File CVE-2016-6351-qemuu-scsi-esp-fix-migration.patch of Package xen.7317

References:  bsc#990843 CVE-2016-6351

Subject: scsi: esp: fix migration
From: Paolo Bonzini pbonzini@redhat.com Mon Jun 20 16:32:39 2016 +0200
Date: Wed Jun 29 14:03:47 2016 +0200:
Git: cc96677469388bad3d66479379735cf75db069e3

Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size",
2016-06-16) changed the size of a migrated field.  Split it in two
parts, and only migrate the second part in a new vmstate version.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/esp.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/esp.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/esp.c
@@ -568,7 +568,7 @@ static bool esp_mem_accepts(void *opaque
 
 const VMStateDescription vmstate_esp = {
     .name ="esp",
-    .version_id = 3,
+    .version_id = 4,
     .minimum_version_id = 3,
     .minimum_version_id_old = 3,
     .fields      = (VMStateField []) {
@@ -580,7 +580,8 @@ const VMStateDescription vmstate_esp = {
         VMSTATE_BUFFER(ti_buf, ESPState),
         VMSTATE_UINT32(status, ESPState),
         VMSTATE_UINT32(dma, ESPState),
-        VMSTATE_BUFFER(cmdbuf, ESPState),
+        VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16),
+        VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4),
         VMSTATE_UINT32(cmdlen, ESPState),
         VMSTATE_UINT32(do_cmd, ESPState),
         VMSTATE_UINT32(dma_left, ESPState),
Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/include/migration/vmstate.h
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/include/migration/vmstate.h
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/include/migration/vmstate.h
@@ -690,8 +690,11 @@ extern const VMStateInfo vmstate_info_bi
 #define VMSTATE_PARTIAL_BUFFER(_f, _s, _size)                         \
     VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, 0, _size)
 
+#define VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, _v) \
+    VMSTATE_STATIC_BUFFER(_f, _s, _v, NULL, _start, sizeof(typeof_field(_s, _f)))
+
 #define VMSTATE_BUFFER_START_MIDDLE(_f, _s, _start) \
-    VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, _start, sizeof(typeof_field(_s, _f)))
+    VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, 0)
 
 #define VMSTATE_PARTIAL_VBUFFER(_f, _s, _size)                        \
     VMSTATE_VBUFFER(_f, _s, 0, NULL, 0, _size)