diff options
| author | Peter Maydell | 2018-07-02 15:57:43 +0200 |
|---|---|---|
| committer | Peter Maydell | 2018-07-02 15:57:43 +0200 |
| commit | 7320bb2cb0b0bc54ecab3dfaea797d8f42e34ad9 (patch) | |
| tree | 45860d60d5072a356dcf225a9d3796b31cd288a9 /hw/core/loader.c | |
| parent | Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-3.0-pull-request' ... (diff) | |
| parent | s390x/tcg: fix locking problem with tcg_s390_tod_updated (diff) | |
| download | qemu-7320bb2cb0b0bc54ecab3dfaea797d8f42e34ad9.tar.gz qemu-7320bb2cb0b0bc54ecab3dfaea797d8f42e34ad9.tar.xz qemu-7320bb2cb0b0bc54ecab3dfaea797d8f42e34ad9.zip | |
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180702' into staging
s390x updates:
- add bpb/ppa15 features to default cpu model for z196 and later
- rework TOD handling and fix cpu hotplug under tcg
- various fixes
# gpg: Signature made Mon 02 Jul 2018 12:09:40 BST
# gpg: using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg: aka "Cornelia Huck <cohuck@kernel.org>"
# gpg: aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck/tags/s390x-20180702:
s390x/tcg: fix locking problem with tcg_s390_tod_updated
s390x/kvm: indicate alignment in legacy_s390_alloc()
s390x/kvm: legacy_s390_alloc() only supports one allocation
s390x/tcg: fix CPU hotplug with single-threaded TCG
s390x/tcg: rearm the CKC timer during migration
s390x/tcg: implement SET CLOCK
s390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts
s390x/tcg: properly implement the TOD
s390x/tcg: drop tod_basetime
s390x/tod: factor out TOD into separate device
s390x/kvm: pass values instead of pointers to kvm_s390_set_clock_*()
s390x/tcg: avoid overflows in time2tod/tod2time
s390x/cpumodel: default enable bpb and ppa15 for z196 and later
loader: Check access size when calling rom_ptr() to avoid crashes
s390/ipl: fix ipl with -no-reboot
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/core/loader.c')
| -rw-r--r-- | hw/core/loader.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/hw/core/loader.c b/hw/core/loader.c index 06bdbca537..bbb6e65bb5 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -191,7 +191,7 @@ void pstrcpy_targphys(const char *name, hwaddr dest, int buf_size, rom_add_blob_fixed(name, source, (nulp - source) + 1, dest); } else { rom_add_blob_fixed(name, source, buf_size, dest); - ptr = rom_ptr(dest + buf_size - 1); + ptr = rom_ptr(dest + buf_size - 1, sizeof(*ptr)); *ptr = 0; } } @@ -1165,7 +1165,7 @@ void rom_reset_order_override(void) fw_cfg_reset_order_override(fw_cfg); } -static Rom *find_rom(hwaddr addr) +static Rom *find_rom(hwaddr addr, size_t size) { Rom *rom; @@ -1179,7 +1179,7 @@ static Rom *find_rom(hwaddr addr) if (rom->addr > addr) { continue; } - if (rom->addr + rom->romsize < addr) { + if (rom->addr + rom->romsize < addr + size) { continue; } return rom; @@ -1249,11 +1249,11 @@ int rom_copy(uint8_t *dest, hwaddr addr, size_t size) return (d + l) - dest; } -void *rom_ptr(hwaddr addr) +void *rom_ptr(hwaddr addr, size_t size) { Rom *rom; - rom = find_rom(addr); + rom = find_rom(addr, size); if (!rom || !rom->data) return NULL; return rom->data + (addr - rom->addr); |