[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 972251: macio: fix overflow in lba to offset
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 972251: macio: fix overflow in lba to offset conversion fo... |
|
Date: |
Tue, 12 Jan 2016 03:30:03 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 97225170f6ee6d0ad8653916c7a5e4508cbffc18
https://github.com/qemu/qemu/commit/97225170f6ee6d0ad8653916c7a5e4508cbffc18
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M hw/ide/macio.c
Log Message:
-----------
macio: fix overflow in lba to offset conversion for ATAPI devices
As the IDEState lba field is an int32_t, make sure we cast to int64_t before
shifting to calculate the offset. Otherwise we end up with an overflow when
trying to access sectors beyond 2GB as can occur when using DVD images.
[Maintainer edit: fixed extraneous parentheses. --js]
Signed-off-by: Mark Cave-Ayland <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 4ab0359a8ae182a7ac5c99609667273167703fab
https://github.com/qemu/qemu/commit/4ab0359a8ae182a7ac5c99609667273167703fab
Author: Prasad J Pandit <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
ide: ahci: reset ncq object to unused on error
When processing NCQ commands, AHCI device emulation prepares a
NCQ transfer object; To which an aio control block(aiocb) object
is assigned in 'execute_ncq_command'. In case, when the NCQ
command is invalid, the 'aiocb' object is not assigned, and NCQ
transfer object is left as 'used'. This leads to a use after
free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
Reset NCQ transfer object to 'unused' to avoid it.
[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
Reported-by: Qinghao Tang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Reviewed-by: John Snow <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
Commit: 248de4a89915001e64176580d620d22b612e06f2
https://github.com/qemu/qemu/commit/248de4a89915001e64176580d620d22b612e06f2
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/ahci-test.c
Log Message:
-----------
ahci-test: fix memory leak
Use the proper free command to detroy an AHCICommand.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: 54d268b26ace741f2acab2b8fee0eb325da66b2c
https://github.com/qemu/qemu/commit/54d268b26ace741f2acab2b8fee0eb325da66b2c
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/libqos/ahci.c
M tests/libqos/ahci.h
Log Message:
-----------
libqos/ahci: ATAPI support
Add pathways to tolerate ATAPI commands.
Notably, unlike ATA, each SCSI command's layout is a little different,
so support will have to be patched in for each command as we want to
test them in e.g. ahci_command_set_sizes and ahci_command_set_offset.
For now, I'm adding support for 0x28, READ (10).
[Maintainer edit: replaced type-punning with stl_be_p(). --js]
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: d0b282a58c86ea86a2662e6f796a54a86a457dae
https://github.com/qemu/qemu/commit/d0b282a58c86ea86a2662e6f796a54a86a457dae
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/ahci-test.c
M tests/libqos/ahci.c
M tests/libqos/ahci.h
Log Message:
-----------
libqos/ahci: ATAPI identify
We need to say "hello!" to our ATAPI friends
in a slightly different manner.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: b88641e236fbd0187858b8a974c44c2b4c450352
https://github.com/qemu/qemu/commit/b88641e236fbd0187858b8a974c44c2b4c450352
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/libqos/ahci.c
Log Message:
-----------
libqos/ahci: Switch to mutable properties
ATAPI commands are, unfortunately, weird in that they can
be either DMA or PIO depending on a header bit. In order to
accommodate them, I'll need to make AHCI command properties
mutable so we can toggle between which "flavor" of ATAPI command
we want to test.
The default ATAPI transfer mechanism is PIO and the default
properties are adjusted accordingly.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: b1b66c3b5e89ac030e3f724791f57e9c352796ae
https://github.com/qemu/qemu/commit/b1b66c3b5e89ac030e3f724791f57e9c352796ae
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/ahci-test.c
M tests/libqos/ahci.c
M tests/libqos/malloc.c
Log Message:
-----------
libqos: allow zero-size allocations
As part of streamlining the AHCI tests interface, it'd be nice
if specying a size of zero could be handled without special branches
and the allocator could handle this special case gracefully.
This lets me use the "ahci_io" macros for non-data commands, too,
which moves me forward towards shepherding all AHCI qtests into
a common set of commands in a unified pipeline.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: b682d3a7cf249dc472e3fb76bf49afeaa3eba525
https://github.com/qemu/qemu/commit/b682d3a7cf249dc472e3fb76bf49afeaa3eba525
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/ahci-test.c
M tests/libqos/ahci.c
Log Message:
-----------
libqos/ahci: allow nondata commands for ahci_io variants
These variants try to set a data offset, even if you don't specify one.
In the cases where the offset is zero and it's a nondata command, just
ignore the instruction.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: 9350df7cea60265a134778bfb582494641ac7df6
https://github.com/qemu/qemu/commit/9350df7cea60265a134778bfb582494641ac7df6
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/libqos/ahci.c
M tests/libqos/ahci.h
Log Message:
-----------
libqos/ahci: add ahci_exec
add ahci_exec, which is a standard purpose flexible command dispatcher
and tester for the AHCI device. The intent is to eventually cut down on
the absurd amount of boilerplate inside of the AHCI qtest.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: e8109694c7212b9d5e9d8f7da93dcc4acf036861
https://github.com/qemu/qemu/commit/e8109694c7212b9d5e9d8f7da93dcc4acf036861
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/ahci-test.c
Log Message:
-----------
qtest/ahci: ATAPI data tests
Simple I/O tests for DMA and PIO pathways in the AHCI HBA.
I believe at this point in time all of the common, major IO pathways
in BMDMA and AHCI are covered by qtests now.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: c5620e658e4061ac1bd51377966590d5aca2ad05
https://github.com/qemu/qemu/commit/c5620e658e4061ac1bd51377966590d5aca2ad05
Author: John Snow <address@hidden>
Date: 2016-01-11 (Mon, 11 Jan 2016)
Changed paths:
M tests/libqos/ahci.h
Log Message:
-----------
libqos/ahci: organize header
Organize the prototypes into nice little sections.
Signed-off-by: John Snow <address@hidden>
Message-id: address@hidden
Commit: cf57c2f18b4fc7d9207d5321be18ddab214965bb
https://github.com/qemu/qemu/commit/cf57c2f18b4fc7d9207d5321be18ddab214965bb
Author: Peter Maydell <address@hidden>
Date: 2016-01-12 (Tue, 12 Jan 2016)
Changed paths:
M hw/ide/ahci.c
M hw/ide/macio.c
M tests/ahci-test.c
M tests/libqos/ahci.c
M tests/libqos/ahci.h
M tests/libqos/malloc.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into
staging
# gpg: Signature made Mon 11 Jan 2016 19:16:27 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <address@hidden>"
* remotes/jnsnow/tags/ide-pull-request:
libqos/ahci: organize header
qtest/ahci: ATAPI data tests
libqos/ahci: add ahci_exec
libqos/ahci: allow nondata commands for ahci_io variants
libqos: allow zero-size allocations
libqos/ahci: Switch to mutable properties
libqos/ahci: ATAPI identify
libqos/ahci: ATAPI support
ahci-test: fix memory leak
ide: ahci: reset ncq object to unused on error
macio: fix overflow in lba to offset conversion for ATAPI devices
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/7b8a354d4716...cf57c2f18b4f
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 972251: macio: fix overflow in lba to offset conversion fo...,
GitHub <=