This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
7abcc42e46
commit
c49393d3dc
@ -1,108 +0,0 @@
|
||||
diff --git a/block.c b/block.c
|
||||
index 0f8ad7b..d7f1114 100644
|
||||
--- a/block.c
|
||||
+++ b/block.c
|
||||
@@ -123,6 +123,24 @@ void path_combine(char *dest, int dest_size,
|
||||
}
|
||||
}
|
||||
|
||||
+static int bdrv_rw_badreq_sectors(BlockDriverState *bs,
|
||||
+ int64_t sector_num, int nb_sectors)
|
||||
+{
|
||||
+ return
|
||||
+ nb_sectors < 0 ||
|
||||
+ nb_sectors > bs->total_sectors ||
|
||||
+ sector_num > bs->total_sectors - nb_sectors;
|
||||
+}
|
||||
+
|
||||
+static int bdrv_rw_badreq_bytes(BlockDriverState *bs,
|
||||
+ int64_t offset, int count)
|
||||
+{
|
||||
+ int64_t size = bs->total_sectors << SECTOR_BITS;
|
||||
+ return
|
||||
+ count < 0 ||
|
||||
+ count > size ||
|
||||
+ offset > size - count;
|
||||
+}
|
||||
|
||||
static void bdrv_register(BlockDriver *bdrv)
|
||||
{
|
||||
@@ -375,6 +393,7 @@ int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
|
||||
}
|
||||
bs->drv = drv;
|
||||
bs->opaque = qemu_mallocz(drv->instance_size);
|
||||
+ bs->total_sectors = 0; /* driver will set if it does not do getlength */
|
||||
if (bs->opaque == NULL && drv->instance_size > 0)
|
||||
return -1;
|
||||
/* Note: for compatibility, we open disk image files as RDWR, and
|
||||
@@ -440,6 +459,7 @@ void bdrv_close(BlockDriverState *bs)
|
||||
bs->drv = NULL;
|
||||
|
||||
/* call the change callback */
|
||||
+ bs->total_sectors = 0;
|
||||
bs->media_changed = 1;
|
||||
if (bs->change_cb)
|
||||
bs->change_cb(bs->change_opaque);
|
||||
@@ -505,6 +525,8 @@ int bdrv_read(BlockDriverState *bs, int64_t sector_num,
|
||||
if (!drv)
|
||||
return -ENOMEDIUM;
|
||||
|
||||
+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
|
||||
+ return -EDOM;
|
||||
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
|
||||
memcpy(buf, bs->boot_sector_data, 512);
|
||||
sector_num++;
|
||||
@@ -545,6 +567,8 @@ int bdrv_write(BlockDriverState *bs, int64_t sector_num,
|
||||
return -ENOMEDIUM;
|
||||
if (bs->read_only)
|
||||
return -EACCES;
|
||||
+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
|
||||
+ return -EDOM;
|
||||
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
|
||||
memcpy(bs->boot_sector_data, buf, 512);
|
||||
}
|
||||
@@ -670,6 +694,8 @@ int bdrv_pread(BlockDriverState *bs, int64_t offset,
|
||||
return -ENOMEDIUM;
|
||||
if (!drv->bdrv_pread)
|
||||
return bdrv_pread_em(bs, offset, buf1, count1);
|
||||
+ if (bdrv_rw_badreq_bytes(bs, offset, count1))
|
||||
+ return -EDOM;
|
||||
return drv->bdrv_pread(bs, offset, buf1, count1);
|
||||
}
|
||||
|
||||
@@ -685,6 +711,8 @@ int bdrv_pwrite(BlockDriverState *bs, int64_t offset,
|
||||
return -ENOMEDIUM;
|
||||
if (!drv->bdrv_pwrite)
|
||||
return bdrv_pwrite_em(bs, offset, buf1, count1);
|
||||
+ if (bdrv_rw_badreq_bytes(bs, offset, count1))
|
||||
+ return -EDOM;
|
||||
return drv->bdrv_pwrite(bs, offset, buf1, count1);
|
||||
}
|
||||
|
||||
@@ -951,6 +979,8 @@ int bdrv_write_compressed(BlockDriverState *bs, int64_t sector_num,
