diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2025-03-24 13:26:23 -0400 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2025-03-24 13:26:23 -0400 |
| commit | 170825d14d88a1ce7fae98d5a928480f2f329b22 (patch) | |
| tree | d03116d1cf833d94274b092ee6e0d15fb73cd6a5 | |
| parent | 71119ed3651622e1c531d1294839e9f3341adaf5 (diff) | |
| parent | 78877b2e06464f49f777e086845e094ea7bc82ef (diff) | |
| download | qemu-170825d14d88a1ce7fae98d5a928480f2f329b22.zip qemu-170825d14d88a1ce7fae98d5a928480f2f329b22.tar.gz qemu-170825d14d88a1ce7fae98d5a928480f2f329b22.tar.bz2 | |
Merge tag 'pull-aspeed-20250323' of https://github.com/legoater/qemu into staging
aspeed queue:
* Fix AST2700 SoC model
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmfgSG0ACgkQUaNDx8/7
# 7KFIaQ//TDinoK375i/tsRxpHPVHU40mQbn2pCx8g+mDoMZubfExSWncxcOpgzbM
# KM+NSOK0PBnCUHt0aWVb/USyMM7hftJHRkC6IY43HFnRIJlKxPeaS/IC73fPMMKu
# sDuBYz1ALseLFM1vArCiAijA8aCQOAiOBq/GSgscuHcgmTTMJ+c0LbwEaV5/aJwO
# BSIn6bRMLByl6w31NCetu7XwybCI9xCdgcGTuv7gNXtjk8poy540gB1CK02smDjc
# 0uRY9QXjh2epDWXz7UqMlJsEkEUc9BZP/95a70OKFsgDKz1K6kuCxgA3QbKLRgY1
# CDlinhERQuyFta6ulsoQ6E6T6nzc9MzTRjLztSdmMWkCd/qm1j4bWVuGnWD++9WT
# 1Q2IX4D5kurKNizux2+HaV02s3RafpeSjGOYMjaTpr74yqPpwa7gM2WnJhxZF1Md
# MF+ee30be5dJaVcZ0doYd+m3c6M0W5S1H5tR99YTA3auwikY0zgEKHrgXoDnv+sb
# 803AQroIBGZxbnxSH1OVJD4MB7Xos5CBxi0FYvpCy8E7Piaz2EGAe7QQUyHhPZjs
# Eg5rKCXODToYIpTHg+JYakHEt3ooewX3/pSVa//PJzde0eR25VNc6ybl4Xklqxib
# SjQ7HFqPkWrbVNK7o6j1LHLVa+sxtIT8FQtHKh5XjD7wnQwYV5U=
# =AwrM
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 23 Mar 2025 13:44:13 EDT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-aspeed-20250323' of https://github.com/legoater/qemu:
hw/misc/aspeed_hace: Fix buffer overflow in has_padding function
hw/intc/aspeed: Fix IRQ handler mask check
aspeed: Fix maximum number of spi controller
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| -rw-r--r-- | hw/intc/aspeed_intc.c | 2 | ||||
| -rw-r--r-- | hw/misc/aspeed_hace.c | 5 | ||||
| -rw-r--r-- | include/hw/arm/aspeed_soc.h | 2 |
3 files changed, 7 insertions, 2 deletions
diff --git a/hw/intc/aspeed_intc.c b/hw/intc/aspeed_intc.c index 3fd4170..f17bf43 100644 --- a/hw/intc/aspeed_intc.c +++ b/hw/intc/aspeed_intc.c @@ -111,7 +111,7 @@ static void aspeed_intc_set_irq_handler(AspeedINTCState *s, outpin_idx = intc_irq->outpin_idx; inpin_idx = intc_irq->inpin_idx; - if (s->mask[inpin_idx] || s->regs[status_reg]) { + if ((s->mask[inpin_idx] & select) || (s->regs[status_reg] & select)) { /* * a. mask is not 0 means in ISR mode * sources interrupt routine are executing. diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c index 32a5dbd..d75da33 100644 --- a/hw/misc/aspeed_hace.c +++ b/hw/misc/aspeed_hace.c @@ -128,6 +128,11 @@ static bool has_padding(AspeedHACEState *s, struct iovec *iov, if (*total_msg_len <= s->total_req_len) { uint32_t padding_size = s->total_req_len - *total_msg_len; uint8_t *padding = iov->iov_base; + + if (padding_size > req_len) { + return false; + } + *pad_offset = req_len - padding_size; if (padding[*pad_offset] == 0x80) { return true; diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h index f899356..f069d17 100644 --- a/include/hw/arm/aspeed_soc.h +++ b/include/hw/arm/aspeed_soc.h @@ -42,7 +42,7 @@ #include "hw/char/serial-mm.h" #include "hw/intc/arm_gicv3.h" -#define ASPEED_SPIS_NUM 2 +#define ASPEED_SPIS_NUM 3 #define ASPEED_EHCIS_NUM 2 #define ASPEED_WDTS_NUM 8 #define ASPEED_CPUS_NUM 4 |