From a4c62237f33857750850ef30066a5ae5d4d1194e Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 20 Jun 2016 16:32:39 +0200 Subject: [PATCH] scsi: esp: fix migration Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size", 2016-06-16) changed the size of a migrated field. Split it in two parts, and only migrate the second part in a new vmstate version. Signed-off-by: Paolo Bonzini (cherry picked from commit cc96677469388bad3d66479379735cf75db069e3) [BR: CVE-2016-6351 BSC#990835] Signed-off-by: Bruce Rogers --- hw/scsi/esp.c | 5 +++-- include/migration/vmstate.h | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 9e318fd..25c547c 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -577,7 +577,7 @@ static bool esp_mem_accepts(void *opaque, hwaddr addr, const VMStateDescription vmstate_esp = { .name ="esp", - .version_id = 3, + .version_id = 4, .minimum_version_id = 3, .fields = (VMStateField[]) { VMSTATE_BUFFER(rregs, ESPState), @@ -588,7 +588,8 @@ const VMStateDescription vmstate_esp = { VMSTATE_BUFFER(ti_buf, ESPState), VMSTATE_UINT32(status, ESPState), VMSTATE_UINT32(dma, ESPState), - VMSTATE_BUFFER(cmdbuf, ESPState), + VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16), + VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4), VMSTATE_UINT32(cmdlen, ESPState), VMSTATE_UINT32(do_cmd, ESPState), VMSTATE_UINT32(dma_left, ESPState), diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h index 84ee355..853a2bd 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -888,8 +888,11 @@ extern const VMStateInfo vmstate_info_bitmap; #define VMSTATE_PARTIAL_BUFFER(_f, _s, _size) \ VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, 0, _size) +#define VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, _v) \ + VMSTATE_STATIC_BUFFER(_f, _s, _v, NULL, _start, sizeof(typeof_field(_s, _f))) + #define VMSTATE_BUFFER_START_MIDDLE(_f, _s, _start) \ - VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, _start, sizeof(typeof_field(_s, _f))) + VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, 0) #define VMSTATE_PARTIAL_VBUFFER(_f, _s, _size) \ VMSTATE_VBUFFER(_f, _s, 0, NULL, 0, _size)