diff options
| author | Peter Maydell | 2019-01-14 14:54:17 +0100 |
|---|---|---|
| committer | Peter Maydell | 2019-01-14 14:54:17 +0100 |
| commit | c9d18c1c150c84e7a976df989ad04ddf01083f46 (patch) | |
| tree | b4b04c95b9c75162cdf60dbcda51c9ca7563071b /hw/xen/xen_pt_graphics.c | |
| parent | Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-3.2-part2'... (diff) | |
| parent | xen-block: avoid repeated memory allocation (diff) | |
| download | qemu-c9d18c1c150c84e7a976df989ad04ddf01083f46.tar.gz qemu-c9d18c1c150c84e7a976df989ad04ddf01083f46.tar.xz qemu-c9d18c1c150c84e7a976df989ad04ddf01083f46.zip | |
Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20190114' into staging
Xen queue
* Xen PV backend 'qdevification'.
Starting with xen_disk.
* Performance improvements for xen-block.
* Remove of the Xen PV domain builder.
* bug fixes.
# gpg: Signature made Mon 14 Jan 2019 13:46:33 GMT
# gpg: using RSA key 0CF5572FD7FB55AF
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>"
# gpg: aka "Anthony PERARD <anthony.perard@citrix.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A 7161 D8D5 7199 DF83 42C8
# Subkey fingerprint: F80C 0063 08E2 2CFD 8A92 E798 0CF5 572F D7FB 55AF
* remotes/aperard/tags/pull-xen-20190114: (25 commits)
xen-block: avoid repeated memory allocation
xen-block: improve response latency
xen-block: improve batching behaviour
xen: Replace few mentions of xend by libxl
Remove broken Xen PV domain builder
xen: remove the legacy 'xen_disk' backend
MAINTAINERS: add myself as a Xen maintainer
xen: automatically create XenBlockDevice-s
xen: add a mechanism to automatically create XenDevice-s...
xen: add implementations of xen-block connect and disconnect functions...
xen: purge 'blk' and 'ioreq' from function names in dataplane/xen-block.c
xen: remove 'ioreq' struct/varable/field names from dataplane/xen-block.c
xen: remove 'XenBlkDev' and 'blkdev' names from dataplane/xen-block
xen: add header and build dataplane/xen-block.c
xen: remove unnecessary code from dataplane/xen-block.c
xen: duplicate xen_disk.c as basis of dataplane/xen-block.c
xen: add event channel interface for XenDevice-s
xen: add grant table interface for XenDevice-s
xen: add xenstore watcher infrastructure
xen: create xenstore areas for XenDevice-s
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/xen/xen_pt_graphics.c')
| -rw-r--r-- | hw/xen/xen_pt_graphics.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/hw/xen/xen_pt_graphics.c b/hw/xen/xen_pt_graphics.c index 135c8df1e7..b69732729b 100644 --- a/hw/xen/xen_pt_graphics.c +++ b/hw/xen/xen_pt_graphics.c @@ -5,7 +5,7 @@ #include "qapi/error.h" #include "xen_pt.h" #include "xen-host-pci-device.h" -#include "hw/xen/xen_backend.h" +#include "hw/xen/xen-legacy-backend.h" static unsigned long igd_guest_opregion; static unsigned long igd_host_opregion; @@ -185,8 +185,19 @@ void xen_pt_setup_vga(XenPCIPassthroughState *s, XenHostPCIDevice *dev, return; } + if (bios_size < sizeof(struct rom_header)) { + error_setg(errp, "VGA: VBIOS image corrupt (too small)"); + return; + } + /* Currently we fixed this address as a primary. */ rom = (struct rom_header *)bios; + + if (rom->pcioffset + sizeof(struct pci_data) > bios_size) { + error_setg(errp, "VGA: VBIOS image corrupt (bad pcioffset field)"); + return; + } + pd = (void *)(bios + (unsigned char)rom->pcioffset); /* We may need to fixup Device Identification. */ @@ -194,6 +205,11 @@ void xen_pt_setup_vga(XenPCIPassthroughState *s, XenHostPCIDevice *dev, pd->device = s->real_device.device_id; len = rom->size * 512; + if (len > bios_size) { + error_setg(errp, "VGA: VBIOS image corrupt (bad size field)"); + return; + } + /* Then adjust the bios checksum */ for (c = (char *)bios; c < ((char *)bios + len); c++) { checksum += *c; |