From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-ppc@nongnu.org, qemu-arm@nongnu.org, qemu-block@nongnu.org,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Bernhard Beschow" <shentey@gmail.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>
Subject: [PULL 18/56] hw/isa: specify instance_size in isa_superio_type_info
Date: Thu, 15 Feb 2024 18:57:12 +0100 [thread overview]
Message-ID: <20240215175752.82828-19-philmd@linaro.org> (raw)
In-Reply-To: <20240215175752.82828-1-philmd@linaro.org>
From: Paolo Bonzini <pbonzini@redhat.com>
Right now all subclasses of TYPE_ISA_SUPERIO have to specify an instance_size,
because the ISASuperIODevice struct adds fields to ISADevice but the type does
not include the increased instance size. Failure to do so results in an access
past the bounds of struct ISADevice as soon as isa_superio_realize is called.
Fix this by specifying the instance_size already in the superclass.
Fixes: 4c3119a6e3 ("hw/isa/superio: Factor out the parallel code from pc87312.c")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20240213155005.109954-6-pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
hw/isa/isa-superio.c | 2 +-
hw/isa/smc37c669-superio.c | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 7dbfc374da..d85f22db1a 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -185,6 +185,7 @@ static const TypeInfo isa_superio_type_info = {
.abstract = true,
.class_size = sizeof(ISASuperIOClass),
.class_init = isa_superio_class_init,
+ .instance_size = sizeof(ISASuperIODevice),
};
/* SMS FDC37M817 Super I/O */
@@ -201,7 +202,6 @@ static void fdc37m81x_class_init(ObjectClass *klass, void *data)
static const TypeInfo fdc37m81x_type_info = {
.name = TYPE_FDC37M81X_SUPERIO,
.parent = TYPE_ISA_SUPERIO,
- .instance_size = sizeof(ISASuperIODevice),
.class_init = fdc37m81x_class_init,
};
diff --git a/hw/isa/smc37c669-superio.c b/hw/isa/smc37c669-superio.c
index 18287741cb..9e59dc1603 100644
--- a/hw/isa/smc37c669-superio.c
+++ b/hw/isa/smc37c669-superio.c
@@ -103,7 +103,6 @@ static void smc37c669_class_init(ObjectClass *klass, void *data)
static const TypeInfo smc37c669_type_info = {
.name = TYPE_SMC37C669_SUPERIO,
.parent = TYPE_ISA_SUPERIO,
- .instance_size = sizeof(ISASuperIODevice),
.class_size = sizeof(ISASuperIOClass),
.class_init = smc37c669_class_init,
};
--
2.41.0
next prev parent reply other threads:[~2024-02-15 18:08 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 17:56 [PULL 00/56] Misc HW patches for 2024-02-15 Philippe Mathieu-Daudé
2024-02-15 17:56 ` [PULL 01/56] hw/block/tc58128: Don't emit deprecation warning under qtest Philippe Mathieu-Daudé
2024-02-15 17:56 ` [PULL 02/56] hw/mips: remove unnecessary "select PTIMER" Philippe Mathieu-Daudé
2024-02-15 17:56 ` [PULL 03/56] target/mips: Use qemu_irq typedef for CPUMIPSState::irq member Philippe Mathieu-Daudé
2024-02-15 17:56 ` [PULL 04/56] target/mips: Remove helpers accessing SAAR registers Philippe Mathieu-Daudé
2024-02-15 17:56 ` [PULL 05/56] hw/misc/mips: Reduce itc_reconfigure() scope Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 06/56] target/mips: Remove MIPSITUState::itu field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 07/56] target/mips: Remove CPUMIPSState::saarp field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 08/56] hw/misc/mips_itu: Remove MIPSITUState::cpu0 field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 09/56] hw/misc/mips_itu: Remove MIPSITUState::saar field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 10/56] target/mips: Remove unused mips_def_t::SAARP field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 11/56] target/mips: Remove CPUMIPSState::CP0_SAAR[2] field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 12/56] target/mips: Remove helpers accessing SAARI register Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 13/56] target/mips: Remove CPUMIPSState::CP0_SAARI field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 14/56] target/mips: Remove the unused DisasContext::saar field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 15/56] hw/isa: clean up Kconfig selections for ISA_SUPERIO Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 16/56] hw/mips/Kconfig: Remove ISA dependencies from MIPSsim board Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 17/56] hw/isa: fix ISA_SUPERIO dependencies Philippe Mathieu-Daudé
2024-02-15 17:57 ` Philippe Mathieu-Daudé [this message]
