aboutsummaryrefslogtreecommitdiff
path: root/hw/ide
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2012-02-15 11:46:11 +0100
committerKevin Wolf <kwolf@redhat.com>2012-02-29 12:48:46 +0100
commitd53cdb307a6f6d7a5136898902659f2ded8f6582 (patch)
tree3212f794bd05f0e486063d091ee8e6753425af4a /hw/ide
parenta2df5fa324cd09a31225701e5b2f9fb067c237cd (diff)
ide: fail I/O to empty disk
Requesting a read or a write operation on an empty disk can lead to QEMU dumping core. Also fix a few braces here and there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw/ide')
-rw-r--r--hw/ide/core.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/hw/ide/core.c b/hw/ide/core.c
index ce570a7ce5..4d568acc9c 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1068,6 +1068,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
goto abort_cmd;
}
+ if (!s->bs) {
+ goto abort_cmd;
+ }
ide_cmd_lba48_transform(s, lba48);
s->req_nb_sectors = 1;
ide_sector_read(s);
@@ -1078,6 +1081,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
case WIN_WRITE_ONCE:
case CFA_WRITE_SECT_WO_ERASE:
case WIN_WRITE_VERIFY:
+ if (!s->bs) {
+ goto abort_cmd;
+ }
ide_cmd_lba48_transform(s, lba48);
s->error = 0;
s->status = SEEK_STAT | READY_STAT;
@@ -1088,8 +1094,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
case WIN_MULTREAD_EXT:
lba48 = 1;
case WIN_MULTREAD:
- if (!s->mult_sectors)
+ if (!s->bs) {
goto abort_cmd;
+ }
+ if (!s->mult_sectors) {
+ goto abort_cmd;
+ }
ide_cmd_lba48_transform(s, lba48);
s->req_nb_sectors = s->mult_sectors;
ide_sector_read(s);
@@ -1098,8 +1108,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
lba48 = 1;
case WIN_MULTWRITE:
case CFA_WRITE_MULTI_WO_ERASE:
- if (!s->mult_sectors)
+ if (!s->bs) {
goto abort_cmd;
+ }
+ if (!s->mult_sectors) {
+ goto abort_cmd;
+ }
ide_cmd_lba48_transform(s, lba48);
s->error = 0;
s->status = SEEK_STAT | READY_STAT;
@@ -1114,8 +1128,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
lba48 = 1;
case WIN_READDMA:
case WIN_READDMA_ONCE:
- if (!s->bs)
+ if (!s->bs) {
goto abort_cmd;
+ }
ide_cmd_lba48_transform(s, lba48);
ide_sector_start_dma(s, IDE_DMA_READ);
break;
@@ -1123,8 +1138,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
lba48 = 1;
case WIN_WRITEDMA:
case WIN_WRITEDMA_ONCE:
- if (!s->bs)
+ if (!s->bs) {
goto abort_cmd;
+ }
ide_cmd_lba48_transform(s, lba48);
ide_sector_start_dma(s, IDE_DMA_WRITE);
s->media_changed = 1;