qemu/0066-scsi-esp-respect-FIFO-invariant-aft.patch
Bruce Rogers 431f30630a Accepting request 416912 from home:bfrogers:branches:Virtualization
Synch with IBS qemu: includes xen patches, security patches, some spec file cleanup, and finally getting qemu-bridge-helper working right. Also temporarily disable librbd dependency in OBS until staging impact concerns get resolved.

OBS-URL: https://build.opensuse.org/request/show/416912
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=309
2016-08-04 13:09:24 +00:00

30 lines
944 B
Diff

From 9b2c1b6e771f01757b93cc92625ef48903786291 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 14 Jun 2016 15:10:24 +0200
Subject: [PATCH] scsi: esp: respect FIFO invariant after message phase
The FIFO contains two bytes; hence the write ptr should be two bytes ahead
of the read pointer.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d020aa504cec8f525b55ba2ef982c09dc847c72e)
[BR: CVE-2016-5238 BSC#982959]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/esp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 4b94bbc..3f08598 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -222,7 +222,7 @@ static void write_response(ESPState *s)
} else {
s->ti_size = 2;
s->ti_rptr = 0;
- s->ti_wptr = 0;
+ s->ti_wptr = 2;
s->rregs[ESP_RFLAGS] = 2;
}
esp_raise_irq(s);