qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer
Date: Wed, 17 Mar 2021 01:20:25 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 
+Laurent for 1 & 4.

On 3/17/21 12:30 AM, Mark Cave-Ayland wrote:
> Recently there have been a number of issues raised on Launchpad as a result of
> fuzzing the am53c974 (ESP) device. I spent some time over the past couple of
> days checking to see if anything had improved since my last patchset: from
> what I can tell the issues are still present, but the cmdfifo related failures
> now assert rather than corrupting memory.
> 
> This patchset applied to master passes my local tests using the qtest fuzz 
> test
> cases added by Alexander for the following Launchpad bugs:
> 
>   https://bugs.launchpad.net/qemu/+bug/1919035
>   https://bugs.launchpad.net/qemu/+bug/1919036
>   https://bugs.launchpad.net/qemu/+bug/1910723
>   https://bugs.launchpad.net/qemu/+bug/1909247
>   
> I'm posting this now just before soft freeze since I see that some of the 
> issues
> have recently been allocated CVEs and so it could be argued that even though
> they have existed for some time, it is worth fixing them for 6.0.
> 
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> 
> 
> Mark Cave-Ayland (4):
>   esp: don't underflow cmdfifo if no message out/command data is present
>   esp: don't overflow cmdfifo if TC is larger than the cmdfifo size
>   esp: ensure cmdfifo is not empty and current_dev is non-NULL
>   esp: always check current_req is not NULL before use in DMA callbacks
> 
>  hw/scsi/esp.c | 56 +++++++++++++++++++++++++++++++++------------------
>  1 file changed, 36 insertions(+), 20 deletions(-)
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]