bwlp/qemu.git/hw/block/fdc.c, branch spice_video_codecs

block: Change blk_{pread,pwrite}() param order

2022-07-12T10:14:56+00:00

Swap 'buf' and 'bytes' around for consistency with blk_co_{pread,pwrite}(), and in preparation to implement these functions using generated_co_wrapper. Callers were updated using this Coccinelle script: @@ expression blk, offset, buf, bytes, flags; @@ - blk_pread(blk, offset, buf, bytes, flags) + blk_pread(blk, offset, bytes, buf, flags) @@ expression blk, offset, buf, bytes, flags; @@ - blk_pwrite(blk, offset, buf, bytes, flags) + blk_pwrite(blk, offset, bytes, buf, flags) It had no effect on hw/block/nand.c, presumably due to the #if, so that file was updated manually. Overly-long lines were then fixed by hand. Signed-off-by: Alberto Faria Reviewed-by: Eric Blake Reviewed-by: Hanna Reitz Message-Id: <20220705161527.1054072-4-afaria@redhat.com> Signed-off-by: Hanna Reitz

block: Add a 'flags' param to blk_pread()

2022-07-12T10:14:56+00:00

For consistency with other I/O functions, and in preparation to implement it using generated_co_wrapper. Callers were updated using this Coccinelle script: @@ expression blk, offset, buf, bytes; @@ - blk_pread(blk, offset, buf, bytes) + blk_pread(blk, offset, buf, bytes, 0) It had no effect on hw/block/nand.c, presumably due to the #if, so that file was updated manually. Overly-long lines were then fixed by hand. Signed-off-by: Alberto Faria Reviewed-by: Paolo Bonzini Reviewed-by: Greg Kurz Reviewed-by: Hanna Reitz Message-Id: <20220705161527.1054072-3-afaria@redhat.com> Signed-off-by: Hanna Reitz

hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)

2022-05-12T10:31:08+00:00

Per the 82078 datasheet, if the end-of-track (EOT byte in the FIFO) is more than the number of sectors per side, the command is terminated unsuccessfully: * 5.2.5 DATA TRANSFER TERMINATION The 82078 supports terminal count explicitly through the TC pin and implicitly through the underrun/over- run and end-of-track (EOT) functions. For full sector transfers, the EOT parameter can define the last sector to be transferred in a single or multisector transfer. If the last sector to be transferred is a par- tial sector, the host can stop transferring the data in mid-sector, and the 82078 will continue to complete the sector as if a hardware TC was received. The only difference between these implicit functions and TC is that they return "abnormal termination" result status. Such status indications can be ignored if they were expected. * 6.1.3 READ TRACK This command terminates when the EOT specified number of sectors have been read. If the 82078 does not find an I D Address Mark on the diskette after the second· occurrence of a pulse on the INDX# pin, then it sets the IC code in Status Regis- ter 0 to "01" (Abnormal termination), sets the MA bit in Status Register 1 to "1", and terminates the com- mand. * 6.1.6 VERIFY Refer to Table 6-6 and Table 6-7 for information concerning the values of MT and EC versus SC and EOT value. * Table 6·6. Result Phase Table * Table 6-7. Verify Command Result Phase Table Fix by aborting the transfer when EOT > # Sectors Per Side. Cc: qemu-stable@nongnu.org Cc: Hervé Poussineau Fixes: baca51faff0 ("floppy driver: disk geometry auto detect") Reported-by: Alexander Bulekov Resolves: https://gitlab.com/qemu-project/qemu/-/issues/339 Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211118115733.4038610-2-philmd@redhat.com> Reviewed-by: Hanna Reitz Signed-off-by: Kevin Wolf

osdep: Move memalign-related functions to their own header

2022-03-07T13:16:49+00:00

Move the various memalign-related functions out of osdep.h and into their own header, which we include only where they are used. While we're doing this, add some brief documentation comments. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 20220226180723.1706285-10-peter.maydell@linaro.org

hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196

2021-12-02T06:09:38+00:00

Guest might select another drive on the bus by setting the DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR). The current controller model doesn't expect a BlockBackend to be NULL. A simple way to fix CVE-2021-20196 is to create an empty BlockBackend when it is missing. All further accesses will be safely handled, and the controller state machines keep behaving correctly. Cc: qemu-stable@nongnu.org Fixes: CVE-2021-20196 Reported-by: Gaoning Pan (Ant Security Light-Year Lab) Reviewed-by: Darren Kenny Reviewed-by: Hanna Reitz Signed-off-by: Philippe Mathieu-Daudé Message-id: 20211124161536.631563-3-philmd@redhat.com BugLink: https://bugs.launchpad.net/qemu/+bug/1912780 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338 Reviewed-by: Darren Kenny Reviewed-by: Hanna Reitz Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: John Snow

hw/block/fdc: Extract blk_create_empty_drive()

2021-12-02T06:09:38+00:00

We are going to re-use this code in the next commit, so extract it as a new blk_create_empty_drive() function. Inspired-by: Hanna Reitz Signed-off-by: Philippe Mathieu-Daudé Message-id: 20211124161536.631563-2-philmd@redhat.com Signed-off-by: John Snow

qbus: Rename qbus_create_inplace() to qbus_init()

2021-09-30T12:42:10+00:00

Rename qbus_create_inplace() to qbus_init(); this is more in line with our usual naming convention for functions that in-place initialize objects. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Michael S. Tsirkin Message-id: 20210923121153.23754-5-peter.maydell@linaro.org

hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c

2021-06-25T12:53:28+00:00

Some machines use floppy controllers via the SysBus interface, and don't need to pull in all the SysBus code. Extract the SysBus specific code to a new unit: fdc-sysbus.c, and add a new Kconfig symbol: "FDC_SYSBUS". Reviewed-by: John Snow Acked-by: Mark Cave-Ayland Reviewed-by: Mark Cave-Ayland Acked-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-id: 20210614193220.2007159-6-philmd@redhat.com Signed-off-by: John Snow

hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c

2021-06-25T12:53:28+00:00

Some machines use floppy controllers via the SysBus interface, and don't need to pull in all the ISA code. Extract the ISA specific code to a new unit: fdc-isa.c, and add a new Kconfig symbol: "FDC_ISA". This allows us to remove the FIXME from commit dd0ff8191ab ("isa: express SuperIO dependencies with Kconfig"). Reviewed-by: John Snow Acked-by: Mark Cave-Ayland Reviewed-by: Mark Cave-Ayland Acked-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-id: 20210614193220.2007159-5-philmd@redhat.com Signed-off-by: John Snow

hw/block/fdc: Declare shared prototypes in fdc-internal.h

2021-06-25T12:53:28+00:00

We want to extract ISA/SysBus code from the generic fdc.c file. First, declare the prototypes we will access from the new units into a new local header: "fdc-internal.h". Acked-by: Mark Cave-Ayland Reviewed-by: Mark Cave-Ayland Acked-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-id: 20210614193220.2007159-4-philmd@redhat.com Signed-off-by: John Snow