[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer |
Date: |
Wed, 17 Mar 2021 01:20:25 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 |
+Laurent for 1 & 4.
On 3/17/21 12:30 AM, Mark Cave-Ayland wrote:
> Recently there have been a number of issues raised on Launchpad as a result of
> fuzzing the am53c974 (ESP) device. I spent some time over the past couple of
> days checking to see if anything had improved since my last patchset: from
> what I can tell the issues are still present, but the cmdfifo related failures
> now assert rather than corrupting memory.
>
> This patchset applied to master passes my local tests using the qtest fuzz
> test
> cases added by Alexander for the following Launchpad bugs:
>
> https://bugs.launchpad.net/qemu/+bug/1919035
> https://bugs.launchpad.net/qemu/+bug/1919036
> https://bugs.launchpad.net/qemu/+bug/1910723
> https://bugs.launchpad.net/qemu/+bug/1909247
>
> I'm posting this now just before soft freeze since I see that some of the
> issues
> have recently been allocated CVEs and so it could be argued that even though
> they have existed for some time, it is worth fixing them for 6.0.
>
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
>
>
> Mark Cave-Ayland (4):
> esp: don't underflow cmdfifo if no message out/command data is present
> esp: don't overflow cmdfifo if TC is larger than the cmdfifo size
> esp: ensure cmdfifo is not empty and current_dev is non-NULL
> esp: always check current_req is not NULL before use in DMA callbacks
>
> hw/scsi/esp.c | 56 +++++++++++++++++++++++++++++++++------------------
> 1 file changed, 36 insertions(+), 20 deletions(-)
>
- [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer, Mark Cave-Ayland, 2021/03/16
- [PATCH 1/4] esp: don't underflow cmdfifo if no message out/command data is present, Mark Cave-Ayland, 2021/03/16
- [PATCH 2/4] esp: don't overflow cmdfifo if TC is larger than the cmdfifo size, Mark Cave-Ayland, 2021/03/16
- [PATCH 3/4] esp: ensure cmdfifo is not empty and current_dev is non-NULL, Mark Cave-Ayland, 2021/03/16
- [PATCH 4/4] esp: always check current_req is not NULL before use in DMA callbacks, Mark Cave-Ayland, 2021/03/16
- Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer,
Philippe Mathieu-Daudé <=
- Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer, Paolo Bonzini, 2021/03/17