Branch: refs/heads/staging-9.2
Home: https://github.com/qemu/qemu
Commit: df9168b01941d1311d4231439491614b00695344
https://github.com/qemu/qemu/commit/df9168b01941d1311d4231439491614b00695344
Author: Jamin Lin <[email protected]>
Date: 2025-03-24 (Mon, 24 Mar 2025)
Changed paths:
M hw/misc/aspeed_hace.c
Log Message:
-----------
hw/misc/aspeed_hace: Fix buffer overflow in has_padding function
The maximum padding size is either 64 or 128 bytes and should always be smaller
than "req_len". If "padding_size" exceeds "req_len", then
"req_len - padding_size" underflows due to "uint32_t" data type, leading to a
large incorrect value (e.g., `0xFFXXXXXX`). This causes an out-of-bounds memory
access, potentially leading to a buffer overflow.
Added a check to ensure "padding_size" does not exceed "req_len" before
computing "pad_offset". This prevents "req_len - padding_size" from underflowing
and avoids accessing invalid memory.
Signed-off-by: Jamin Lin <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
Fixes: 5cd7d8564a8b563da724b9e6264c967f0a091afa ("aspeed/hace: Support AST2600
HACE ")
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
(cherry picked from commit 78877b2e06464f49f777e086845e094ea7bc82ef)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b1efa5c2364072fa6038c1c7224c788340621456
https://github.com/qemu/qemu/commit/b1efa5c2364072fa6038c1c7224c788340621456
Author: Steven Lee <[email protected]>
Date: 2025-03-24 (Mon, 24 Mar 2025)
Changed paths:
M hw/intc/aspeed_intc.c
Log Message:
-----------
hw/intc/aspeed: Fix IRQ handler mask check
Updated the IRQ handler mask check to AND with select variable.
This ensures that the interrupt service routine is correctly triggered
for the interrupts within the same irq group.
For example, both `eth0` and the debug UART are handled in `GICINT132`.
Without this fix, the debug console may hang if the `eth0` ISR is not
handled.
Signed-off-by: Steven Lee <[email protected]>
Change-Id: Ic3609eb72218dfd68be6057d78b8953b18828709
Reviewed-by: Cédric Le Goater <[email protected]>
Fixes: d831c5fd8682 ("aspeed/intc: Add AST2700 support")
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
(cherry picked from commit 7b8cbe5162e69ad629c5326bf3c158b81857955d)
(Mjt: update for before v9.2.0-2466-g5824e8bf6beb
"hw/intc/aspeed: Introduce IRQ handler function to reduce code duplication")
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/3cdd1f45aa55...b1efa5c23640
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
