|
|
cf8819 |
From: John Snow <jsnow@redhat.com>
|
|
|
cf8819 |
Date: Thu, 17 Sep 2015 14:17:05 -0400
|
|
|
cf8819 |
Subject: [PATCH] ide: fix ATAPI command permissions
|
|
|
cf8819 |
|
|
|
cf8819 |
We're a little too lenient with what we'll let an ATAPI drive handle.
|
|
|
cf8819 |
Clamp down on the IDE command execution table to remove CD_OK permissions
|
|
|
cf8819 |
from commands that are not and have never been ATAPI commands.
|
|
|
cf8819 |
|
|
|
cf8819 |
For ATAPI command validity, please see:
|
|
|
cf8819 |
- ATA4 Section 6.5 ("PACKET Command feature set")
|
|
|
cf8819 |
- ATA8/ACS Section 4.3 ("The PACKET feature set")
|
|
|
cf8819 |
- ACS3 Section 4.3 ("The PACKET feature set")
|
|
|
cf8819 |
|
|
|
cf8819 |
ACS3 has a historical command validity table in Table B.4
|
|
|
cf8819 |
("Historical Command Assignments") that can be referenced to find when
|
|
|
cf8819 |
a command was introduced, deprecated, obsoleted, etc.
|
|
|
cf8819 |
|
|
|
cf8819 |
The only reference for ATAPI command validity is by checking that
|
|
|
cf8819 |
version's PACKET feature set section.
|
|
|
cf8819 |
|
|
|
cf8819 |
ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
|
|
|
cf8819 |
therefore are assumed to have never been ATAPI commands.
|
|
|
cf8819 |
|
|
|
cf8819 |
Mandatory commands, as listed in ATA8-ACS3, are:
|
|
|
cf8819 |
|
|
|
cf8819 |
- DEVICE RESET
|
|
|
cf8819 |
- EXECUTE DEVICE DIAGNOSTIC
|
|
|
cf8819 |
- IDENTIFY DEVICE
|
|
|
cf8819 |
- IDENTIFY PACKET DEVICE
|
|
|
cf8819 |
- NOP
|
|
|
cf8819 |
- PACKET
|
|
|
cf8819 |
- READ SECTOR(S)
|
|
|
cf8819 |
- SET FEATURES
|
|
|
cf8819 |
|
|
|
cf8819 |
Optional commands as listed in ATA8-ACS3, are:
|
|
|
cf8819 |
|
|
|
cf8819 |
- FLUSH CACHE
|
|
|
cf8819 |
- READ LOG DMA EXT
|
|
|
cf8819 |
- READ LOG EXT
|
|
|
cf8819 |
- WRITE LOG DMA EXT
|
|
|
cf8819 |
- WRITE LOG EXT
|
|
|
cf8819 |
|
|
|
cf8819 |
All other commands are illegal to send to an ATAPI device and should
|
|
|
cf8819 |
be rejected by the device.
|
|
|
cf8819 |
|
|
|
cf8819 |
CD_OK removal justifications:
|
|
|
cf8819 |
|
|
|
cf8819 |
0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI.
|
|
|
cf8819 |
0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4.
|
|
|
cf8819 |
0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI.
|
|
|
cf8819 |
0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI.
|
|
|
cf8819 |
0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI.
|
|
|
cf8819 |
0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI.
|
|
|
cf8819 |
0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI.
|
|
|
cf8819 |
0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI.
|
|
|
cf8819 |
0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
|
|
|
cf8819 |
0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3.
|
|
|
cf8819 |
0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3.
|
|
|
cf8819 |
0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3.
|
|
|
cf8819 |
0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3.
|
|
|
cf8819 |
0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
|
|
|
cf8819 |
0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
|
|
|
cf8819 |
|
|
|
cf8819 |
This patch fixes a divide by zero fault that can be caused by sending
|
|
|
cf8819 |
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
|
|
|
cf8819 |
attempt to use zeroed CHS values to perform sector arithmetic.
|
|
|
cf8819 |
|
|
|
cf8819 |
Reported-by: Qinghao Tang <luodalongde@gmail.com>
|
|
|
cf8819 |
Signed-off-by: John Snow <jsnow@redhat.com>
|
|
|
cf8819 |
Reviewed-by: Markus Armbruster <armbru@redhat.com>
|
|
|
cf8819 |
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
|
|
|
cf8819 |
CC: qemu-stable@nongnu.org
|
|
|
cf8819 |
(cherry picked from commit d9033e1d3aa666c5071580617a57bd853c5d794a)
|
|
|
cf8819 |
---
|
|
|
cf8819 |
hw/ide/core.c | 30 +++++++++++++++---------------
|
|
|
cf8819 |
1 file changed, 15 insertions(+), 15 deletions(-)
|
|
|
cf8819 |
|
|
|
cf8819 |
diff --git a/hw/ide/core.c b/hw/ide/core.c
|
|
|
cf8819 |
index 50449ca..71caea9 100644
|
|
|
cf8819 |
--- a/hw/ide/core.c
|
|
|
cf8819 |
+++ b/hw/ide/core.c
|
|
|
cf8819 |
@@ -1747,11 +1747,11 @@ static const struct {
|
|
|
cf8819 |
} ide_cmd_table[0x100] = {
|
|
|
cf8819 |
/* NOP not implemented, mandatory for CD */
|
|
|
cf8819 |
[CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
|
|
|
cf8819 |
- [WIN_DSM] = { cmd_data_set_management, ALL_OK },
|
|
|
cf8819 |
+ [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
|
|
|
cf8819 |
[WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
|
|
|
cf8819 |
[WIN_READ] = { cmd_read_pio, ALL_OK },
|
|
|
cf8819 |
- [WIN_READ_ONCE] = { cmd_read_pio, ALL_OK },
|
|
|
cf8819 |
+ [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
@@ -1770,12 +1770,12 @@ static const struct {
|
|
|
cf8819 |
[CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
|
|
|
cf8819 |
[WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
|
|
|
cf8819 |
[WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
- [WIN_STANDBYNOW2] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_IDLEIMMEDIATE2] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_STANDBY2] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_SETIDLE2] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, ALL_OK | SET_DSC },
|
|
|
cf8819 |
- [WIN_SLEEPNOW2] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
+ [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
+ [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_PACKETCMD] = { cmd_packet, CD_OK },
|
|
|
cf8819 |
[WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
|
|
|
cf8819 |
[WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
@@ -1789,19 +1789,19 @@ static const struct {
|
|
|
cf8819 |
[WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
|
|
|
cf8819 |
[CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
|
|
|
cf8819 |
- [WIN_STANDBYNOW1] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_IDLEIMMEDIATE] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_STANDBY] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_SETIDLE1] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
- [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, ALL_OK | SET_DSC },
|
|
|
cf8819 |
- [WIN_SLEEPNOW1] = { cmd_nop, ALL_OK },
|
|
|
cf8819 |
+ [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_STANDBY] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
+ [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
+ [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
|
|
|
cf8819 |
[WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
|
|
|
cf8819 |
[WIN_IDENTIFY] = { cmd_identify, ALL_OK },
|
|
|
cf8819 |
[WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
|
|
|
cf8819 |
[IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
|
|
|
cf8819 |
[CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
- [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, ALL_OK | SET_DSC },
|
|
|
cf8819 |
+ [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
|
|
|
cf8819 |
};
|
|
|
cf8819 |
|
|
|
cf8819 |
static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
|