rpms/qemu
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix guest startup crashes from autotest (bz #1081610)

Browse Source
This commit is contained in:
Cole Robinson 2014-04-25 10:59:14 -04:00
parent f3a92caa76
commit 0d3567f1ae
3 changed files with 78 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0207-char-serial-Fix-emptyness-check.patch Normal file
View File

@ -0,0 +1,30 @@
From 29952434a3c7b41137241b6905cf4df2f43a357d Mon Sep 17 00:00:00 2001
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Date: Mon, 10 Feb 2014 22:49:35 -0800
Subject: [PATCH] char/serial: Fix emptyness check
This was guarding against a full fifo rather than an empty fifo when
popping. Fix.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 88c1ee73d3231c74ff90bcfc084a7589670ec244)
---
hw/char/serial.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 6025592..2989ca2 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -224,7 +224,7 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
if (s->tsr_retry <= 0) {
if (s->fcr & UART_FCR_FE) {
- s->tsr = fifo8_is_full(&s->xmit_fifo) ?
+ s->tsr = fifo8_is_empty(&s->xmit_fifo) ?
0 : fifo8_pop(&s->xmit_fifo);
if (!s->xmit_fifo.num) {
s->lsr |= UART_LSR_THRE;

38
0208-char-serial-Fix-emptyness-handling.patch Normal file
View File

@ -0,0 +1,38 @@
From d1f1edc49f537fe9043fad52e06d6829cbadabe1 Mon Sep 17 00:00:00 2001
From: Don Slutz <dslutz@verizon.com>
Date: Tue, 18 Mar 2014 12:29:34 -0400
Subject: [PATCH] char/serial: Fix emptyness handling
The commit 88c1ee73d3231c74ff90bcfc084a7589670ec244
char/serial: Fix emptyness check
Still causes extra NULL byte(s) to be sent.
So if the fifo is empty, do not send an extra NULL byte.
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Message-id: 1395160174-16006-1-git-send-email-dslutz@verizon.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit dffacd4654ec8bf2898aed230852154c6ed755ed)
---
hw/char/serial.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 2989ca2..6d10747 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -224,8 +224,10 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
if (s->tsr_retry <= 0) {
if (s->fcr & UART_FCR_FE) {
- s->tsr = fifo8_is_empty(&s->xmit_fifo) ?
- 0 : fifo8_pop(&s->xmit_fifo);
+ if (fifo8_is_empty(&s->xmit_fifo)) {
+ return FALSE;
+ }
+ s->tsr = fifo8_pop(&s->xmit_fifo);
if (!s->xmit_fifo.num) {
s->lsr |= UART_LSR_THRE;
}

11
qemu.spec
View File

@ -139,7 +139,7 @@
Summary: QEMU is a FAST! processor emulator Summary: QEMU is a FAST! processor emulator
Name: qemu Name: qemu
Version: 1.6.2 Version: 1.6.2
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 2 Epoch: 2
License: GPLv2+ and LGPLv2+ and BSD License: GPLv2+ and LGPLv2+ and BSD
Group: Development/Tools Group: Development/Tools
@ -296,6 +296,9 @@ Patch0205: 0205-vmxnet3-validate-queues-configuration-read-on-migrat.patch
# CVE-2014-2894: out of bounds buffer accesses, guest triggerable via # CVE-2014-2894: out of bounds buffer accesses, guest triggerable via
# IDE SMART (bz #1087981, bz #1087971) # IDE SMART (bz #1087981, bz #1087971)
Patch0206: 0206-ide-Correct-improper-smart-self-test-counter-reset-i.patch Patch0206: 0206-ide-Correct-improper-smart-self-test-counter-reset-i.patch
# Fix guest startup crashes from autotest (bz #1081610)
Patch0207: 0207-char-serial-Fix-emptyness-check.patch
Patch0208: 0208-char-serial-Fix-emptyness-handling.patch
BuildRequires: SDL-devel BuildRequires: SDL-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
@ -924,6 +927,9 @@ CAC emulation development files.
# CVE-2014-2894: out of bounds buffer accesses, guest triggerable via # CVE-2014-2894: out of bounds buffer accesses, guest triggerable via
# IDE SMART (bz #1087981, bz #1087971) # IDE SMART (bz #1087981, bz #1087971)
%patch0206 -p1 %patch0206 -p1
# Fix guest startup crashes from autotest (bz #1081610)
%patch0207 -p1
%patch0208 -p1
%build %build
@ -1631,6 +1637,9 @@ getent passwd qemu >/dev/null || \
%endif %endif
%changelog %changelog
* Fri Apr 25 2014 Cole Robinson <crobinso@redhat.com> - 2:1.6.2-3
- Fix guest startup crashes from autotest (bz #1081610)
* Thu Apr 24 2014 Cole Robinson <crobinso@redhat.com> - 2:1.6.2-2 * Thu Apr 24 2014 Cole Robinson <crobinso@redhat.com> - 2:1.6.2-2
- Block/image format validation CVE-2014-0142 - 2014-0148 (bz #1078201, bz - Block/image format validation CVE-2014-0142 - 2014-0148 (bz #1078201, bz
#1086710, bz #1079140, bz #1086724, bz #1079240, bz #1086735, bz #1078885, bz #1086710, bz #1079140, bz #1086724, bz #1079240, bz #1086735, bz #1078885, bz