File 0298-dma-rc4030-limit-interval-timer-rel.patch of Package qemu.3557

Overview Repositories Revisions Requests Users Attributes Meta

File 0298-dma-rc4030-limit-interval-timer-rel.patch of Package qemu.3557

From c3a87425a3bbd78e066b434049ac646d97e1f391 Mon Sep 17 00:00:00 2001
From: P J P <ppandit@redhat.com>
Date: Mon, 31 Oct 2016 15:55:14 -0600
Subject: [PATCH] dma: rc4030: limit interval timer reload value

The JAZZ RC4030 chipset emulator has a periodic timer and
associated interval reload register. The reload value is used
as divider when computing timer's next tick value. If reload
value is large, it could lead to divide by zero error. Limit
the interval reload value to avoid it.

Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
[BR: CVE-2016-8667 BSC#1004702]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/dma/rc4030.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index af26632..fb475db 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -377,7 +377,7 @@ static void rc4030_writel(void *opaque, hwaddr addr, uint32_t val)
         break;
     /* Interval timer reload */
     case 0x0228:
-        s->itr = val;
+        s->itr = val & 0x01FF;
         qemu_irq_lower(s->timer_irq);
         set_next_tick(s);
         break;

Places

File 0298-dma-rc4030-limit-interval-timer-rel.patch of Package qemu.3557

Places