sim-card
/
qemu
Archived
10
0
Fork 0
Code Releases Activity
4,332 Commits 1 Branch 0 Tags 40 MiB
Commit Graph

1160 Commits

Author SHA1 Message Date
aurel32 b2eb849d4b CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow 
I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.

| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-05 21:26:31 +00:00
blueswir1 cbf5c748e2 Fix Sparc64 serial device breakage 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4339 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-05 17:37:44 +00:00
aurel32 b6cd0ea120 8250: Customized base baudrate 
(Jan Kiszka)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4336 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 21:42:11 +00:00
aurel32 6936bfe514 8250: throttle TX-completion IRQs 
(Jan Kiszka)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4335 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 21:42:00 +00:00
aurel32 0ecdffbb60 Allow bootdevice change from the monitor 
(Gildas Le Nadan)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4333 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 20:11:34 +00:00
balrog 4001a81e8e MusicPal mono playback support. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4332 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 15:47:15 +00:00
balrog 54585ffec7 OMAP STI/XTI console. 
Add a dummy serial to receive the output from STI console (OMAP
debugging/emulation interface).
Add some more OMAP UART dummy registers.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4331 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 15:26:28 +00:00
aurel32 4c54e87568 Remember the state of level-triggered interrupts 
(Hollis Blanchard)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4330 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 13:15:24 +00:00
aurel32 50bf72b384 PPC UIC: Remove interrupt polarity code 
(Hollis Blanchard)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4329 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 13:15:15 +00:00
aurel32 1534272158 Fix spurious VGA updates 
(Samuel Thibault)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4328 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 13:11:53 +00:00
aurel32 8dd3dca351 remove target ifdefs from vl.c 
(Glauber Costa)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4327 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 13:11:44 +00:00
balrog 91834991f6 Remove debug sample rate slowdown. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4326 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 12:18:51 +00:00
balrog af83e09e9e Use external clock in wm8750 slave mode. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4325 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 12:15:51 +00:00
balrog db502b6126 Update volume for WM8750 input voices. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4322 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 10:55:25 +00:00
balrog 683efdcbdb First cut at WM8750 volume control (Jan Kiszka). 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4321 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 10:21:03 +00:00
aurel32 c75a823c80 Set default console size 
(Stefan Weil)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4316 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-04 00:50:34 +00:00
edgar_igl 63c1d9252a Avoid a build warning. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4303 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-02 22:47:34 +00:00
edgar_igl b01cde7bdf ETRAX-FS board: Add more flash and internal memory. Select interrupt nr for the 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4302 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-02 22:38:53 +00:00
edgar_igl 602372237d ETRAX timers: Improve the support for timer1 and let the board-setup choose irq nr. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4301 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-02 22:32:02 +00:00
edgar_igl f062058fa1 ETRAX serial port: 
* Simulate basic interrupt driven serial io.
* Connect to qemu char dev.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4300 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-02 22:21:55 +00:00
balrog b0f6edb18e Musicpal: convert to ram_addr_t 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4295 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-02 01:35:20 +00:00
blueswir1 771effeb8d FDC: Fix data transfer len (Hervé Poussineau) 
In floppy controller, transfer data len is not correctly calculated.
We should read up to the last sector specified by the caller, and not up to
the last sector of the floppy.



