scsi: lsi: break infinite loop after 10k instructions

[Qemu-devel] [PATCH v3 0/2] scsi: lsi: break infinite loop after 10k instructions

P J P posted 2 patches 6 years, 3 months ago

Download series mbox

Test s390x failed

Test asan passed

Test FreeBSD passed

Test checkpatch passed

Test docker-mingw@fedora passed

Test docker-clang@ubuntu passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190809063835.6717-1-ppandit@redhat.com

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Fam Zheng <fam@euphon.net>

hw/scsi/lsi53c895a.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)

Expand all Fold all

[Qemu-devel] [PATCH v3 0/2] scsi: lsi: break infinite loop after 10k instructions

Posted by P J P 6 years, 3 months ago

From: Prasad J Pandit <pjp@fedoraproject.org>

Hello,

While executing script, the LSI SCSI Adapter emulator could run into an
infinite loop, if next instruction read by 's->dsp' index has an empty
opcode. Raise an illegal instruction interrupt and exit the loop after
10k iterations.

 -> https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01427.html

Thank you.
--
Prasad J Pandit (2):
  scsi: lsi: exit infinite loop while executing script (CVE-2019-12068)
  scsi: lsi: use macro LSI_MAX_INSN instead of a magic number

 hw/scsi/lsi53c895a.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

-- 
2.21.0