xemu/hw
John Snow d9033e1d3a ide: fix ATAPI command permissions
We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.

For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")

ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.

The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.

ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.

Mandatory commands, as listed in ATA8-ACS3, are:

- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES

Optional commands as listed in ATA8-ACS3, are:

- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT

All other commands are illegal to send to an ATAPI device and should
be rejected by the device.

CD_OK removal justifications:

0x06 WIN_DSM              Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE        Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2      Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2   Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2         Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2         Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2  Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2        Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1      Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE     Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY          Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1         Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1  Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1        Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX  Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.

This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
2015-09-18 10:58:56 -04:00
..
9pfs virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
acpi hw/acpi/ich9: clean up stale comment about KVM not supporting SMM 2015-07-27 22:44:47 +03:00
alpha hw/alpha/typhoon.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
arm i.MX: Add GPIO devices to i.MX25 SOC 2015-09-14 14:39:49 +01:00
audio typofixes - v4 2015-09-11 10:45:43 +03:00
block * Support for jemalloc 2015-09-14 16:13:16 +01:00
bt maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
char maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
core typofixes - v4 2015-09-11 10:45:43 +03:00
cpu hw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefully 2015-09-14 14:39:49 +01:00
cris typofixes - v4 2015-09-11 10:45:43 +03:00
display typofixes - v4 2015-09-11 10:45:43 +03:00
dma * Support for jemalloc 2015-09-14 16:13:16 +01:00
gpio i.MX: Add GPIO device 2015-09-14 14:39:49 +01:00
i2c i.MX: Add I2C controller emulator 2015-09-07 10:39:30 +01:00
i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
ide ide: fix ATAPI command permissions 2015-09-18 10:58:56 -04:00
input typofixes - v4 2015-09-11 10:45:43 +03:00
intc typofixes - v4 2015-09-11 10:45:43 +03:00
ipack pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
isa i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
lm32 hw/lm32/milkymist.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
m68k m68k: implement more ColdFire 5208 interrupt controller functionality 2015-06-22 14:43:25 +01:00
mem numa,pc-dimm: Store pc-dimm memory information in numa_info 2015-07-03 17:47:58 -03:00
microblaze microblaze: boot: Use cpu_set_pc() 2015-07-09 15:20:40 +02:00
mips * Support for jemalloc 2015-09-14 16:13:16 +01:00
misc * Support for jemalloc 2015-09-14 16:13:16 +01:00
moxie memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
net net: smc91c111: flush packets on RCR register changes 2015-09-17 12:36:03 +01:00
nvram maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
openrisc hw/core/loader: implement address translation in uimage loader 2014-11-03 00:59:10 +03:00
pci pci: remove Link Training error from AER error list 2015-09-16 17:33:32 +02:00
pci-bridge hw/pci-bridge: format special OFW unit address for PXB host 2015-06-23 22:58:36 +02:00
pci-host maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
pcmcia hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
ppc * Support for jemalloc 2015-09-14 16:13:16 +01:00
s390x hw/s390x/s390-virtio-bus: Remove meaningless blank Property 2015-09-11 10:59:47 +03:00
scsi * Support for jemalloc 2015-09-14 16:13:16 +01:00
sd typofixes - v4 2015-09-11 10:45:43 +03:00
sh4 sh4: Fix initramfs initialization for endiannes-mismatched targets 2015-09-13 23:08:51 +02:00
smbios smbios: add smbios 3.0 support 2015-09-07 10:39:28 +01:00
sparc i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
sparc64 i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
ssi arm: Use g_new() & friends where that makes obvious sense 2015-09-07 10:39:27 +01:00
timer i.MX: KZM: use standalone i.MX31 SOC support 2015-09-07 10:39:30 +01:00
tpm maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
tricore target-tricore: check return value before using it 2014-11-02 10:04:34 +03:00
unicore32 hw/unicore32/puv3.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
usb maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
vfio typofixes - v4 2015-09-11 10:45:43 +03:00
virtio hw/virtio/virtio-pci: Remove meaningless blank Property 2015-09-11 11:03:42 +03:00
watchdog i6300esb: fix timer overflow 2015-09-11 10:21:38 +03:00
xen typofixes - v4 2015-09-11 10:45:43 +03:00
xenpv hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
xtensa xtensa: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
Makefile.objs smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00