scsi_bus_init(), scsi_bus_init_named()
2021-09-30 13:42:10 +01:00
dev-storage.c
usb/storage: clear csw on reset
2021-03-15 17:01:17 +01:00
dev-uas.c
uas: add missing return
2022-01-13 10:58:05 +01:00
dev-wacom.c
hw/usb/dev-wacom: add missing HID descriptor
2022-01-13 10:22:00 +01:00
hcd-dwc2.c
dma: Let dma_memory_read/write() take MemTxAttrs argument
2021-12-30 17:16:32 +01:00
hcd-dwc2.h
Clean up header guards that don't match their file name
2022-05-11 16:49:06 +02:00
hcd-dwc3.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
hcd-ehci-pci.c
qdev: Unrealize must not fail
2020-05-15 07:08:14 +02:00
hcd-ehci-sysbus.c
hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()
2021-03-26 09:14:48 +01:00
hcd-ehci.c
hw/usb/hcd-ehci: fix writeback order
2022-06-14 10:34:36 +02:00
hcd-ehci.h
hw/arm/npcm7xx: Add EHCI and OHCI controllers
2020-10-27 11:10:21 +00:00
hcd-musb.c
exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h'
2020-06-12 11:20:15 -04:00
hcd-ohci-pci.c
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
hcd-ohci.c
usb/ohci: Don't use packet from OHCIState for isochronous transfers
2022-03-04 09:34:21 +01:00
hcd-ohci.h
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
hcd-uhci.c
usb/uhci: Replace pci_set_irq with qemu_set_irq
2021-11-02 14:32:32 +01:00
hcd-uhci.h
usb/uhci: Replace pci_set_irq with qemu_set_irq
2021-11-02 14:32:32 +01:00
hcd-xhci-nec.c
usb: Fix Lesser GPL version number
2020-11-15 16:40:48 +01:00
hcd-xhci-pci.c
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
hcd-xhci-pci.h
usb: Fix Lesser GPL version number
2020-11-15 16:40:48 +01:00
hcd-xhci-sysbus.c
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
hcd-xhci-sysbus.h
usb/xhci: add include/hw/usb/xhci.h header file
2020-10-21 11:36:19 +02:00
hcd-xhci.c
hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)
2022-08-16 11:37:19 +02:00
hcd-xhci.h
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
host-libusb.c
modules: introduces module_kconfig directive
2022-06-06 09:26:53 +02:00
host.h
usb-host: move legacy cmd line bits
2013-02-19 12:30:05 +01:00
imx-usb-phy.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
Kconfig
meson: Add CanoKey
2022-06-14 10:34:36 +02:00
libhw.c
dma: Let dma_memory_map() take MemTxAttrs argument
2021-12-30 17:16:32 +01:00
meson.build
meson: Add CanoKey
2022-06-14 10:34:36 +02:00
pcap.c
usb/pcap: set flag_setup
2021-02-17 14:29:12 +01:00
quirks-ftdi-ids.h
hw/usb: Fix typo in comments and print
2021-09-01 06:37:13 +02:00
quirks-pl2303-ids.h
usbredir: Add support for buffered bulk input (v2)
2013-01-08 10:56:58 +01:00
quirks.c
hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB
2020-03-16 23:02:25 +01:00
quirks.h
Drop the deprecated lm32 target
2021-05-12 18:20:25 +02:00
redirect.c
usbredir: avoid queuing hello packet on snapshot restore
2022-06-14 10:34:36 +02:00
trace-events
hw/usb/canokey: Add trace events
2022-06-14 10:34:36 +02:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
tusb6010.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
u2f-emulated.c
hw/usb: Fix typo in comments and print
2021-09-01 06:37:13 +02:00
u2f-passthru.c
u2f-passthru: put it into the 'misc' category
2021-02-20 12:36:19 +01:00
u2f.c
usb: remove '-usbdevice u2f-key'
2021-03-15 17:00:58 +01:00
u2f.h
misc: fix commonly doubled up words
2022-08-01 11:58:02 +02:00
vt82c686-uhci-pci.c
hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts
2021-11-02 14:32:32 +01:00
xen-usb.c
hw: Do not include hw/sysbus.h if it is not necessary
2021-05-02 17:24:50 +02:00
xlnx-usb-subsystem.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
xlnx-versal-usb2-ctrl-regs.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00