vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ide: fail I/O to empty disk 

Requesting a read or a write operation on an empty disk can lead
to QEMU dumping core.

Also fix a few braces here and there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
master
Paolo Bonzini 2012-02-15 11:46:11 +01:00 committed by Kevin Wolf
parent a2df5fa324
commit d53cdb307a
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hw/ide/core.c
View File

@ -1068,6 +1068,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
goto abort_cmd;
}
if (!s->bs) {
goto abort_cmd;
}
ide_cmd_lba48_transform(s, lba48);
s->req_nb_sectors = 1;
ide_sector_read(s);
@ -1078,6 +1081,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
case WIN_WRITE_ONCE:
case CFA_WRITE_SECT_WO_ERASE:
case WIN_WRITE_VERIFY:
if (!s->bs) {
goto abort_cmd;
}
ide_cmd_lba48_transform(s, lba48);
s->error = 0;
s->status = SEEK_STAT | READY_STAT;
@ -1088,8 +1094,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
case WIN_MULTREAD_EXT:
lba48 = 1;
case WIN_MULTREAD:
if (!s->mult_sectors)
if (!s->bs) {
goto abort_cmd;
}
if (!s->mult_sectors) {
goto abort_cmd;
}
ide_cmd_lba48_transform(s, lba48);
s->req_nb_sectors = s->mult_sectors;
ide_sector_read(s);
@ -1098,8 +1108,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
lba48 = 1;
case WIN_MULTWRITE:
case CFA_WRITE_MULTI_WO_ERASE:
if (!s->mult_sectors)
if (!s->bs) {
goto abort_cmd;
}
if (!s->mult_sectors) {
goto abort_cmd;
}
ide_cmd_lba48_transform(s, lba48);
s->error = 0;
s->status = SEEK_STAT | READY_STAT;
@ -1114,8 +1128,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
lba48 = 1;
case WIN_READDMA:
case WIN_READDMA_ONCE:
if (!s->bs)
if (!s->bs) {
goto abort_cmd;
}
ide_cmd_lba48_transform(s, lba48);
ide_sector_start_dma(s, IDE_DMA_READ);
break;
@ -1123,8 +1138,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
lba48 = 1;
case WIN_WRITEDMA:
case WIN_WRITEDMA_ONCE:
if (!s->bs)
if (!s->bs) {
goto abort_cmd;
}
ide_cmd_lba48_transform(s, lba48);
ide_sector_start_dma(s, IDE_DMA_WRITE);
s->media_changed = 1;