[v1] hw/scsi/megasas: Avoid buffer overrun in megasas_handle_scsi()

[PATCH 0/3] hw/scsi/megasas: Avoid buffer overrun in megasas_handle_scsi()

Philippe Mathieu-Daudé posted 3 patches 4 years, 11 months ago

Diff against v2
Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20201201151319.2943325-1-philmd@redhat.com

There is a newer version of this series

hw/scsi/megasas.c       |   6 ++
tests/qtest/fuzz-test.c | 197 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 203 insertions(+)

Expand all Fold all

[PATCH 0/3] hw/scsi/megasas: Avoid buffer overrun in megasas_handle_scsi()

Posted by Philippe Mathieu-Daudé 4 years, 11 months ago

FWIW megasas is not use by KVM.

Not sure what is the proper fix, but at least we
have a reproducer.

We might improve "scsi/utils" by adding length argument to
scsi_cdb_length() and check valid there, but this will take
time (large refactor). Add assertions there is too violent.

Philippe Mathieu-Daudé (3):
  tests/qtest/fuzz-test: Quit test_lp1878642 once done
  hw/scsi/megasas: Assert cdb_len is valid in megasas_handle_scsi()
  hw/scsi/megasas: Have incorrect cdb return MFI_STAT_ABORT_NOT_POSSIBLE

 hw/scsi/megasas.c       |   6 ++
 tests/qtest/fuzz-test.c | 197 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 203 insertions(+)

-- 
2.26.2