431f30630a
Synch with IBS qemu: includes xen patches, security patches, some spec file cleanup, and finally getting qemu-bridge-helper working right. Also temporarily disable librbd dependency in OBS until staging impact concerns get resolved. OBS-URL: https://build.opensuse.org/request/show/416912 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=309
30 lines
944 B
Diff
30 lines
944 B
Diff
From 9b2c1b6e771f01757b93cc92625ef48903786291 Mon Sep 17 00:00:00 2001
|
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Date: Tue, 14 Jun 2016 15:10:24 +0200
|
|
Subject: [PATCH] scsi: esp: respect FIFO invariant after message phase
|
|
|
|
The FIFO contains two bytes; hence the write ptr should be two bytes ahead
|
|
of the read pointer.
|
|
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
(cherry picked from commit d020aa504cec8f525b55ba2ef982c09dc847c72e)
|
|
[BR: CVE-2016-5238 BSC#982959]
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
hw/scsi/esp.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
index 4b94bbc..3f08598 100644
|
|
--- a/hw/scsi/esp.c
|
|
+++ b/hw/scsi/esp.c
|
|
@@ -222,7 +222,7 @@ static void write_response(ESPState *s)
|
|
} else {
|
|
s->ti_size = 2;
|
|
s->ti_rptr = 0;
|
|
- s->ti_wptr = 0;
|
|
+ s->ti_wptr = 2;
|
|
s->rregs[ESP_RFLAGS] = 2;
|
|
}
|
|
esp_raise_irq(s);
|