diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2012-02-15 11:46:11 +0100 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2012-02-29 12:48:46 +0100 |
commit | d53cdb307a6f6d7a5136898902659f2ded8f6582 (patch) | |
tree | 3212f794bd05f0e486063d091ee8e6753425af4a /hw/ide | |
parent | a2df5fa324cd09a31225701e5b2f9fb067c237cd (diff) | |
download | qemu-d53cdb307a6f6d7a5136898902659f2ded8f6582.zip qemu-d53cdb307a6f6d7a5136898902659f2ded8f6582.tar.gz qemu-d53cdb307a6f6d7a5136898902659f2ded8f6582.tar.bz2 |
ide: fail I/O to empty disk
Requesting a read or a write operation on an empty disk can lead
to QEMU dumping core.
Also fix a few braces here and there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw/ide')
-rw-r--r-- | hw/ide/core.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/hw/ide/core.c b/hw/ide/core.c index ce570a7..4d568ac 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -1068,6 +1068,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ goto abort_cmd; } + if (!s->bs) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->req_nb_sectors = 1; ide_sector_read(s); @@ -1078,6 +1081,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) case WIN_WRITE_ONCE: case CFA_WRITE_SECT_WO_ERASE: case WIN_WRITE_VERIFY: + if (!s->bs) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->error = 0; s->status = SEEK_STAT | READY_STAT; @@ -1088,8 +1094,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) case WIN_MULTREAD_EXT: lba48 = 1; case WIN_MULTREAD: - if (!s->mult_sectors) + if (!s->bs) { goto abort_cmd; + } + if (!s->mult_sectors) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->req_nb_sectors = s->mult_sectors; ide_sector_read(s); @@ -1098,8 +1108,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) lba48 = 1; case WIN_MULTWRITE: case CFA_WRITE_MULTI_WO_ERASE: - if (!s->mult_sectors) + if (!s->bs) { goto abort_cmd; + } + if (!s->mult_sectors) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->error = 0; s->status = SEEK_STAT | READY_STAT; @@ -1114,8 +1128,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) lba48 = 1; case WIN_READDMA: case WIN_READDMA_ONCE: - if (!s->bs) + if (!s->bs) { goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); ide_sector_start_dma(s, IDE_DMA_READ); break; @@ -1123,8 +1138,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) lba48 = 1; case WIN_WRITEDMA: case WIN_WRITEDMA_ONCE: - if (!s->bs) + if (!s->bs) { goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); ide_sector_start_dma(s, IDE_DMA_WRITE); s->media_changed = 1; |