|
||||
return -ENOMEDIUM;
|
||||
if (!drv->bdrv_write_compressed)
|
||||
return -ENOTSUP;
|
||||
+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
|
||||
+ return -EDOM;
|
||||
return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);
|
||||
}
|
||||
|
||||
@@ -1097,6 +1127,8 @@ BlockDriverAIOCB *bdrv_aio_read(BlockDriverState *bs, int64_t sector_num,
|
||||
|
||||
if (!drv)
|
||||
return NULL;
|
||||
+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
|
||||
+ return NULL;
|
||||
|
||||
/* XXX: we assume that nb_sectors == 0 is suppored by the async read */
|
||||
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
|
||||
@@ -1128,6 +1160,8 @@ BlockDriverAIOCB *bdrv_aio_write(BlockDriverState *bs, int64_t sector_num,
|
||||
return NULL;
|
||||
if (bs->read_only)
|
||||
return NULL;
|
||||
+ if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
|
||||
+ return NULL;
|
||||
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
|
||||
memcpy(bs->boot_sector_data, buf, 512);
|
||||
}
|
||||
116
qemu-img-vmdk-scsi.patch
Normal file
116
qemu-img-vmdk-scsi.patch
Normal file
@ -0,0 +1,116 @@
|
||||
Index: qemu-0.9.1/block-vmdk.c
|
||||
===================================================================
|
||||
--- qemu-0.9.1.orig/block-vmdk.c
|
||||
+++ qemu-0.9.1/block-vmdk.c
|
||||
@@ -717,7 +717,7 @@ static int vmdk_create(const char *filen
|
||||
"ddb.geometry.cylinders = \"%lu\"\n"
|
||||
"ddb.geometry.heads = \"16\"\n"
|
||||
"ddb.geometry.sectors = \"63\"\n"
|
||||
- "ddb.adapterType = \"ide\"\n";
|
||||
+ "ddb.adapterType = \"%s\"\n";
|
||||
char desc[1024];
|
||||
const char *real_filename, *temp_str;
|
||||
|
||||
@@ -790,7 +790,9 @@ static int vmdk_create(const char *filen
|
||||
if ((temp_str = strrchr(real_filename, ':')) != NULL)
|
||||
real_filename = temp_str + 1;
|
||||
sprintf(desc, desc_template, time(NULL), (unsigned long)total_size,
|
||||
- real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), total_size / (63 * 16));
|
||||
+ real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4),
|
||||
+ total_size / (63 * 16),
|
||||
+ flags & BLOCK_FLAG_SCSI ? "buslogic" : "ide");
|
||||
|
||||
/* write the descriptor */
|
||||
lseek(fd, le64_to_cpu(header.desc_offset) << 9, SEEK_SET);
|
||||
Index: qemu-0.9.1/block_int.h
|
||||
===================================================================
|
||||
--- qemu-0.9.1.orig/block_int.h
|
||||
+++ qemu-0.9.1/block_int.h
|
||||
@@ -29,6 +29,7 @@
|
||||
#define BLOCK_FLAG_ENCRYPT 1
|
||||
#define BLOCK_FLAG_COMPRESS 2
|
||||
#define BLOCK_FLAG_COMPAT6 4
|
||||
+#define BLOCK_FLAG_SCSI 8
|
||||
|
||||
struct BlockDriver {
|
||||
const char *format_name;
|
||||
Index: qemu-0.9.1/qemu-img.c
|
||||
===================================================================
|
||||
--- qemu-0.9.1.orig/qemu-img.c
|
||||
+++ qemu-0.9.1/qemu-img.c
|
||||
@@ -88,9 +88,9 @@ static void help(void)
|
||||
"QEMU disk image utility\n"
|
||||
"\n"
|
||||
"Command syntax:\n"
|
||||
