diff options
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/alpha/dp264.c | 4 | ||||
| -rw-r--r-- | hw/arm/sbsa-ref.c | 4 | ||||
| -rw-r--r-- | hw/arm/virt.c | 4 | ||||
| -rw-r--r-- | hw/core/machine.c | 8 | ||||
| -rw-r--r-- | hw/hppa/machine.c | 4 | ||||
| -rw-r--r-- | hw/loongarch/virt.c | 4 | ||||
| -rw-r--r-- | hw/mips/loongson3_virt.c | 4 | ||||
| -rw-r--r-- | hw/scsi/lsi53c895a.c | 24 | ||||
| -rw-r--r-- | hw/xtensa/virt.c | 9 |
9 files changed, 50 insertions, 15 deletions
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c index 4161f559a7..03495e1e60 100644 --- a/hw/alpha/dp264.c +++ b/hw/alpha/dp264.c @@ -49,6 +49,7 @@ static void clipper_init(MachineState *machine) const char *kernel_filename = machine->kernel_filename; const char *kernel_cmdline = machine->kernel_cmdline; const char *initrd_filename = machine->initrd_filename; + MachineClass *mc = MACHINE_GET_CLASS(machine); AlphaCPU *cpus[4]; PCIBus *pci_bus; PCIDevice *pci_dev; @@ -124,7 +125,7 @@ static void clipper_init(MachineState *machine) /* Network setup. e1000 is good enough, failing Tulip support. */ for (i = 0; i < nb_nics; i++) { - pci_nic_init_nofail(&nd_table[i], pci_bus, "e1000", NULL); + pci_nic_init_nofail(&nd_table[i], pci_bus, mc->default_nic, NULL); } /* Super I/O */ @@ -213,6 +214,7 @@ static void clipper_machine_init(MachineClass *mc) mc->is_default = true; mc->default_cpu_type = ALPHA_CPU_TYPE_NAME("ev67"); mc->default_ram_id = "ram"; + mc->default_nic = "e1000"; } DEFINE_MACHINE("clipper", clipper_machine_init) diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index 792371fdce..9c3e670ec6 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -596,6 +596,7 @@ static void create_pcie(SBSAMachineState *sms) hwaddr size_mmio_high = sbsa_ref_memmap[SBSA_PCIE_MMIO_HIGH].size; hwaddr base_pio = sbsa_ref_memmap[SBSA_PCIE_PIO].base; int irq = sbsa_ref_irqmap[SBSA_PCIE]; + MachineClass *mc = MACHINE_GET_CLASS(sms); MemoryRegion *mmio_alias, *mmio_alias_high, *mmio_reg; MemoryRegion *ecam_alias, *ecam_reg; DeviceState *dev; @@ -641,7 +642,7 @@ static void create_pcie(SBSAMachineState *sms) NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("e1000e"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci->bus, nd->model, NULL); @@ -858,6 +859,7 @@ static void sbsa_ref_class_init(ObjectClass *oc, void *data) mc->minimum_page_bits = 12; mc->block_default_type = IF_IDE; mc->no_cdrom = 1; + mc->default_nic = "e1000e"; mc->default_ram_size = 1 * GiB; mc->default_ram_id = "sbsa-ref.ram"; mc->default_cpus = 4; diff --git a/hw/arm/virt.c b/hw/arm/virt.c index b99ae18501..9b9f7d9c68 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1426,6 +1426,7 @@ static void create_pcie(VirtMachineState *vms) int i, ecam_id; PCIHostState *pci; MachineState *ms = MACHINE(vms); + MachineClass *mc = MACHINE_GET_CLASS(ms); dev = qdev_new(TYPE_GPEX_HOST); sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); @@ -1479,7 +1480,7 @@ static void create_pcie(VirtMachineState *vms) NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci->bus, nd->model, NULL); @@ -3033,6 +3034,7 @@ static void virt_machine_class_init(ObjectClass *oc, void *data) mc->auto_enable_numa_with_memhp = true; mc->auto_enable_numa_with_memdev = true; mc->default_ram_id = "mach-virt.ram"; + mc->default_nic = "virtio-net-pci"; object_class_property_add(oc, "acpi", "OnOffAuto", virt_get_acpi, virt_set_acpi, diff --git a/hw/core/machine.c b/hw/core/machine.c index 07f763eb2e..1000406211 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1338,6 +1338,14 @@ void machine_run_board_init(MachineState *machine, const char *mem_path, Error * } } else if (machine_class->default_ram_id && machine->ram_size && numa_uses_legacy_mem()) { + if (object_property_find(object_get_objects_root(), + machine_class->default_ram_id)) { + error_setg(errp, "object name '%s' is reserved for the default" + " RAM backend, it can't be used for any other purposes." + " Change the object's 'id' to something else", + machine_class->default_ram_id); + return; + } if (!create_default_memdev(current_machine, mem_path, errp)) { return; } diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c index 8fea5fa6b8..b00a91ecfe 100644 --- a/hw/hppa/machine.c +++ b/hw/hppa/machine.c @@ -177,6 +177,7 @@ static void machine_hppa_init(MachineState *machine) const char *kernel_filename = machine->kernel_filename; const char *kernel_cmdline = machine->kernel_cmdline; const char *initrd_filename = machine->initrd_filename; + MachineClass *mc = MACHINE_GET_CLASS(machine); DeviceState *dev, *dino_dev, *lasi_dev; PCIBus *pci_bus; ISABus *isa_bus; @@ -272,7 +273,7 @@ static void machine_hppa_init(MachineState *machine) for (i = 0; i < nb_nics; i++) { if (!enable_lasi_lan()) { - pci_nic_init_nofail(&nd_table[i], pci_bus, "tulip", NULL); + pci_nic_init_nofail(&nd_table[i], pci_bus, mc->default_nic, NULL); } } @@ -462,6 +463,7 @@ static void hppa_machine_init_class_init(ObjectClass *oc, void *data) mc->default_ram_size = 512 * MiB; mc->default_boot_order = "cd"; mc->default_ram_id = "ram"; + mc->default_nic = "tulip"; nc->nmi_monitor_handler = hppa_nmi; } diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c index 2b7588e32a..ceddec1b23 100644 --- a/hw/loongarch/virt.c +++ b/hw/loongarch/virt.c @@ -474,6 +474,7 @@ static DeviceState *create_platform_bus(DeviceState *pch_pic) static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState *lams) { + MachineClass *mc = MACHINE_GET_CLASS(lams); DeviceState *gpex_dev; SysBusDevice *d; PCIBus *pci_bus; @@ -528,7 +529,7 @@ static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState * NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci_bus, nd->model, NULL); @@ -1038,6 +1039,7 @@ static void loongarch_class_init(ObjectClass *oc, void *data) mc->default_boot_order = "c"; mc->no_cdrom = 1; mc->get_hotplug_handler = virt_machine_get_hotplug_handler; + mc->default_nic = "virtio-net-pci"; hc->plug = loongarch_machine_device_plug_cb; hc->pre_plug = virt_machine_device_pre_plug; hc->unplug_request = virt_machine_device_unplug_request; diff --git a/hw/mips/loongson3_virt.c b/hw/mips/loongson3_virt.c index 25534288dd..216812f660 100644 --- a/hw/mips/loongson3_virt.c +++ b/hw/mips/loongson3_virt.c @@ -406,6 +406,7 @@ static inline void loongson3_virt_devices_init(MachineState *machine, PCIBus *pci_bus; DeviceState *dev; MemoryRegion *mmio_reg, *ecam_reg; + MachineClass *mc = MACHINE_GET_CLASS(machine); LoongsonMachineState *s = LOONGSON_MACHINE(machine); dev = qdev_new(TYPE_GPEX_HOST); @@ -456,7 +457,7 @@ static inline void loongson3_virt_devices_init(MachineState *machine, NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci_bus, nd->model, NULL); @@ -619,6 +620,7 @@ static void loongson3v_machine_class_init(ObjectClass *oc, void *data) mc->default_ram_size = 1600 * MiB; mc->kvm_type = mips_kvm_type; mc->minimum_page_bits = 14; + mc->default_nic = "virtio-net-pci"; } static const TypeInfo loongson3_machine_types[] = { diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index db27872963..f7d45b0b20 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1134,15 +1134,24 @@ static void lsi_execute_script(LSIState *s) uint32_t addr, addr_high; int opcode; int insn_processed = 0; + static int reentrancy_level; + + reentrancy_level++; s->istat1 |= LSI_ISTAT1_SRUN; again: - if (++insn_processed > LSI_MAX_INSN) { - /* Some windows drivers make the device spin waiting for a memory - location to change. If we have been executed a lot of code then - assume this is the case and force an unexpected device disconnect. - This is apparently sufficient to beat the drivers into submission. - */ + /* + * Some windows drivers make the device spin waiting for a memory location + * to change. If we have executed more than LSI_MAX_INSN instructions then + * assume this is the case and force an unexpected device disconnect. This + * is apparently sufficient to beat the drivers into submission. + * + * Another issue (CVE-2023-0330) can occur if the script is programmed to + * trigger itself again and again. Avoid this problem by stopping after + * being called multiple times in a reentrant way (8 is an arbitrary value + * which should be enough for all valid use cases). + */ + if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) { if (!(s->sien0 & LSI_SIST0_UDC)) { qemu_log_mask(LOG_GUEST_ERROR, "lsi_scsi: inf. loop with UDC masked"); @@ -1596,6 +1605,8 @@ again: } } trace_lsi_execute_script_stop(); + + reentrancy_level--; } static uint8_t lsi_reg_readb(LSIState *s, int offset) @@ -2307,6 +2318,7 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp) * re-entrancy guard. */ s->ram_io.disable_reentrancy_guard = true; + s->mmio_io.disable_reentrancy_guard = true; address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); qdev_init_gpio_out(d, &s->ext_irq, 1); diff --git a/hw/xtensa/virt.c b/hw/xtensa/virt.c index a18e3fc910..b87f842e74 100644 --- a/hw/xtensa/virt.c +++ b/hw/xtensa/virt.c @@ -38,7 +38,8 @@ #include "xtensa_memory.h" #include "xtensa_sim.h" -static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base) +static void create_pcie(MachineState *ms, CPUXtensaState *env, int irq_base, + hwaddr addr_base) { hwaddr base_ecam = addr_base + 0x00100000; hwaddr size_ecam = 0x03f00000; @@ -54,6 +55,7 @@ static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base) MemoryRegion *mmio_alias; MemoryRegion *mmio_reg; + MachineClass *mc = MACHINE_GET_CLASS(ms); DeviceState *dev; PCIHostState *pci; qemu_irq *extints; @@ -104,7 +106,7 @@ static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base) NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci->bus, nd->model, NULL); @@ -117,7 +119,7 @@ static void xtensa_virt_init(MachineState *machine) XtensaCPU *cpu = xtensa_sim_common_init(machine); CPUXtensaState *env = &cpu->env; - create_pcie(env, 0, 0xf0000000); + create_pcie(machine, env, 0, 0xf0000000); xtensa_sim_load_kernel(cpu, machine); } @@ -127,6 +129,7 @@ static void xtensa_virt_machine_init(MachineClass *mc) mc->init = xtensa_virt_init; mc->max_cpus = 32; mc->default_cpu_type = XTENSA_DEFAULT_CPU_TYPE; + mc->default_nic = "virtio-net-pci"; } DEFINE_MACHINE("virt", xtensa_virt_machine_init) |