From 69c8944f17cb6c084567a16c080cfa7bc780e668 Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Sun, 15 May 2011 19:27:34 +0300
Subject: ich/ahci: fix uninitialized memory use

The commit 667bb59d2358daeef179583c944becba3f1f9680
uses d->ahci.mem before it is initialized by
ahci_init(). Fix this by calling ahci_init() first thing
so that it's safe to use all fields in the ahci state struct.

Reported-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Reported-by: Jan Kiszka <jan.kiszka@web.de>
Tested-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/ide/ich.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'hw/ide')

diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index e44339b..5ce0a88 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -77,6 +77,8 @@ static int pci_ich9_ahci_init(PCIDevice *dev)
     struct AHCIPCIState *d;
     d = DO_UPCAST(struct AHCIPCIState, card, dev);
 
+    ahci_init(&d->ahci, &dev->qdev, 6);
+
     pci_config_set_vendor_id(d->card.config, PCI_VENDOR_ID_INTEL);
     pci_config_set_device_id(d->card.config, PCI_DEVICE_ID_INTEL_82801IR);
 
@@ -97,8 +99,6 @@ static int pci_ich9_ahci_init(PCIDevice *dev)
     pci_register_bar_simple(&d->card, 5, 0x1000, 0, d->ahci.mem);
 
     msi_init(dev, 0x50, 1, true, false);
-
-    ahci_init(&d->ahci, &dev->qdev, 6);
     d->ahci.irq = d->card.irq[0];
 
     return 0;
-- 
cgit v1.1


From 25f8e2f512d87f0a77fc5c0b367dd200a7834d21 Mon Sep 17 00:00:00 2001
From: Isaku Yamahata <yamahata@valinux.co.jp>
Date: Wed, 25 May 2011 10:58:03 +0900
Subject: ide/piix: convert to PCIDeviceInfo to initialize ids

use PCIDeviceInfo to initialize ids.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/ide/piix.c | 32 ++++++++++----------------------
 1 file changed, 10 insertions(+), 22 deletions(-)

(limited to 'hw/ide')

diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index c349644..84f72b0 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -131,12 +131,12 @@ static void pci_piix_init_ports(PCIIDEState *d) {
     }
 }
 
-static int pci_piix_ide_initfn(PCIIDEState *d)
+static int pci_piix_ide_initfn(PCIDevice *dev)
 {
+    PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
     uint8_t *pci_conf = d->dev.config;
 
     pci_conf[PCI_CLASS_PROG] = 0x80; // legacy ATA mode
-    pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
 
     qemu_register_reset(piix3_reset, d);
 
@@ -149,24 +149,6 @@ static int pci_piix_ide_initfn(PCIIDEState *d)
     return 0;
 }
 
-static int pci_piix3_ide_initfn(PCIDevice *dev)
-{
-    PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
-
-    pci_config_set_vendor_id(d->dev.config, PCI_VENDOR_ID_INTEL);
-    pci_config_set_device_id(d->dev.config, PCI_DEVICE_ID_INTEL_82371SB_1);
-    return pci_piix_ide_initfn(d);
-}
-
-static int pci_piix4_ide_initfn(PCIDevice *dev)
-{
-    PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);
-
-    pci_config_set_vendor_id(d->dev.config, PCI_VENDOR_ID_INTEL);
-    pci_config_set_device_id(d->dev.config, PCI_DEVICE_ID_INTEL_82371AB);
-    return pci_piix_ide_initfn(d);
-}
-
 /* hd_table must contain 4 block drivers */
 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
 PCIDevice *pci_piix3_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn)
@@ -195,13 +177,19 @@ static PCIDeviceInfo piix_ide_info[] = {
         .qdev.size    = sizeof(PCIIDEState),
         .qdev.no_user = 1,
         .no_hotplug   = 1,
-        .init         = pci_piix3_ide_initfn,
+        .init         = pci_piix_ide_initfn,
+        .vendor_id    = PCI_VENDOR_ID_INTEL,
+        .device_id    = PCI_DEVICE_ID_INTEL_82371SB_1,
+        .class_id     = PCI_CLASS_STORAGE_IDE,
     },{
         .qdev.name    = "piix4-ide",
         .qdev.size    = sizeof(PCIIDEState),
         .qdev.no_user = 1,
         .no_hotplug   = 1,
-        .init         = pci_piix4_ide_initfn,
+        .init         = pci_piix_ide_initfn,
+        .vendor_id    = PCI_VENDOR_ID_INTEL,
+        .device_id    = PCI_DEVICE_ID_INTEL_82371AB,
+        .class_id     = PCI_CLASS_STORAGE_IDE,
     },{
         /* end of list */
     }
-- 
cgit v1.1


From c04ca0756da8087e15579915d55fdca816c9ef4e Mon Sep 17 00:00:00 2001
From: Isaku Yamahata <yamahata@valinux.co.jp>
Date: Wed, 25 May 2011 10:58:13 +0900
Subject: hw/ide/cmd646.c: convert to PCIDeviceInfo to initialize ids

use PCIDeviceInfo to initialize ids.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/ide/cmd646.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'hw/ide')

