mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
de37b0b87f
qemu/hw/ide
History
Prasad J Pandit 4ab0359a8a ide: ahci: reset ncq object to unused on error 
When processing NCQ commands, AHCI device emulation prepares a
NCQ transfer object; To which an aio control block(aiocb) object
is assigned in 'execute_ncq_command'. In case, when the NCQ
command is invalid, the 'aiocb' object is not assigned, and NCQ
transfer object is left as 'used'. This leads to a use after
free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
Reset NCQ transfer object to 'unused' to avoid it.

[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2016-01-11 14:10:42 -05:00
..
ahci.c ide: ahci: reset ncq object to unused on error 2016-01-11 14:10:42 -05:00
ahci.h ahci: Add allwinner AHCI 2015-11-06 14:09:01 -05:00
atapi.c hw/ide: Remove superfluous return statements 2016-01-11 11:39:28 +03:00
cmd646.c cmd646: add to storage category 2015-10-23 12:35:17 +11:00
core.c ide: enable buffered requests for PIO read requests 2015-11-17 15:06:39 -05:00
ich.c ahci: split realize and init 2015-11-06 14:09:00 -05:00
internal.h ide: add support for IDEBufferedRequest 2015-11-17 15:06:25 -05:00
isa.c ide: support PIO restart for the ISA controller 2015-03-10 14:02:23 +01:00
macio.c macio: fix overflow in lba to offset conversion for ATAPI devices 2016-01-11 14:10:42 -05:00
Makefile.objs hw: make all of hw/ide/ configurable via default-configs/ 2013-04-08 18:13:12 +02:00
microdrive.c hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
mmio.c hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
pci.c ide: orphan all buffered requests on DMA cancel 2015-11-17 15:06:29 -05:00
pci.h ide: place initial state of the current request to IDEBus 2015-03-10 14:02:22 +01:00
piix.c Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) 2015-08-03 14:27:12 +00:00
qdev.c BlockConf: Call backend functions to detect geometry and blocksizes 2015-03-10 14:02:22 +01:00
via.c Block patches for 2.3 2015-03-10 14:01:22 +00:00