816077299c
If there is a pending DMA operation during ide_bus_reset(), the fact that the IDEstate is already reset before the operation is canceled can be problematic. In particular, ide_dma_cb() might be called and then use the reset IDEstate which contains the signature after the reset. When used to construct the IO operation this leads to ide_get_sector() returning 0 and nsector being 1. This is particularly bad, because a write command will thus destroy the first sector which often contains a partition table or similar. Upstream discussion: https://lists.nongnu.org/archive/html/qemu-devel/2023-08/msg04239.html Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> |
||
|---|---|---|
| .. | ||
| 0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch | ||
| 0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch | ||
| 0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch | ||
| 0004-ui-return-NULL-when-getting-cursor-without-a-console.patch | ||
| 0005-memory-prevent-dma-reentracy-issues.patch | ||
| 0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch | ||
| 0007-bcm2835_property-disable-reentrancy-detection-for-io.patch | ||
| 0008-raven-disable-reentrancy-detection-for-iomem.patch | ||
| 0009-apic-disable-reentrancy-detection-for-apic-msi.patch | ||
| 0010-migration-block-dirty-bitmap-fix-loading-bitmap-when.patch | ||
| 0011-vhost-fix-the-fd-leak.patch | ||
| 0012-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch | ||