[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 0/2] ide: Fix incorrect handling of some PRDTs and add the
|
From: |
John Snow |
|
Subject: |
Re: [PATCH v3 0/2] ide: Fix incorrect handling of some PRDTs and add the corresponding unit-test |
|
Date: |
Wed, 22 Jan 2020 18:14:15 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 |
On 12/23/19 12:51 PM, Alexander Popov wrote:
> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
> ide_dma_cb() introduced in the commit a718978ed58a in July 2015.
>
> This patch series fixes incorrect handling of some PRDTs in ide_dma_cb()
> and improves the ide-test to cover more PRDT cases (including one
> that causes that particular qemu crash).
>
> Changes from v2 (thanks to Kevin Wolf for the feedback):
> - the assertion about prepare_buf() return value is improved;
> - the patch order is reversed to keep the tree bisectable;
> - the unit-test performance is improved -- now it runs 8 seconds
> instead of 3 minutes on my laptop.
>
> Alexander Popov (2):
> ide: Fix incorrect handling of some PRDTs in ide_dma_cb()
> tests/ide-test: Create a single unit-test covering more PRDT cases
>
> hw/ide/core.c | 30 +++++---
> tests/ide-test.c | 174 ++++++++++++++++++++---------------------------
> 2 files changed, 96 insertions(+), 108 deletions(-)
>
Thanks, applied to my IDE tree:
https://github.com/jnsnow/qemu/commits/ide
https://github.com/jnsnow/qemu.git
--js