[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] fe89fd: virtio-gpu: check early scanout id
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] fe89fd: virtio-gpu: check early scanout id |
|
Date: |
Mon, 23 May 2016 08:35:06 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: fe89fdebcaab696d525f2905b33d7b303111eade
https://github.com/qemu/qemu/commit/fe89fdebcaab696d525f2905b33d7b303111eade
Author: Marc-André Lureau <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: check early scanout id
Before accessing the g->scanout array, in order to avoid potential
out-of-bounds access.
Signed-off-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: d0f0c8654a1a97cfa7a19208afc6a6d3d0fb4326
https://github.com/qemu/qemu/commit/d0f0c8654a1a97cfa7a19208afc6a6d3d0fb4326
Author: Marc-André Lureau <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/virtio-gpu-3d.c
M hw/display/virtio-vga.c
Log Message:
-----------
virtio-vga: propagate on gpu realized error
Signed-off-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 5e3d741c6a192b301692a44084f99876f0d6b643
https://github.com/qemu/qemu/commit/5e3d741c6a192b301692a44084f99876f0d6b643
Author: Marc-André Lureau <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: check max_outputs value
The value must be less than VIRTIO_GPU_MAX_SCANOUT.
Signed-off-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 2fe760554eb3769d70f608a158474f728ba45ba6
https://github.com/qemu/qemu/commit/2fe760554eb3769d70f608a158474f728ba45ba6
Author: Marc-André Lureau <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/virtio-gpu-3d.c
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: check max_outputs only
The scanout id should not be above the configured num_scanouts.
Signed-off-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: acfc4846508a02cc4c83aa27799fd74ac280bdb2
https://github.com/qemu/qemu/commit/acfc4846508a02cc4c83aa27799fd74ac280bdb2
Author: Marc-André Lureau <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/virtio-gpu.c
M include/hw/virtio/virtio-gpu.h
Log Message:
-----------
virtio-gpu: use VIRTIO_GPU_MAX_SCANOUTS
The value is defined in virtio_gpu.h already (changing from 4 to 16).
Signed-off-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 6b860806c0dd881373ead661c0f3499eca2c3995
https://github.com/qemu/qemu/commit/6b860806c0dd881373ead661c0f3499eca2c3995
Author: Marc-André Lureau <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: fix ui idx check
Fix off-by-one value check (0 is the first scanout).
Signed-off-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 94ef4f337fb614f18b765a8e0e878a4c23cdedcd
https://github.com/qemu/qemu/commit/94ef4f337fb614f18b765a8e0e878a4c23cdedcd
Author: Gerd Hoffmann <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/vga.c
M hw/display/vga_int.h
Log Message:
-----------
vga: add sr_vbe register set
Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
(CVE-2016-3712)." causes a regression. The win7 installer is unhappy
because it can't freely modify vga registers any more while in vbe mode.
This patch introduces a new sr_vbe register set. The vbe_update_vgaregs
will fill sr_vbe[] instead of sr[]. Normal vga register reads and
writes go to sr[]. Any sr register read access happens through a new
sr() helper function which will read from sr_vbe[] with vbe active and
from sr[] otherwise.
This way we can allow guests update sr[] registers as they want, without
allowing them disrupt vbe video modes that way.
Cc: address@hidden
Reported-by: Thomas Lamprecht <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 38629bf5e4b563d7038cca50ca2c1f09640877da
https://github.com/qemu/qemu/commit/38629bf5e4b563d7038cca50ca2c1f09640877da
Author: Peter Maydell <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/display/vga.c
M hw/display/vga_int.h
M hw/display/virtio-gpu-3d.c
M hw/display/virtio-gpu.c
M hw/display/virtio-vga.c
M include/hw/virtio/virtio-gpu.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160523-1' into
staging
vga: fix CVE-2016-3712 regression, misc virtio-gpu fixes.
# gpg: Signature made Mon 23 May 2016 13:30:26 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
* remotes/kraxel/tags/pull-vga-20160523-1:
vga: add sr_vbe register set
virtio-gpu: fix ui idx check
virtio-gpu: use VIRTIO_GPU_MAX_SCANOUTS
virtio-gpu: check max_outputs only
virtio-gpu: check max_outputs value
virtio-vga: propagate on gpu realized error
virtio-gpu: check early scanout id
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/e081c24d30c1...38629bf5e4b5
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] fe89fd: virtio-gpu: check early scanout id,
GitHub <=