- " create [-e] [-6] [-b base_image] [-f fmt] filename [size]\n"
|
||||
+ " create [-e] [-s] [-6] [-b base_image] [-f fmt] filename [size]\n"
|
||||
" commit [-f fmt] filename\n"
|
||||
- " convert [-c] [-e] [-6] [-f fmt] filename [filename2 [...]] [-O output_fmt] output_filename\n"
|
||||
+ " convert [-c] [-e] [-s] [-6] [-f fmt] [-O output_fmt] filename [filename2 [...]] output_filename\n"
|
||||
" info [-f fmt] filename\n"
|
||||
"\n"
|
||||
"Command parameters:\n"
|
||||
@@ -104,6 +104,7 @@ static void help(void)
|
||||
" 'output_fmt' is the destination format\n"
|
||||
" '-c' indicates that target image must be compressed (qcow format only)\n"
|
||||
" '-e' indicates that the target image must be encrypted (qcow format only)\n"
|
||||
+ " '-s' indicates that the target image is meant for SCSI (vmdk format only)\n"
|
||||
" '-6' indicates that the target image must use compatibility level 6 (vmdk format only)\n"
|
||||
);
|
||||
printf("\nSupported format:");
|
||||
@@ -242,7 +243,7 @@ static int img_create(int argc, char **a
|
||||
|
||||
flags = 0;
|
||||
for(;;) {
|
||||
- c = getopt(argc, argv, "b:f:he6");
|
||||
+ c = getopt(argc, argv, "b:f:hes6");
|
||||
if (c == -1)
|
||||
break;
|
||||
switch(c) {
|
||||
@@ -258,6 +259,9 @@ static int img_create(int argc, char **a
|
||||
case 'e':
|
||||
flags |= BLOCK_FLAG_ENCRYPT;
|
||||
break;
|
||||
+ case 's':
|
||||
+ flags |= BLOCK_FLAG_SCSI;
|
||||
+ break;
|
||||
case '6':
|
||||
flags |= BLOCK_FLAG_COMPAT6;
|
||||
break;
|
||||
@@ -293,6 +297,8 @@ static int img_create(int argc, char **a
|
||||
error("Unknown file format '%s'", fmt);
|
||||
printf("Formatting '%s', fmt=%s",
|
||||
filename, fmt);
|
||||
+ if (flags & BLOCK_FLAG_SCSI)
|
||||
+ printf(", SCSI");
|
||||
if (flags & BLOCK_FLAG_ENCRYPT)
|
||||
printf(", encrypted");
|
||||
if (flags & BLOCK_FLAG_COMPAT6)
|
||||
@@ -421,7 +427,7 @@ static int img_convert(int argc, char **
|
||||
out_fmt = "raw";
|
||||
flags = 0;
|
||||
for(;;) {
|
||||
- c = getopt(argc, argv, "f:O:hce6");
|
||||
+ c = getopt(argc, argv, "f:O:hces6");
|
||||
if (c == -1)
|
||||
break;
|
||||
switch(c) {
|
||||
@@ -440,6 +446,9 @@ static int img_convert(int argc, char **
|
||||
case 'e':
|
||||
flags |= BLOCK_FLAG_ENCRYPT;
|
||||
break;
|
||||
+ case 's':
|
||||
+ flags |= BLOCK_FLAG_SCSI;
|
||||
+ break;
|
||||
case '6':
|
||||
flags |= BLOCK_FLAG_COMPAT6;
|
||||
break;
|
||||
@@ -471,6 +480,8 @@ static int img_convert(int argc, char **
|
||||
error("Compression not supported for this file format");
|
||||
if (flags & BLOCK_FLAG_ENCRYPT && drv != &bdrv_qcow && drv != &bdrv_qcow2)
|
||||
error("Encryption not supported for this file format");
|
||||
+ if (flags & BLOCK_FLAG_SCSI && drv != &bdrv_vmdk)
|
||||
+ error("SCSI devices not supported for this file format");
|
||||
if (flags & BLOCK_FLAG_COMPAT6 && drv != &bdrv_vmdk)
|
||||
error("Alternative compatibility level not supported for this file format");
|
||||
if (flags & BLOCK_FLAG_ENCRYPT && flags & BLOCK_FLAG_COMPRESS)
|
||||
