peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0005-ide-fix-ATAPI-command-permissions.patch

cf8819
From: John Snow <jsnow@redhat.com>
cf8819
Date: Thu, 17 Sep 2015 14:17:05 -0400
cf8819
Subject: [PATCH] ide: fix ATAPI command permissions
cf8819
cf8819
We're a little too lenient with what we'll let an ATAPI drive handle.
cf8819
Clamp down on the IDE command execution table to remove CD_OK permissions
cf8819
from commands that are not and have never been ATAPI commands.
cf8819
cf8819
For ATAPI command validity, please see:
cf8819
- ATA4 Section 6.5 ("PACKET Command feature set")
cf8819
- ATA8/ACS Section 4.3 ("The PACKET feature set")
cf8819
- ACS3 Section 4.3 ("The PACKET feature set")
cf8819
cf8819
ACS3 has a historical command validity table in Table B.4
cf8819
("Historical Command Assignments") that can be referenced to find when
cf8819
a command was introduced, deprecated, obsoleted, etc.
cf8819
cf8819
The only reference for ATAPI command validity is by checking that
cf8819
version's PACKET feature set section.
cf8819
cf8819
ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
cf8819
therefore are assumed to have never been ATAPI commands.
cf8819
cf8819
Mandatory commands, as listed in ATA8-ACS3, are:
cf8819
cf8819
- DEVICE RESET
cf8819
- EXECUTE DEVICE DIAGNOSTIC
cf8819
- IDENTIFY DEVICE
cf8819
- IDENTIFY PACKET DEVICE
cf8819
- NOP
cf8819
- PACKET
cf8819
- READ SECTOR(S)
cf8819
- SET FEATURES
cf8819
cf8819
Optional commands as listed in ATA8-ACS3, are:
cf8819
cf8819
- FLUSH CACHE
cf8819
- READ LOG DMA EXT
cf8819
- READ LOG EXT
cf8819
- WRITE LOG DMA EXT
cf8819
- WRITE LOG EXT
cf8819
cf8819
All other commands are illegal to send to an ATAPI device and should
cf8819
be rejected by the device.
cf8819
cf8819
CD_OK removal justifications:
cf8819
cf8819
0x06 WIN_DSM              Defined in ACS2. Not valid for ATAPI.
cf8819
0x21 WIN_READ_ONCE        Retired in ATA5. Not ATAPI in ATA4.
cf8819
0x94 WIN_STANDBYNOW2      Retired in ATA4. Did not coexist with ATAPI.
cf8819
0x95 WIN_IDLEIMMEDIATE2   Retired in ATA4. Did not coexist with ATAPI.
cf8819
0x96 WIN_STANDBY2         Retired in ATA4. Did not coexist with ATAPI.
cf8819
0x97 WIN_SETIDLE2         Retired in ATA4. Did not coexist with ATAPI.
cf8819
0x98 WIN_CHECKPOWERMODE2  Retired in ATA4. Did not coexist with ATAPI.
cf8819
0x99 WIN_SLEEPNOW2        Retired in ATA4. Did not coexist with ATAPI.
cf8819
0xE0 WIN_STANDBYNOW1      Not part of ATAPI in ATA4, ACS or ACS3.
cf8819
0xE1 WIN_IDLEIMMDIATE     Not part of ATAPI in ATA4, ACS or ACS3.
cf8819
0xE2 WIN_STANDBY          Not part of ATAPI in ATA4, ACS or ACS3.
cf8819
0xE3 WIN_SETIDLE1         Not part of ATAPI in ATA4, ACS or ACS3.
cf8819
0xE4 WIN_CHECKPOWERMODE1  Not part of ATAPI in ATA4, ACS or ACS3.
cf8819
0xE5 WIN_SLEEPNOW1        Not part of ATAPI in ATA4, ACS or ACS3.
cf8819
0xF8 WIN_READ_NATIVE_MAX  Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
cf8819
cf8819
This patch fixes a divide by zero fault that can be caused by sending
cf8819
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
cf8819
attempt to use zeroed CHS values to perform sector arithmetic.
cf8819
cf8819
Reported-by: Qinghao Tang <luodalongde@gmail.com>
cf8819
Signed-off-by: John Snow <jsnow@redhat.com>
cf8819
Reviewed-by: Markus Armbruster <armbru@redhat.com>
cf8819
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
cf8819
CC: qemu-stable@nongnu.org
cf8819
(cherry picked from commit d9033e1d3aa666c5071580617a57bd853c5d794a)
cf8819
---
cf8819
 hw/ide/core.c | 30 +++++++++++++++---------------
cf8819
 1 file changed, 15 insertions(+), 15 deletions(-)
cf8819
cf8819
diff --git a/hw/ide/core.c b/hw/ide/core.c
cf8819
index 50449ca..71caea9 100644
cf8819
--- a/hw/ide/core.c
cf8819
+++ b/hw/ide/core.c
cf8819
@@ -1747,11 +1747,11 @@ static const struct {
cf8819
 } ide_cmd_table[0x100] = {
cf8819
     /* NOP not implemented, mandatory for CD */
cf8819
     [CFA_REQ_EXT_ERROR_CODE]      = { cmd_cfa_req_ext_error_code, CFA_OK },
cf8819
-    [WIN_DSM]                     = { cmd_data_set_management, ALL_OK },
cf8819
+    [WIN_DSM]                     = { cmd_data_set_management, HD_CFA_OK },
cf8819
     [WIN_DEVICE_RESET]            = { cmd_device_reset, CD_OK },
cf8819
     [WIN_RECAL]                   = { cmd_nop, HD_CFA_OK | SET_DSC},
cf8819
     [WIN_READ]                    = { cmd_read_pio, ALL_OK },
cf8819
-    [WIN_READ_ONCE]               = { cmd_read_pio, ALL_OK },
cf8819
+    [WIN_READ_ONCE]               = { cmd_read_pio, HD_CFA_OK },
cf8819
     [WIN_READ_EXT]                = { cmd_read_pio, HD_CFA_OK },
cf8819
     [WIN_READDMA_EXT]             = { cmd_read_dma, HD_CFA_OK },
cf8819
     [WIN_READ_NATIVE_MAX_EXT]     = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
cf8819
@@ -1770,12 +1770,12 @@ static const struct {
cf8819
     [CFA_TRANSLATE_SECTOR]        = { cmd_cfa_translate_sector, CFA_OK },
cf8819
     [WIN_DIAGNOSE]                = { cmd_exec_dev_diagnostic, ALL_OK },
cf8819
     [WIN_SPECIFY]                 = { cmd_nop, HD_CFA_OK | SET_DSC },
cf8819
-    [WIN_STANDBYNOW2]             = { cmd_nop, ALL_OK },
cf8819
-    [WIN_IDLEIMMEDIATE2]          = { cmd_nop, ALL_OK },
cf8819
-    [WIN_STANDBY2]                = { cmd_nop, ALL_OK },
cf8819
-    [WIN_SETIDLE2]                = { cmd_nop, ALL_OK },
cf8819
-    [WIN_CHECKPOWERMODE2]         = { cmd_check_power_mode, ALL_OK | SET_DSC },
cf8819
-    [WIN_SLEEPNOW2]               = { cmd_nop, ALL_OK },
cf8819
+    [WIN_STANDBYNOW2]             = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_IDLEIMMEDIATE2]          = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_STANDBY2]                = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_SETIDLE2]                = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_CHECKPOWERMODE2]         = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
cf8819
+    [WIN_SLEEPNOW2]               = { cmd_nop, HD_CFA_OK },
cf8819
     [WIN_PACKETCMD]               = { cmd_packet, CD_OK },
cf8819
     [WIN_PIDENTIFY]               = { cmd_identify_packet, CD_OK },
cf8819
     [WIN_SMART]                   = { cmd_smart, HD_CFA_OK | SET_DSC },
cf8819
@@ -1789,19 +1789,19 @@ static const struct {
cf8819
     [WIN_WRITEDMA]                = { cmd_write_dma, HD_CFA_OK },
cf8819
     [WIN_WRITEDMA_ONCE]           = { cmd_write_dma, HD_CFA_OK },
cf8819
     [CFA_WRITE_MULTI_WO_ERASE]    = { cmd_write_multiple, CFA_OK },
cf8819
-    [WIN_STANDBYNOW1]             = { cmd_nop, ALL_OK },
cf8819
-    [WIN_IDLEIMMEDIATE]           = { cmd_nop, ALL_OK },
cf8819
-    [WIN_STANDBY]                 = { cmd_nop, ALL_OK },
cf8819
-    [WIN_SETIDLE1]                = { cmd_nop, ALL_OK },
cf8819
-    [WIN_CHECKPOWERMODE1]         = { cmd_check_power_mode, ALL_OK | SET_DSC },
cf8819
-    [WIN_SLEEPNOW1]               = { cmd_nop, ALL_OK },
cf8819
+    [WIN_STANDBYNOW1]             = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_IDLEIMMEDIATE]           = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_STANDBY]                 = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_SETIDLE1]                = { cmd_nop, HD_CFA_OK },
cf8819
+    [WIN_CHECKPOWERMODE1]         = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
cf8819
+    [WIN_SLEEPNOW1]               = { cmd_nop, HD_CFA_OK },
cf8819
     [WIN_FLUSH_CACHE]             = { cmd_flush_cache, ALL_OK },
cf8819
     [WIN_FLUSH_CACHE_EXT]         = { cmd_flush_cache, HD_CFA_OK },
cf8819
     [WIN_IDENTIFY]                = { cmd_identify, ALL_OK },
cf8819
     [WIN_SETFEATURES]             = { cmd_set_features, ALL_OK | SET_DSC },
cf8819
     [IBM_SENSE_CONDITION]         = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
cf8819
     [CFA_WEAR_LEVEL]              = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
cf8819
-    [WIN_READ_NATIVE_MAX]         = { cmd_read_native_max, ALL_OK | SET_DSC },
cf8819
+    [WIN_READ_NATIVE_MAX]         = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
cf8819
 };
cf8819
 
cf8819
 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)