Merge tag 'pull-request-2022-03-21' of into staging

* Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611)
* Fix heap overflow due to recursive DMA in sdhci code

# gpg: Signature made Mon 21 Mar 2022 16:14:36 GMT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer ""
# gpg: Good signature from "Thomas Huth <>" [full]
# gpg:                 aka "Thomas Huth <>" [full]
# gpg:                 aka "Thomas Huth <>" [full]
# gpg:                 aka "Thomas Huth <>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-03-21' of
  tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)
  hw/sd/sdhci: Prohibit DMA accesses to devices
  hw/sd/sdhci: Honor failed DMA transactions
  tests/qtest/intel-hda-test: Add reproducer for issue #542
  hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices)
  hw/audio/intel-hda: Do not ignore DMA overrun errors
  softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
  softmmu/physmem: Simplify flatview_write and address_space_access_valid

Signed-off-by: Peter Maydell <>