1369de9828
CVE-2014-3689 vmware_vga: insufficient parameter validation in rectangle functions (bz #1153038, bz #1153035)
100 lines
3.8 KiB
Diff
100 lines
3.8 KiB
Diff
From: Christoffer Dall <christoffer.dall@linaro.org>
|
|
Date: Thu, 12 Sep 2013 22:18:20 -0700
|
|
Subject: [PATCH] arm_gic: Support setting/getting binary point reg
|
|
|
|
Add a binary_point field to the gic emulation structure and support
|
|
setting/getting this register now when we have it. We don't actually
|
|
support interrupt grouping yet, oh well.
|
|
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
|
|
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
(cherry picked from commit aa7d461ae9dd79d35999f4710743cdf9dec88cef)
|
|
---
|
|
hw/intc/arm_gic.c | 12 +++++++++---
|
|
hw/intc/arm_gic_common.c | 6 ++++--
|
|
include/hw/intc/arm_gic_common.h | 7 +++++++
|
|
3 files changed, 20 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
|
|
index 29f98be..d31892d 100644
|
|
--- a/hw/intc/arm_gic.c
|
|
+++ b/hw/intc/arm_gic.c
|
|
@@ -669,14 +669,15 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int offset)
|
|
case 0x04: /* Priority mask */
|
|
return s->priority_mask[cpu];
|
|
case 0x08: /* Binary Point */
|
|
- /* ??? Not implemented. */
|
|
- return 0;
|
|
+ return s->bpr[cpu];
|
|
case 0x0c: /* Acknowledge */
|
|
return gic_acknowledge_irq(s, cpu);
|
|
case 0x14: /* Running Priority */
|
|
return s->running_priority[cpu];
|
|
case 0x18: /* Highest Pending Interrupt */
|
|
return s->current_pending[cpu];
|
|
+ case 0x1c: /* Aliased Binary Point */
|
|
+ return s->abpr[cpu];
|
|
default:
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
"gic_cpu_read: Bad offset %x\n", (int)offset);
|
|
@@ -695,10 +696,15 @@ static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value)
|
|
s->priority_mask[cpu] = (value & 0xff);
|
|
break;
|
|
case 0x08: /* Binary Point */
|
|
- /* ??? Not implemented. */
|
|
+ s->bpr[cpu] = (value & 0x7);
|
|
break;
|
|
case 0x10: /* End Of Interrupt */
|
|
return gic_complete_irq(s, cpu, value & 0x3ff);
|
|
+ case 0x1c: /* Aliased Binary Point */
|
|
+ if (s->revision >= 2) {
|
|
+ s->abpr[cpu] = (value & 0x7);
|
|
+ }
|
|
+ break;
|
|
default:
|
|
qemu_log_mask(LOG_GUEST_ERROR,
|
|
"gic_cpu_write: Bad offset %x\n", (int)offset);
|
|
diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
|
|
index f4c7f14..7966985 100644
|
|
--- a/hw/intc/arm_gic_common.c
|
|
+++ b/hw/intc/arm_gic_common.c
|
|
@@ -58,8 +58,8 @@ static const VMStateDescription vmstate_gic_irq_state = {
|
|
|
|
static const VMStateDescription vmstate_gic = {
|
|
.name = "arm_gic",
|
|
- .version_id = 5,
|
|
- .minimum_version_id = 5,
|
|
+ .version_id = 6,
|
|
+ .minimum_version_id = 6,
|
|
.pre_save = gic_pre_save,
|
|
.post_load = gic_post_load,
|
|
.fields = (VMStateField[]) {
|
|
@@ -76,6 +76,8 @@ static const VMStateDescription vmstate_gic = {
|
|
VMSTATE_UINT16_ARRAY(running_irq, GICState, GIC_NCPU),
|
|
VMSTATE_UINT16_ARRAY(running_priority, GICState, GIC_NCPU),
|
|
VMSTATE_UINT16_ARRAY(current_pending, GICState, GIC_NCPU),
|
|
+ VMSTATE_UINT8_ARRAY(bpr, GICState, GIC_NCPU),
|
|
+ VMSTATE_UINT8_ARRAY(abpr, GICState, GIC_NCPU),
|
|
VMSTATE_END_OF_LIST()
|
|
}
|
|
};
|
|
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
|
|
index d2e0c2f..983c3cf 100644
|
|
--- a/include/hw/intc/arm_gic_common.h
|
|
+++ b/include/hw/intc/arm_gic_common.h
|
|
@@ -68,6 +68,13 @@ typedef struct GICState {
|
|
uint16_t running_priority[GIC_NCPU];
|
|
uint16_t current_pending[GIC_NCPU];
|
|
|
|
+ /* We present the GICv2 without security extensions to a guest and
|
|
+ * therefore the guest can configure the GICC_CTLR to configure group 1
|
|
+ * binary point in the abpr.
|
|
+ */
|
|
+ uint8_t bpr[GIC_NCPU];
|
|
+ uint8_t abpr[GIC_NCPU];
|
|
+
|
|
uint32_t num_cpu;
|
|
|
|
MemoryRegion iomem; /* Distributor */
|