packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!206 Automatically generate code patches with openeuler !77 !78

Browse Source 
From: @zhendongchen
Reviewed-by: @yorifang,@yorifang
Signed-off-by: @yorifang,@yorifang
This commit is contained in:
openeuler-ci-bot 2021-02-27 14:53:20 +08:00 committed by Gitee
commit 5ad95274c0
3 changed files with 98 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
block-backend-Stop-retrying-when-draining.patch Normal file
View File

@ -0,0 +1,37 @@
From da64af4b1e92c345296d937e66136f86027d1ca2 Mon Sep 17 00:00:00 2001
From: Jiahui Cen <cenjiahui@huawei.com>
Date: Thu, 25 Feb 2021 18:03:57 +0800
Subject: [PATCH] block-backend: Stop retrying when draining
Retrying failed requests when draining would make the draining hung. So it
is better not to trigger the retry timer when draining. And after the
virtual devices go back to work, they would retry those queued requests.
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Signed-off-by: Ying Fang <fangying1@huawei.com>
---
block/block-backend.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 2d812e2254..f6c918f1d9 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1741,9 +1741,11 @@ void blk_error_action(BlockBackend *blk, BlockErrorAction action,
send_qmp_error_event(blk, action, is_read, error);
qemu_system_vmstop_request(RUN_STATE_IO_ERROR);
} else if (action == BLOCK_ERROR_ACTION_RETRY) {
- timer_mod(blk->retry_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) +
- blk->retry_interval);
- send_qmp_error_event(blk, action, is_read, error);
+ if (!blk->quiesce_counter) {
+ timer_mod(blk->retry_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) +
+ blk->retry_interval);
+ send_qmp_error_event(blk, action, is_read, error);
+ }
} else {
send_qmp_error_event(blk, action, is_read, error);
}
--
2.27.0

52
ide-atapi-check-io_buffer_index-in-ide_atapi_cmd_rep.patch Normal file
View File

@ -0,0 +1,52 @@
From 5209fbd340efe3fa7f8ea82f671db2fa04dda19b Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 23 Feb 2021 15:20:03 +0800
Subject: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
Fix CVE-2020-29443
During data transfer via packet command in 'ide_atapi_cmd_reply_end'
's->io_buffer_index' could exceed the 's->io_buffer' length, leading
to OOB access issue. Add check to avoid it.
...
#9 ahci_pio_transfer ../hw/ide/ahci.c:1383
#10 ide_transfer_start_norecurse ../hw/ide/core.c:553
#11 ide_atapi_cmd_reply_end ../hw/ide/atapi.c:284
#12 ide_atapi_cmd_read_pio ../hw/ide/atapi.c:329
#13 ide_atapi_cmd_read ../hw/ide/atapi.c:442
#14 cmd_read ../hw/ide/atapi.c:988
#15 ide_atapi_cmd ../hw/ide/atapi.c:1352
#16 ide_transfer_start ../hw/ide/core.c:561
#17 cmd_packet ../hw/ide/core.c:1729
#18 ide_exec_cmd ../hw/ide/core.c:2107
#19 handle_reg_h2d_fis ../hw/ide/ahci.c:1267
#20 handle_cmd ../hw/ide/ahci.c:1318
#21 check_cmd ../hw/ide/ahci.c:592
#22 ahci_port_write ../hw/ide/ahci.c:373
#23 ahci_mem_write ../hw/ide/ahci.c:513
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
---
hw/ide/atapi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 1b0f66cc08..fc9dc87f03 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -300,6 +300,9 @@ void ide_atapi_cmd_reply_end(IDEState *s)
s->packet_transfer_size -= size;
s->elementary_transfer_size -= size;
s->io_buffer_index += size;
+ if (s->io_buffer_index > s->io_buffer_total_len) {
+ return;
+ }
/* Some adapters process PIO data right away. In that case, we need
* to avoid mutual recursion between ide_transfer_start
--
2.27.0

10
qemu.spec
View File

@ -1,6 +1,6 @@
Name: qemu
Version: 4.1.0
Release: 46
Release: 47
Epoch: 2
Summary: QEMU is a generic and open source machine emulator and virtualizer
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -309,6 +309,8 @@ Patch0296: configure-Enable-test-and-libs-for-zstd.patch
Patch0297: ati-use-vga_read_byte-in-ati_cursor_define.patch
Patch0298: sd-sdhci-assert-data_count-is-within-fifo_buffer.patch
Patch0299: msix-add-valid.accepts-methods-to-check-address.patch
Patch0300: ide-atapi-check-io_buffer_index-in-ide_atapi_cmd_rep.patch
Patch0301: block-backend-Stop-retrying-when-draining.patch
BuildRequires: flex
BuildRequires: bison
@ -688,6 +690,12 @@ getent passwd qemu >/dev/null || \
%endif
%changelog
* Fri Feb 26 2021 Huawei Technologies Co., Ltd <alex.chen@huawei.com>
- block-backend: Stop retrying when draining
* Fri Feb 26 2021 Huawei Technologies Co., Ltd <alex.chen@huawei.com>
- ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
* Fri Feb 19 2021 Huawei Technologies Co., Ltd <alex.chen@huawei.com>
- ati: use vga_read_byte in ati_cursor_define
- sd: sdhci: assert data_count is within fifo_buffer