Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:A
xen
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch of Package xen
Subject: ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0 From: Ronnie Sahlberg ronniesahlberg@gmail.com Tue Jul 31 11:28:26 2012 +1000 Date: Wed Sep 12 15:50:09 2012 +0200: Git: ce560dcf20c14194db5ef3b9fc1ea592d4e68109 The START STOP UNIT command will only eject/load media if power condition is zero. If power condition is !0 then LOEJ and START will be ignored. From MMC (sbc contains similar wordings too) The Power Conditions field requests the block device to be placed in the power condition defined in Table 558. If this field has a value other than 0h then the Start and LoEj bits shall be ignored. Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> From aa851d30acfbb9580098ac1dc82885530cb8b3c1 Mon Sep 17 00:00:00 2001 From: Kevin Wolf <kwolf@redhat.com> Date: Wed, 3 Jun 2015 14:17:46 +0200 Subject: [PATCH 2/3] ide/atapi: Fix START STOP UNIT command completion The command must be completed on all code paths. START STOP UNIT with pwrcnd set should succeed without doing anything. Signed-off-by: Kevin Wolf <kwolf@redhat.com> --- hw/ide/atapi.c | 1 + 1 file changed, 1 insertion(+) Index: xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ide.c =================================================================== --- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ide.c +++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ide.c @@ -2098,9 +2098,16 @@ static void ide_atapi_cmd(IDEState *s) break; case GPCMD_START_STOP_UNIT: { - int start, eject; + int start, eject, pwrcnd; start = packet[4] & 1; eject = (packet[4] >> 1) & 1; + pwrcnd = buf[4] & 0xf0; + + if (pwrcnd) { + /* eject/load only happens for power condition == 0 */ + ide_atapi_cmd_ok(s); + return; + } if (eject && !start) { /* eject the disk */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor