diff --git a/bug-362956_qemu-block-rw-rangecheck.patch b/bug-362956_qemu-block-rw-rangecheck.patch deleted file mode 100644 index 0005731a..00000000 --- a/bug-362956_qemu-block-rw-rangecheck.patch +++ /dev/null @@ -1,108 +0,0 @@ -diff --git a/block.c b/block.c -index 0f8ad7b..d7f1114 100644 ---- a/block.c -+++ b/block.c -@@ -123,6 +123,24 @@ void path_combine(char *dest, int dest_size, - } - } - -+static int bdrv_rw_badreq_sectors(BlockDriverState *bs, -+ int64_t sector_num, int nb_sectors) -+{ -+ return -+ nb_sectors < 0 || -+ nb_sectors > bs->total_sectors || -+ sector_num > bs->total_sectors - nb_sectors; -+} -+ -+static int bdrv_rw_badreq_bytes(BlockDriverState *bs, -+ int64_t offset, int count) -+{ -+ int64_t size = bs->total_sectors << SECTOR_BITS; -+ return -+ count < 0 || -+ count > size || -+ offset > size - count; -+} - - static void bdrv_register(BlockDriver *bdrv) - { -@@ -375,6 +393,7 @@ int bdrv_open2(BlockDriverState *bs, const char *filename, int flags, - } - bs->drv = drv; - bs->opaque = qemu_mallocz(drv->instance_size); -+ bs->total_sectors = 0; /* driver will set if it does not do getlength */ - if (bs->opaque == NULL && drv->instance_size > 0) - return -1; - /* Note: for compatibility, we open disk image files as RDWR, and -@@ -440,6 +459,7 @@ void bdrv_close(BlockDriverState *bs) - bs->drv = NULL; - - /* call the change callback */ -+ bs->total_sectors = 0; - bs->media_changed = 1; - if (bs->change_cb) - bs->change_cb(bs->change_opaque); -@@ -505,6 +525,8 @@ int bdrv_read(BlockDriverState *bs, int64_t sector_num, - if (!drv) - return -ENOMEDIUM; - -+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors)) -+ return -EDOM; - if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { - memcpy(buf, bs->boot_sector_data, 512); - sector_num++; -@@ -545,6 +567,8 @@ int bdrv_write(BlockDriverState *bs, int64_t sector_num, - return -ENOMEDIUM; - if (bs->read_only) - return -EACCES; -+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors)) -+ return -EDOM; - if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { - memcpy(bs->boot_sector_data, buf, 512); - } -@@ -670,6 +694,8 @@ int bdrv_pread(BlockDriverState *bs, int64_t offset, - return -ENOMEDIUM; - if (!drv->bdrv_pread) - return bdrv_pread_em(bs, offset, buf1, count1); -+ if (bdrv_rw_badreq_bytes(bs, offset, count1)) -+ return -EDOM; - return drv->bdrv_pread(bs, offset, buf1, count1); - } - -@@ -685,6 +711,8 @@ int bdrv_pwrite(BlockDriverState *bs, int64_t offset, - return -ENOMEDIUM; - if (!drv->bdrv_pwrite) - return bdrv_pwrite_em(bs, offset, buf1, count1); -+ if (bdrv_rw_badreq_bytes(bs, offset, count1)) -+ return -EDOM; - return drv->bdrv_pwrite(bs, offset, buf1, count1); - } - -@@ -951,6 +979,8 @@ int bdrv_write_compressed(BlockDriverState *bs, int64_t sector_num, - return -ENOMEDIUM; - if (!drv->bdrv_write_compressed) - return -ENOTSUP; -+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors)) -+ return -EDOM; - return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors); - } - -@@ -1097,6 +1127,8 @@ BlockDriverAIOCB *bdrv_aio_read(BlockDriverState *bs, int64_t sector_num, - - if (!drv) - return NULL; -+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors)) -+ return NULL; - - /* XXX: we assume that nb_sectors == 0 is suppored by the async read */ - if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { -@@ -1128,6 +1160,8 @@ BlockDriverAIOCB *bdrv_aio_write(BlockDriverState *bs, int64_t sector_num, - return NULL; - if (bs->read_only) - return NULL; -+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors)) -+ return NULL; - if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { - memcpy(bs->boot_sector_data, buf, 512); - } diff --git a/qemu-img-vmdk-scsi.patch b/qemu-img-vmdk-scsi.patch new file mode 100644 index 00000000..b3a19ed3 --- /dev/null +++ b/qemu-img-vmdk-scsi.patch @@ -0,0 +1,116 @@ +Index: qemu-0.9.1/block-vmdk.c +=================================================================== +--- qemu-0.9.1.orig/block-vmdk.c ++++ qemu-0.9.1/block-vmdk.c +@@ -717,7 +717,7 @@ static int vmdk_create(const char *filen + "ddb.geometry.cylinders = \"%lu\"\n" + "ddb.geometry.heads = \"16\"\n" + "ddb.geometry.sectors = \"63\"\n" +- "ddb.adapterType = \"ide\"\n"; ++ "ddb.adapterType = \"%s\"\n"; + char desc[1024]; + const char *real_filename, *temp_str; + +@@ -790,7 +790,9 @@ static int vmdk_create(const char *filen + if ((temp_str = strrchr(real_filename, ':')) != NULL) + real_filename = temp_str + 1; + sprintf(desc, desc_template, time(NULL), (unsigned long)total_size, +- real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), total_size / (63 * 16)); ++ real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), ++ total_size / (63 * 16), ++ flags & BLOCK_FLAG_SCSI ? "buslogic" : "ide"); + + /* write the descriptor */ + lseek(fd, le64_to_cpu(header.desc_offset) << 9, SEEK_SET); +Index: qemu-0.9.1/block_int.h +=================================================================== +--- qemu-0.9.1.orig/block_int.h ++++ qemu-0.9.1/block_int.h +@@ -29,6 +29,7 @@ + #define BLOCK_FLAG_ENCRYPT 1 + #define BLOCK_FLAG_COMPRESS 2 + #define BLOCK_FLAG_COMPAT6 4 ++#define BLOCK_FLAG_SCSI 8 + + struct BlockDriver { + const char *format_name; +Index: qemu-0.9.1/qemu-img.c +=================================================================== +--- qemu-0.9.1.orig/qemu-img.c ++++ qemu-0.9.1/qemu-img.c +@@ -88,9 +88,9 @@ static void help(void) + "QEMU disk image utility\n" + "\n" + "Command syntax:\n" +- " create [-e] [-6] [-b base_image] [-f fmt] filename [size]\n" ++ " create [-e] [-s] [-6] [-b base_image] [-f fmt] filename [size]\n" + " commit [-f fmt] filename\n" +- " convert [-c] [-e] [-6] [-f fmt] filename [filename2 [...]] [-O output_fmt] output_filename\n" ++ " convert [-c] [-e] [-s] [-6] [-f fmt] [-O output_fmt] filename [filename2 [...]] output_filename\n" + " info [-f fmt] filename\n" + "\n" + "Command parameters:\n" +@@ -104,6 +104,7 @@ static void help(void) + " 'output_fmt' is the destination format\n" + " '-c' indicates that target image must be compressed (qcow format only)\n" + " '-e' indicates that the target image must be encrypted (qcow format only)\n" ++ " '-s' indicates that the target image is meant for SCSI (vmdk format only)\n" + " '-6' indicates that the target image must use compatibility level 6 (vmdk format only)\n" + ); + printf("\nSupported format:"); +@@ -242,7 +243,7 @@ static int img_create(int argc, char **a + + flags = 0; + for(;;) { +- c = getopt(argc, argv, "b:f:he6"); ++ c = getopt(argc, argv, "b:f:hes6"); + if (c == -1) + break; + switch(c) { +@@ -258,6 +259,9 @@ static int img_create(int argc, char **a + case 'e': + flags |= BLOCK_FLAG_ENCRYPT; + break; ++ case 's': ++ flags |= BLOCK_FLAG_SCSI; ++ break; + case '6': + flags |= BLOCK_FLAG_COMPAT6; + break; +@@ -293,6 +297,8 @@ static int img_create(int argc, char **a + error("Unknown file format '%s'", fmt); + printf("Formatting '%s', fmt=%s", + filename, fmt); ++ if (flags & BLOCK_FLAG_SCSI) ++ printf(", SCSI"); + if (flags & BLOCK_FLAG_ENCRYPT) + printf(", encrypted"); + if (flags & BLOCK_FLAG_COMPAT6) +@@ -421,7 +427,7 @@ static int img_convert(int argc, char ** + out_fmt = "raw"; + flags = 0; + for(;;) { +- c = getopt(argc, argv, "f:O:hce6"); ++ c = getopt(argc, argv, "f:O:hces6"); + if (c == -1) + break; + switch(c) { +@@ -440,6 +446,9 @@ static int img_convert(int argc, char ** + case 'e': + flags |= BLOCK_FLAG_ENCRYPT; + break; ++ case 's': ++ flags |= BLOCK_FLAG_SCSI; ++ break; + case '6': + flags |= BLOCK_FLAG_COMPAT6; + break; +@@ -471,6 +480,8 @@ static int img_convert(int argc, char ** + error("Compression not supported for this file format"); + if (flags & BLOCK_FLAG_ENCRYPT && drv != &bdrv_qcow && drv != &bdrv_qcow2) + error("Encryption not supported for this file format"); ++ if (flags & BLOCK_FLAG_SCSI && drv != &bdrv_vmdk) ++ error("SCSI devices not supported for this file format"); + if (flags & BLOCK_FLAG_COMPAT6 && drv != &bdrv_vmdk) + error("Alternative compatibility level not supported for this file format"); + if (flags & BLOCK_FLAG_ENCRYPT && flags & BLOCK_FLAG_COMPRESS) diff --git a/qemu.changes b/qemu.changes index 1737f3d1..1bbd1228 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Apr 25 13:33:40 CEST 2008 - uli@suse.de + +- revert secfix (causes data corruption, no known good patch + available yet) +- support creation of SCSI VMDK images + ------------------------------------------------------------------- Tue Mar 11 14:02:54 CET 2008 - uli@suse.de diff --git a/qemu.spec b/qemu.spec index 3716d3d2..82f8f747 100644 --- a/qemu.spec +++ b/qemu.spec @@ -18,7 +18,7 @@ License: BSD 3-Clause; GPL v2 or later; LGPL v2.1 or later; X11/MIT Group: System/Emulators/PC Summary: Universal CPU emulator Version: 0.9.1 -Release: 22 +Release: 35 Source: %name-%version.tar.bz2 #Patch400: qemu-0.7.0-gcc4-dot-syms.patch #Patch401: qemu-0.8.0-gcc4-hacks.patch @@ -59,7 +59,7 @@ Patch71: qemu-s390.patch Patch82: qemu-cvs-svm2.patch Patch83: qemu-cvs-ppcspe.patch Patch84: qemu-s390dis-license.patch -Patch85: bug-362956_qemu-block-rw-rangecheck.patch +Patch85: qemu-img-vmdk-scsi.patch Source200: kvm_bios.bin Source201: zx-rom.bin Source202: COPYING.zx-rom @@ -316,6 +316,10 @@ rm -rf %{gcc33tmp} %endif %changelog +* Fri Apr 25 2008 uli@suse.de +- revert secfix (causes data corruption, no known good patch + available yet) +- support creation of SCSI VMDK images * Tue Mar 11 2008 uli@suse.de - secfix (unchecked block read/write vulnerability, bug #362956) * Thu Jan 17 2008 uli@suse.de @@ -365,7 +369,7 @@ rm -rf %{gcc33tmp} - disable only SNDRV_SB_CSP_IOCTL_LOAD_CODE for _IOC_SIZEBITS < 14 * Thu Aug 09 2007 olh@suse.de - disable some alsa SB ioctl declarations -* Mon Aug 06 2007 olh@suse.de +* Tue Aug 07 2007 olh@suse.de - remove inclusion of linux/compiler.h * Mon Jul 30 2007 uli@suse.de - fixed for S/390 @@ -394,7 +398,7 @@ rm -rf %{gcc33tmp} * Thu Jun 14 2007 agraf@suse.de - made wine work (set FS register to 0 on init) - suppressed robust_list warnings -* Wed Jun 13 2007 agraf@suse.de +* Thu Jun 14 2007 agraf@suse.de - made flash player 9 work on ppc - fixed FUTEX_WAKE_OP on machines where endianness differs - made mmap on x86_64 use the MAP_32BIT flag @@ -422,7 +426,7 @@ rm -rf %{gcc33tmp} - applied strace patch for debugging (by Stuart R. Anderson) * Wed Apr 04 2007 agraf@suse.de - fixed initrd loading on x86 -* Thu Mar 29 2007 ro@suse.de +* Fri Mar 30 2007 ro@suse.de - added bison to BuildRequires * Tue Feb 20 2007 uli@suse.de - added better fix by Robert Schiele (bug #241950) @@ -475,7 +479,7 @@ rm -rf %{gcc33tmp} * Wed Mar 08 2006 uli@suse.de - split giant patch - added NWFPE glue code fix -* Tue Mar 07 2006 schwab@suse.de +* Wed Mar 08 2006 schwab@suse.de - More fixes for ia64 port. * Tue Mar 07 2006 schwab@suse.de - Remove obsolete hunk from ia64 patch.