File nvram-add-nrf51_soc-flash-read-method.patch of Package qemu.20375
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 11 Aug 2020 17:11:29 +0530
Subject: nvram: add nrf51_soc flash read method
Git-commit: b5bf601f364e1a14ca4c3276f88dfec024acf613
References: bsc#1173612, CVE-2020-15469
Add nrf51_soc mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20200811114133.672647-6-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/nvram/nrf51_nvm.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c
index 4d678f994e7d7579d6328aeb5d9a..61365e9174b7e3328c748da329fb 100644
--- a/hw/nvram/nrf51_nvm.c
+++ b/hw/nvram/nrf51_nvm.c
@@ -273,6 +273,15 @@ static const MemoryRegionOps io_ops = {
.endianness = DEVICE_LITTLE_ENDIAN,
};
+static uint64_t flash_read(void *opaque, hwaddr offset, unsigned size)
+{
+ /*
+ * This is a rom_device MemoryRegion which is always in
+ * romd_mode (we never put it in MMIO mode), so reads always
+ * go directly to RAM and never come here.
+ */
+ g_assert_not_reached();
+}
static void flash_write(void *opaque, hwaddr offset, uint64_t value,
unsigned int size)
@@ -300,6 +309,7 @@ static void flash_write(void *opaque, hwaddr offset, uint64_t value,
static const MemoryRegionOps flash_ops = {
+ .read = flash_read,
.write = flash_write,
.valid.min_access_size = 4,
.valid.max_access_size = 4,