gnu/packages/patches/qemu-CVE-2017-12809.patch

   1 http://openwall.com/lists/oss-security/2017/08/21/2
   2 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
   3
   4 The block backend changed in a way that flushing empty CDROM drives now
   5 crashes.  Amend IDE to avoid doing so until the root problem can be
   6 addressed for 2.11.
   7
   8 Original patch by John Snow <address@hidden>.
   9
  10 Reported-by: Kieron Shorrock <address@hidden>
  11 Signed-off-by: Stefan Hajnoczi <address@hidden>
  12 ---
  13  hw/ide/core.c | 10 +++++++++-
  14  1 file changed, 9 insertions(+), 1 deletion(-)
  15
  16 diff --git a/hw/ide/core.c b/hw/ide/core.c
  17 index 0b48b64d3a..bea39536b0 100644
  18 --- a/hw/ide/core.c
  19 +++ b/hw/ide/core.c
  20 @@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
  21      s->status |= BUSY_STAT;
  22      ide_set_retry(s);
  23      block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
  24 -    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
  25 +
  26 +    if (blk_bs(s->blk)) {
  27 +        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
  28 +    } else {
  29 +        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
  30 +         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
  31 +         */
  32 +        ide_flush_cb(s, 0);
  33 +    }
  34  }
  35
  36  static void ide_cfata_metadata_inquiry(IDEState *s)
  37 --
  38 2.13.3