[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PULL 3/3] ide: Clear DRQ after handling all expected acce
From: |
John Snow |
Subject: |
[Qemu-stable] [PULL 3/3] ide: Clear DRQ after handling all expected accesses |
Date: |
Mon, 27 Jul 2015 08:01:43 -0400 |
From: Kevin Wolf <address@hidden>
This is additional hardening against an end_transfer_func that fails to
clear the DRQ status bit. The bit must be unset as soon as the PIO
transfer has completed, so it's better to do this in a central place
instead of duplicating the code in all commands (and forgetting it in
some).
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: John Snow <address@hidden>
---
hw/ide/core.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 44fcc23..50449ca 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2028,8 +2028,10 @@ void ide_data_writew(void *opaque, uint32_t addr,
uint32_t val)
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -2053,8 +2055,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
@@ -2078,8 +2082,10 @@ void ide_data_writel(void *opaque, uint32_t addr,
uint32_t val)
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@ -2103,8 +2109,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
--
2.1.0
- [Qemu-stable] [PULL 0/3] Cve 2015 5154 patches, John Snow, 2015/07/27
- [Qemu-stable] [PULL 3/3] ide: Clear DRQ after handling all expected accesses,
John Snow <=
- [Qemu-stable] [PULL 2/3] ide/atapi: Fix START STOP UNIT command completion, John Snow, 2015/07/27
- [Qemu-stable] [PULL 1/3] ide: Check array bounds before writing to io_buffer (CVE-2015-5154), John Snow, 2015/07/27
- Re: [Qemu-stable] [PULL 0/3] Cve 2015 5154 patches, Stefan Priebe - Profihost AG, 2015/07/27
- Re: [Qemu-stable] [PULL 0/3] Cve 2015 5154 patches, John Snow, 2015/07/27
- Re: [Qemu-stable] [PULL 0/3] Cve 2015 5154 patches, John Snow, 2015/07/27
- Re: [Qemu-stable] [PULL 0/3] Cve 2015 5154 patches, Stefan Priebe - Profihost AG, 2015/07/27
- Re: [Qemu-stable] [Qemu-devel] [PULL 0/3] Cve 2015 5154 patches, Kevin Wolf, 2015/07/27
- Re: [Qemu-stable] [Qemu-devel] [PULL 0/3] Cve 2015 5154 patches, Peter Lieven, 2015/07/27
- Re: [Qemu-stable] [Qemu-devel] [PULL 0/3] Cve 2015 5154 patches, Kevin Wolf, 2015/07/27
- Re: [Qemu-stable] [Qemu-devel] [PULL 0/3] Cve 2015 5154 patches, Peter Lieven, 2015/07/27