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 25 13:33:40 CEST 2008 - uli@suse.de
|
||||
|
||||
- revert secfix (causes data corruption, no known good patch
|
||||
available yet)
|
||||
- support creation of SCSI VMDK images
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 11 14:02:54 CET 2008 - uli@suse.de
|
||||
|
||||
|
||||
16
qemu.spec
16
qemu.spec
@ -18,7 +18,7 @@ License: BSD 3-Clause; GPL v2 or later; LGPL v2.1 or later; X11/MIT
|
||||
Group: System/Emulators/PC
|
||||
Summary: Universal CPU emulator
|
||||
Version: 0.9.1
|
||||
Release: 22
|
||||
Release: 35
|
||||
Source: %name-%version.tar.bz2
|
||||
#Patch400: qemu-0.7.0-gcc4-dot-syms.patch
|
||||
#Patch401: qemu-0.8.0-gcc4-hacks.patch
|
||||
@ -59,7 +59,7 @@ Patch71: qemu-s390.patch
|
||||
Patch82: qemu-cvs-svm2.patch
|
||||
Patch83: qemu-cvs-ppcspe.patch
|
||||
Patch84: qemu-s390dis-license.patch
|
||||
Patch85: bug-362956_qemu-block-rw-rangecheck.patch
|
||||
Patch85: qemu-img-vmdk-scsi.patch
|
||||
Source200: kvm_bios.bin
|
||||
Source201: zx-rom.bin
|
||||
Source202: COPYING.zx-rom
|
||||
@ -316,6 +316,10 @@ rm -rf %{gcc33tmp}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Apr 25 2008 uli@suse.de
|
||||
- revert secfix (causes data corruption, no known good patch
|
||||
available yet)
|
||||
- support creation of SCSI VMDK images
|
||||
* Tue Mar 11 2008 uli@suse.de
|
||||
- secfix (unchecked block read/write vulnerability, bug #362956)
|
||||
* Thu Jan 17 2008 uli@suse.de
|
||||
@ -365,7 +369,7 @@ rm -rf %{gcc33tmp}
|
||||
- disable only SNDRV_SB_CSP_IOCTL_LOAD_CODE for _IOC_SIZEBITS < 14
|
||||
* Thu Aug 09 2007 olh@suse.de
|
||||
- disable some alsa SB ioctl declarations
|
||||
* Mon Aug 06 2007 olh@suse.de
|
||||
* Tue Aug 07 2007 olh@suse.de
|
||||
- remove inclusion of linux/compiler.h
|
||||
* Mon Jul 30 2007 uli@suse.de
|
||||
- fixed for S/390
|
||||
@ -394,7 +398,7 @@ rm -rf %{gcc33tmp}
|
||||
* Thu Jun 14 2007 agraf@suse.de
|
||||
- made wine work (set FS register to 0 on init)
|
||||
- suppressed robust_list warnings
|
||||
* Wed Jun 13 2007 agraf@suse.de
|
||||
* Thu Jun 14 2007 agraf@suse.de
|
||||
- made flash player 9 work on ppc
|
||||
- fixed FUTEX_WAKE_OP on machines where endianness differs
|
||||
- made mmap on x86_64 use the MAP_32BIT flag
|
||||
@ -422,7 +426,7 @@ rm -rf %{gcc33tmp}
|
||||
- applied strace patch for debugging (by Stuart R. Anderson)
|
||||
* Wed Apr 04 2007 agraf@suse.de
|
||||
- fixed initrd loading on x86
|
||||
* Thu Mar 29 2007 ro@suse.de
|
||||
* Fri Mar 30 2007 ro@suse.de
|
||||
- added bison to BuildRequires
|
||||
* Tue Feb 20 2007 uli@suse.de
|
||||
- added better fix by Robert Schiele (bug #241950)
|
||||
@ -475,7 +479,7 @@ rm -rf %{gcc33tmp}
|
||||
* Wed Mar 08 2006 uli@suse.de
|
||||
- split giant patch
|
||||
- added NWFPE glue code fix
|
||||
* Tue Mar 07 2006 schwab@suse.de
|
||||
* Wed Mar 08 2006 schwab@suse.de
|
||||
- More fixes for ia64 port.
|
||||
* Tue Mar 07 2006 schwab@suse.de
|
||||
- Remove obsolete hunk from ia64 patch.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user