falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw
History
Prasad J Pandit 4f046a6ba1 ide: ahci: reset ncq object to unused on error 
When processing NCQ commands, AHCI device emulation prepares a
NCQ transfer object; To which an aio control block(aiocb) object
is assigned in 'execute_ncq_command'. In case, when the NCQ
command is invalid, the 'aiocb' object is not assigned, and NCQ
transfer object is left as 'used'. This leads to a use after
free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
Reset NCQ transfer object to 'unused' to avoid it.

[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 4ab0359a8a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2016-03-22 17:40:20 -05:00
..
9pfs virtio-9p: use accessor to get thread_pool 2016-03-15 12:20:55 -05:00
acpi Fix memory leak on error 2015-11-26 14:27:52 +02:00
alpha
arm xlnx-ep108: Fix minimum RAM check 2015-11-24 14:12:15 +00:00
audio
block xen/blkif: Avoid double access to src->nr_segments 2016-03-15 12:20:17 -05:00
bt bt: avoid unintended sign extension 2015-12-04 09:39:55 +03:00
char
core migration: allow machine to enforce configuration section migration 2016-03-22 17:20:12 -05:00
cpu
cris
display xenfb: avoid reading twice the same fields from the shared page 2016-03-15 12:20:35 -05:00
dma
gpio
i2c
i386 i386: avoid null pointer dereference 2016-03-22 17:39:27 -05:00
ide ide: ahci: reset ncq object to unused on error 2016-03-22 17:40:20 -05:00
input
intc hw/arm_gic: Correctly restore nested irq priority 2015-11-19 12:09:52 +00:00
ipack
isa
lm32
m68k
mem
microblaze
mips gt64xxx: fix decoding of ISD register 2015-12-04 09:39:55 +03:00
misc ivshmem: remove redundant assignment, fix crash with msi=off 2016-03-15 12:35:51 -05:00
moxie
net e1000: eliminate infinite loops on out-of-bounds transfer start 2016-03-17 16:55:27 -05:00
nvram fw_cfg: unbreak migration compatibility for 2.4 and earlier machines 2016-03-17 17:33:59 -05:00
openrisc
pci
pci-bridge
pci-host i440fx: print an error message if user tries to enable iommu 2015-11-17 15:41:13 +02:00
pcmcia
ppc spapr: skip configuration section during migration of older machines 2016-03-17 17:17:33 -05:00
s390x s390x/css: fix control flags during csch 2016-03-17 16:42:26 -05:00
scsi scsi: initialise info object with appropriate size 2016-03-15 12:21:11 -05:00
sd sd: Mark brittle abuse of blk_attach_dev() FIXME 2015-12-07 17:13:10 +00:00
sh4
smbios
sparc
sparc64
ssi
timer
tpm tpm: avoid clang shifting negative signed warning 2015-11-17 18:35:56 +08:00
tricore
unicore32
usb ehci: update irq on reset 2016-03-17 16:41:14 -05:00
vfio
virtio vhost-user: don't merge regions with different fds 2016-03-17 17:36:07 -05:00
watchdog
xen
xenpv xen: fix usage of xc_domain_create in domain builder 2015-11-13 17:38:06 +00:00
xtensa
Makefile.objs