qemu/hw/ide
John Snow d9033e1d3a ide: fix ATAPI command permissions
We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.

For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")

ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.

The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.

ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.

Mandatory commands, as listed in ATA8-ACS3, are:

- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES

Optional commands as listed in ATA8-ACS3, are:

- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT

All other commands are illegal to send to an ATAPI device and should
be rejected by the device.

CD_OK removal justifications:

0x06 WIN_DSM              Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE        Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2      Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2   Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2         Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2         Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2  Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2        Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1      Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE     Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY          Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1         Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1  Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1        Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX  Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.

This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
2015-09-18 10:58:56 -04:00
..
ahci.c ide: unify io_buffer_offset increments 2015-09-17 14:17:04 -04:00
ahci.h ahci.c: Don't assume AHCIState's parent is AHCIPCIState 2015-09-08 17:38:45 +01:00
atapi.c ide/atapi: Fix START STOP UNIT command completion 2015-07-26 23:42:53 -04:00
cmd646.c Block patches for 2.3 2015-03-10 14:01:22 +00:00
core.c ide: fix ATAPI command permissions 2015-09-18 10:58:56 -04:00
ich.c ich9/ahci: Enable Migration 2015-05-22 15:58:22 -04:00
internal.h ide: unify io_buffer_offset increments 2015-09-17 14:17:04 -04:00
isa.c ide: support PIO restart for the ISA controller 2015-03-10 14:02:23 +01:00
macio.c macio: re-add TRIM support 2015-07-31 16:38:50 -04:00
Makefile.objs hw: make all of hw/ide/ configurable via default-configs/ 2013-04-08 18:13:12 +02:00
microdrive.c hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
mmio.c hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
pci.c ide: add limit to .prepare_buf() 2015-07-04 02:06:04 -04:00
pci.h ide: place initial state of the current request to IDEBus 2015-03-10 14:02:22 +01:00
piix.c Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) 2015-08-03 14:27:12 +00:00
qdev.c BlockConf: Call backend functions to detect geometry and blocksizes 2015-03-10 14:02:22 +01:00
via.c Block patches for 2.3 2015-03-10 14:01:22 +00:00