2024-02-15 17:57 ` [PULL 19/56] hw/isa: extract FDC37M81X to a separate file Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 20/56] hw/rx/rx62n: Reduce inclusion of 'qemu/units.h' Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 21/56] hw/rx/rx62n: Only call qdev_get_gpio_in() when necessary Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 22/56] hw/i386/q35: Realize LPC PCI function before accessing it Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 23/56] hw/ppc/prep: Realize ISA bridge " Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 24/56] hw/misc/macio: Realize IDE controller " Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 25/56] hw/sh4/r2d: " Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 26/56] hw/dma: Pass parent object to i8257_dma_init() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 27/56] hw/sparc/sun4m: Realize DMA controller before accessing it Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 28/56] hw/sparc64/cpu: Initialize GPIO before realizing CPU devices Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 29/56] target/sparc: Provide hint about CPUSPARCState::irq_manager member Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 30/56] hw/sparc/leon3: Remove duplicate code Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 31/56] hw/sparc/leon3: Remove unused 'env' argument of write_bootloader() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 32/56] hw/sparc/leon3: Have write_bootloader() take a void pointer argument Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 33/56] hw/sparc/grlib: split out the headers for each peripherals Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 34/56] hw/intc/grlib_irqmp: add ncpus property Philippe Mathieu-Daudé
2024-03-08 13:27 ` Peter Maydell
2024-03-08 15:01 ` Clément Chigot
2024-02-15 17:57 ` [PULL 35/56] hw/intc/grlib_irqmp: implements the multiprocessor status register Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 36/56] hw/intc/grlib_irqmp: implements multicore irq Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 37/56] target/sparc: implement asr17 feature for smp Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 38/56] hw/sparc/leon3: remove SP initialization Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 39/56] hw/sparc/leon3: implement multiprocessor Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 40/56] hw/sparc/leon3: check cpu_id in the tiny bootloader Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 41/56] hw/sparc/leon3: Pass DeviceState opaque argument to leon3_set_pil_in() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 42/56] hw/sparc/leon3: Pass DeviceState opaque argument to leon3_start_cpu() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 43/56] hw/sparc/leon3: Initialize GPIO before realizing CPU devices Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 44/56] MAINTAINERS: replace Fabien by myself as Leon3 maintainer Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 45/56] MAINTAINERS: Add myself as reviewer for TCG Plugins Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 46/56] hw/i386/q35: Simplify pc_q35_init() since PCI is always enabled Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 47/56] hw/i386/q35: Use DEVICE() cast macro with PCIDevice object Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 48/56] hw/ide/ahci: Expose AHCIPCIState structure Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 49/56] hw/ide/ahci: Rename AHCI PCI function as 'pdev' Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 50/56] hw/ide/ahci: Inline ahci_get_num_ports() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 51/56] hw/ide/ahci: Pass AHCI context to ahci_ide_create_devs() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 52/56] hw/ide/ahci: Convert AHCIState::ports to unsigned Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 53/56] hw/ide/ahci: Do not pass 'ports' argument to ahci_realize() Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 54/56] hw/ide/ahci: Remove SysbusAHCIState::num_ports field Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 55/56] hw/ide/ahci: Move SysBus definitions to 'ahci-sysbus.h' Philippe Mathieu-Daudé
2024-02-15 17:57 ` [PULL 56/56] hw/ide/ich9: Use AHCIPCIState typedef Philippe Mathieu-Daudé
2024-02-16 13:31 ` [PULL 00/56] Misc HW patches for 2024-02-15 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240215175752.82828-19-philmd@linaro.org \
--to=philmd@linaro.org \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=shentey@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).