cf91b1dfd9
CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue CVE-2016-4964: scsi: mptsas infinite loop (bz #1339157) CVE-2016-5106: scsi: megasas: out-of-bounds write (bz #1339581) CVE-2016-5105: scsi: megasas: stack information leakage (bz #1339585) CVE-2016-5107: scsi: megasas: out-of-bounds read (bz #1339573) CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740) CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744) CVE-2016-5126: block: iscsi: buffer overflow (bz #1340925) CVE-2016-5238: scsi: esp: OOB write (bz #1341932) CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325) CVE-2016-5337: scsi: megasas: information leakage (bz #1343910) Fix crash with -nodefaults -sdl (bz #1340931) Add deps on edk2-ovmf and edk2-aarch64
27 lines
795 B
Diff
27 lines
795 B
Diff
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Date: Tue, 14 Jun 2016 15:10:24 +0200
|
|
Subject: [PATCH] scsi: esp: respect FIFO invariant after message phase
|
|
|
|
The FIFO contains two bytes; hence the write ptr should be two bytes ahead
|
|
of the read pointer.
|
|
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
(cherry picked from commit d020aa504cec8f525b55ba2ef982c09dc847c72e)
|
|
---
|
|
hw/scsi/esp.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
index c2f6f8f..6407844 100644
|
|
--- a/hw/scsi/esp.c
|
|
+++ b/hw/scsi/esp.c
|
|
@@ -222,7 +222,7 @@ static void write_response(ESPState *s)
|
|
} else {
|
|
s->ti_size = 2;
|
|
s->ti_rptr = 0;
|
|
- s->ti_wptr = 0;
|
|
+ s->ti_wptr = 2;
|
|
s->rregs[ESP_RFLAGS] = 2;
|
|
}
|
|
esp_raise_irq(s);
|