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 5d5464a..56302b5 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -226,14 +226,8 @@ static int pci_cmd646_ide_initfn(PCIDevice *dev)
     qemu_irq *irq;
     int i;
 
-    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
-    pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
-
-    pci_conf[PCI_REVISION_ID] = 0x07; // IDE controller revision
     pci_conf[PCI_CLASS_PROG] = 0x8f;
 
-    pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
-
     pci_conf[0x51] = 0x04; // enable IDE0
     if (d->secondary) {
         /* XXX: if not enabled, really disable the seconday IDE controller */
@@ -282,6 +276,10 @@ static PCIDeviceInfo cmd646_ide_info[] = {
         .qdev.name    = "cmd646-ide",
         .qdev.size    = sizeof(PCIIDEState),
         .init         = pci_cmd646_ide_initfn,
+        .vendor_id    = PCI_VENDOR_ID_CMD,
+        .device_id    = PCI_DEVICE_ID_CMD_646,
+        .revision     = 0x07, // IDE controller revision
+        .class_id     = PCI_CLASS_STORAGE_IDE,
         .qdev.props   = (Property[]) {
             DEFINE_PROP_UINT32("secondary", PCIIDEState, secondary, 0),
             DEFINE_PROP_END_OF_LIST(),
-- 
cgit v1.1


From 03f1c14379d74b0c76a368681843c7c47c1e0627 Mon Sep 17 00:00:00 2001
From: Isaku Yamahata <yamahata@valinux.co.jp>
Date: Wed, 25 May 2011 10:58:14 +0900
Subject: hw/ide/ich.c: convert to PCIDeviceInfo to initialize ids

use PCIDeviceInfo to initialize ids.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/ide/ich.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'hw/ide')

diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index 5ce0a88..976cc92 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -79,11 +79,6 @@ static int pci_ich9_ahci_init(PCIDevice *dev)
 
     ahci_init(&d->ahci, &dev->qdev, 6);
 
-    pci_config_set_vendor_id(d->card.config, PCI_VENDOR_ID_INTEL);
-    pci_config_set_device_id(d->card.config, PCI_DEVICE_ID_INTEL_82801IR);
-
-    pci_config_set_class(d->card.config, PCI_CLASS_STORAGE_SATA);
-    pci_config_set_revision(d->card.config, 0x02);
     pci_config_set_prog_interface(d->card.config, AHCI_PROGMODE_MAJOR_REV_1);
 
     d->card.config[PCI_CACHE_LINE_SIZE] = 0x08;  /* Cache line size */
@@ -131,6 +126,10 @@ static PCIDeviceInfo ich_ahci_info[] = {
         .init         = pci_ich9_ahci_init,
         .exit         = pci_ich9_uninit,
         .config_write = pci_ich9_write_config,
+        .vendor_id    = PCI_VENDOR_ID_INTEL,
+        .device_id    = PCI_DEVICE_ID_INTEL_82801IR,
+        .revision     = 0x02,
+        .class_id     = PCI_CLASS_STORAGE_SATA,
     },{
         /* end of list */
     }
-- 
cgit v1.1


From 65ff544b41c4e097d49a0c81b97cb2f9f9b039b8 Mon Sep 17 00:00:00 2001
From: Isaku Yamahata <yamahata@valinux.co.jp>
Date: Wed, 25 May 2011 10:58:15 +0900
Subject: hw/ide/via.c: convert to PCIDeviceInfo to initialize ids

use PCIDeviceInfo to initialize ids.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/ide/via.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'hw/ide')

diff --git a/hw/ide/via.c b/hw/ide/via.c
index 04f3290..3474c37 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -160,11 +160,7 @@ static int vt82c686b_ide_initfn(PCIDevice *dev)
     PCIIDEState *d = DO_UPCAST(PCIIDEState, dev, dev);;
     uint8_t *pci_conf = d->dev.config;
 
-    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_VIA);
-    pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_VIA_IDE);
-    pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
     pci_config_set_prog_interface(pci_conf, 0x8a); /* legacy ATA mode */
-    pci_config_set_revision(pci_conf,0x06); /* Revision 0.6 */
     pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x000000c0);
 
     qemu_register_reset(via_reset, d);
@@ -191,6 +187,10 @@ static PCIDeviceInfo via_ide_info = {
     .qdev.size    = sizeof(PCIIDEState),
     .qdev.no_user = 1,
     .init         = vt82c686b_ide_initfn,
+    .vendor_id    = PCI_VENDOR_ID_VIA,
+    .device_id    = PCI_DEVICE_ID_VIA_IDE,
+    .revision     = 0x06,
+    .class_id     = PCI_CLASS_STORAGE_IDE,
 };
 
 static void via_ide_register(void)
-- 
cgit v1.1