qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag
@ 2015-08-03 14:32 Stefano Stabellini
  2015-08-03 14:33 ` [Qemu-devel] [PULL for-2.4 1/1] Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) Stefano Stabellini
  2015-08-04  9:42 ` [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag Peter Maydell
  0 siblings, 2 replies; 3+ messages in thread
From: Stefano Stabellini @ 2015-08-03 14:32 UTC (permalink / raw)
  To: peter.maydell, qemu-devel, xen-devel, Stefano Stabellini

The following changes since commit 2a3612ccc1fa9cea77bd193afbfe21c77e7e91ef:

  Merge remote-tracking branch 'remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request' into staging (2015-08-03 13:09:10 +0100)

are available in the git repository at:


  git://xenbits.xen.org/people/sstabellini/qemu-dm.git tags/cve-2015-5166-tag

for you to fetch changes up to 6cd387833d05e8ad31829d97e474dc420625aed9:

  Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) (2015-08-03 14:27:12 +0000)

----------------------------------------------------------------
cve-2015-5166

----------------------------------------------------------------
Stefano Stabellini (1):
      Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)

 hw/ide/piix.c |    7 +++++++
 1 file changed, 7 insertions(+)

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Qemu-devel] [PULL for-2.4 1/1] Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
  2015-08-03 14:32 [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag Stefano Stabellini
@ 2015-08-03 14:33 ` Stefano Stabellini
  2015-08-04  9:42 ` [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Stefano Stabellini @ 2015-08-03 14:33 UTC (permalink / raw)
  To: peter.maydell; +Cc: xen-devel, qemu-devel, Stefano Stabellini

pci_piix3_xen_ide_unplug should completely unhook the unplugged
IDEDevice from the corresponding BlockBackend, otherwise the next call
to release_drive will try to detach the drive again.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
 hw/ide/piix.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index adb6649..5a26c86 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -169,6 +169,7 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
     PCIIDEState *pci_ide;
     DriveInfo *di;
     int i;
+    IDEDevice *idedev;
 
     pci_ide = PCI_IDE(dev);
 
@@ -181,6 +182,12 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
                 blk_detach_dev(blk, ds);
             }
             pci_ide->bus[di->bus].ifs[di->unit].blk = NULL;
+            if (!(i % 2)) {
+                idedev = pci_ide->bus[di->bus].master;
+            } else {
+                idedev = pci_ide->bus[di->bus].slave;
+            }
+            idedev->conf.blk = NULL;
             blk_unref(blk);
         }
     }
-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag
  2015-08-03 14:32 [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag Stefano Stabellini
  2015-08-03 14:33 ` [Qemu-devel] [PULL for-2.4 1/1] Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) Stefano Stabellini
@ 2015-08-04  9:42 ` Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2015-08-04  9:42 UTC (permalink / raw)
  To: Stefano Stabellini; +Cc: xen-devel@lists.xensource.com Devel, QEMU Developers

On 3 August 2015 at 15:32, Stefano Stabellini
<stefano.stabellini@eu.citrix.com> wrote:
> The following changes since commit 2a3612ccc1fa9cea77bd193afbfe21c77e7e91ef:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request' into staging (2015-08-03 13:09:10 +0100)
>
> are available in the git repository at:
>
>
>   git://xenbits.xen.org/people/sstabellini/qemu-dm.git tags/cve-2015-5166-tag
>
> for you to fetch changes up to 6cd387833d05e8ad31829d97e474dc420625aed9:
>
>   Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) (2015-08-03 14:27:12 +0000)
>
> ----------------------------------------------------------------
> cve-2015-5166
>
> ----------------------------------------------------------------
> Stefano Stabellini (1):
>       Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
>
>  hw/ide/piix.c |    7 +++++++
>  1 file changed, 7 insertions(+)

Applied, thanks.

-- PMM

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-08-04  9:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-03 14:32 [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag Stefano Stabellini
2015-08-03 14:33 ` [Qemu-devel] [PULL for-2.4 1/1] Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) Stefano Stabellini
2015-08-04  9:42 ` [Qemu-devel] [PULL for-2.4 0/1] cve-2015-5166-tag Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).