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4294 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-01 19:05:12 +00:00
blueswir1 b3bc154098 FDC: Fix buffer overflow (Hervé Poussineau) 
In floppy controller, programming PIO writes which are more than one sector
long leads to a buffer overflow of the fdtrl->fifo[] array.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4293 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-01 19:03:31 +00:00
blueswir1 6ef05b9546 Improved large memory support 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4292 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-05-01 18:21:46 +00:00
blueswir1 cefec4f5dc FDC fix 10/10 (Hervé Poussineau): 
- Replaces access to cur_drv field by macros.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4290 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:18:58 +00:00
blueswir1 78ae820cfe FDC fix 9/10 (Hervé Poussineau): 
- Supports up to 4 floppy drives if MAX_FD is set to 4.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4289 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:18:26 +00:00
blueswir1 46d3233ba0 FDC fix 8/10 (Hervé Poussineau): 
- Replaces bootsel field by the whole tdr register. It may be easier if we want to later add support for tapes.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4288 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:17:42 +00:00
blueswir1 7737052092 FDC fix 7/10 (Hervé Poussineau): 
- Removes useless fields in fdrive_t structure.
- Adds a message when bdrv_read/bdrv_write calls fail.
- Rename int_status to status0.
- Replace some constants by value names.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4287 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:17:08 +00:00
blueswir1 b9b3d22516 FDC fix 6/10 (Hervé Poussineau): 
- Stores controller state in MSR register instead of internal state field. This simplifies the fdctrl_read_main_status() function, which may be called in some tight loops.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4286 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:16:30 +00:00
blueswir1 1c346df2a2 FDC fix 5/10 (Hervé Poussineau): 
- Better handling of DOR register. DOR register drives external motors, but it not limited to existing drives.
- Use FD_DOR_nRESET flag instead of internal FD_CTRL_RESET flag.
- Support writing to DOR register even in reset mode (as said in specification)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4285 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:15:53 +00:00
blueswir1 368df94d16 FDC fix 4/10 (Hervé Poussineau): 
- Handles correctly FD_MSR_NONDMA/FD_DOR_NONDMA flags, and uses them when possible. Fixes a problem with SPECIFY command.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4284 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:15:12 +00:00
blueswir1 8c6a4d7742 FDC fix 3/10 (Hervé Poussineau): 
- Fixes status A and status B registers. It removes one Sun4m mutation. Also removes the internal FD_CTRL_INTR flag.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4283 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:14:15 +00:00
blueswir1 746d6de7fe FDC fix 2/10 (Hervé Poussineau): 
- Extract seeking to next sector handling in a function. Add a sector seek in PIO read and write modes


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4282 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:13:36 +00:00
blueswir1 678803abe6 FDC fix 1/12 (Hervé Poussineau): 
- Adds a command lookup table, as suggested by Fabrice at http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00143.html
- This also moves initialization functions at the bottom of the file to prevent multiple forward declarations.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4281 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:12:30 +00:00
blueswir1 b1fa716443 Revert v4260, breaks Sparc32 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4280 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-29 16:08:54 +00:00
aurel32 923e5e339f qemu ppc uic: Order IRQ bit number as described in the UIC documentation. 
(Hollis Blanchard)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4273 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-28 00:00:24 +00:00
balrog aa92310171 musicpal: Fix output level of 8-bit samples (Jan Kiszka). 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4269 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-27 23:31:40 +00:00
balrog 7546c016e5 Ignore the wrapping of acpi timer counter again. 
Revert problematic change to restore system_powerdown.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4268 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-27 22:57:10 +00:00
aurel32 4fc5d07176 Fix a regression introduced by my previous commit, ram_size is now 
unsigned.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4266 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-27 21:39:40 +00:00
aurel32 00f82b8a31 Use correct types to enable > 2G support, based on a patch from 
Anthony Liguori.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4265 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-27 21:12:55 +00:00
blueswir1 c1d00dc0b4 Revert wrong changes 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4264 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-27 16:43:11 +00:00
blueswir1 ac2e9d66b2 Fix broken TCX vram, restore Sun4u PROM_SIZE_MAX 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4263 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-27 15:29:18 +00:00
balrog 47e4ca5abd Fix scsi-disk sense-key/status confusion (Marcelo Tosatti). 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4260 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-26 15:56:05 +00:00
balrog ce1f4520ff Fix sci irq set when acpi timer about to wrap (Dor Laor, Yaniv Kamay). 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4258 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-26 14:50:48 +00:00
balrog c38b6e2591 Fill in touchscreen calibration values from a Palm T|E. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4256 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-26 13:33:29 +00:00
balrog 662caa6f91 Let WM8750 users write to audio buffer directly. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4254 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-26 12:00:18 +00:00
balrog c21c583a1d Fix USB and HID report descriptors for mouse and tablet. 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4253 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-26 01:43:07 +00:00
balrog 0266f2c733 Fix MusicPal LCD on non-32 bpp displays or with -nographic. 
Prevents an immediate segfault.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4252 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-25 00:59:43 +00:00
balrog 523111e7ef Improve audio api use in WM8750. 
These are changes from
http://svn.openmoko.org/trunk/src/host/qemu-neo1973/hw/wm8753.c that I
forgot to push to WM8750.  Some were suggested by malc.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4249 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-24 21:01:40 +00:00
balrog 24859b68ee ARM: Marvell 88w8618 / MusicPal emulation (Jan Kiszka). 
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4248 c046a42c-6fe2-441c-8c8c-71466251a162
 2008-04-24 19:21:53 +00:00