From nobody Tue Nov 18 01:24:07 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606835623; cv=none; d=zohomail.com; s=zohoarc; b=GtbFiPuMeaEwG+W/f7wml7g4HBTphmrmJtvd8DdzMWwsOKyGpQP9BHG9qCPsSUP37NRbBLhVmPz4ocZGmstw5R4kxIq31pbYADL83JvJnUnLBCJxn/4e3BIMWWW21ABzb4XFsX0Q8zPssdhA7+JebLRFkTa5ppqgsHQuhT1apxc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606835623; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=qBFNmsAY0ghtrhw1W9KOeLTbVaGUVxqihitXlC5SVfI=; b=Mlfx9A0bVLI5YNieJGq8Hi9GVxc2Z80ebpOLavWhQJkszGveERvCuRBEwXjcm6TK/CJATVfqJtXJhRd4WrhwyoULt5N4HNUVHBVpNnRE3J4YQcqJI6ePj7E3QP0b49B8KTLPxnq0UuR+xD32zkZKQ5P7izB2xFdTSltt15GgUTI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1606835623812992.0541083207261; Tue, 1 Dec 2020 07:13:43 -0800 (PST) Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-367-W1cNqlvIPe23gQMXiSGFQg-1; Tue, 01 Dec 2020 10:13:40 -0500 Received: by mail-wr1-f71.google.com with SMTP id b1so1129117wrc.14 for ; Tue, 01 Dec 2020 07:13:38 -0800 (PST) Return-Path: Return-Path: Received: from localhost.localdomain (111.red-88-21-205.staticip.rima-tde.net. [88.21.205.111]) by smtp.gmail.com with ESMTPSA id w3sm279594wma.3.2020.12.01.07.13.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Dec 2020 07:13:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606835621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qBFNmsAY0ghtrhw1W9KOeLTbVaGUVxqihitXlC5SVfI=; b=F9lkRV+n5QEsV2l5E+O7nNDtvDS9wYNOqiGTAW17VX665KUgxMuxsjenSawKkaMBNEK08f DS46h3FDNRST7ZeDTT9CZUoft4081yiR+HdLPpGPmsRNxID7SKldsCyTj1HpO8uXDns1PJ YMb9ZneZ01fzpr7U3uC5lwoPMN7OwXY= X-MC-Unique: W1cNqlvIPe23gQMXiSGFQg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qBFNmsAY0ghtrhw1W9KOeLTbVaGUVxqihitXlC5SVfI=; b=kn5hzyb0qxhB+ctrE1akDaylf5uKXLtVWSKioUnxx5HeFQEOH90zqJkrRokV2JS9+f qVfaO3uGPdAxQp0aTTJDExm9aJ/MCUQJ2CzIozcTvE+n8T0RUthTkWTOhk32LLytZXQc hEEZx2zktch5zUa9fH0QZlFPyn7URbvTH7ABufMrXF7hkwqFrMie/+qmMkZ7S8pmwkjF NQG/UqTB+JIXISj0eopCnKwNAyBNQB3q70PSykRq8dWtwUItk+EQWvNTA9SCz5xa9/LE EK/awHs9M6wFCWs3sMeo/zF3ucEJVK5gTA/nM9NXoGDFDq45xX6K6yAw86qp7mX5xdEC CSfQ== X-Gm-Message-State: AOAM530GwUUliAUla+xe8t+TeA2SHTlMHvSTQ3tNjhliLM79EGB8/548 OK2vJHH1xEfQdp7BhmwNb0dxRMlVBvigmZs9K30CbSH82AhVeLUb5ckXZg5E+0QbzYIUKByuslL yfBkGyZcaw01Cag== X-Received: by 2002:adf:f9c6:: with SMTP id w6mr4396190wrr.273.1606835617612; Tue, 01 Dec 2020 07:13:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJyKq/XH9OOJePvtqpdJ8px5vdnIYIbhbgIAwy2/r8PK6lDcC6RpABDguStMYtAiJzbzUbDV3A== X-Received: by 2002:adf:f9c6:: with SMTP id w6mr4396170wrr.273.1606835617441; Tue, 01 Dec 2020 07:13:37 -0800 (PST) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, Alexander Bulekov , Fam Zheng , Thomas Huth , Paolo Bonzini , Laurent Vivier , Hannes Reinecke , Li Qiang , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 3/3] hw/scsi/megasas: Have incorrect cdb return MFI_STAT_ABORT_NOT_POSSIBLE Date: Tue, 1 Dec 2020 16:13:19 +0100 Message-Id: <20201201151319.2943325-4-philmd@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201201151319.2943325-1-philmd@redhat.com> References: <20201201151319.2943325-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid out-of-bound array access with invalid CDB is provided. Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- RFC because I have no clue how hardware works. Maybe returning MFI_STAT_ARRAY_INDEX_INVALID is better? Do we need to call megasas_write_sense()? hw/scsi/megasas.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index 28efd094111..d89a3c8c3ce 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -1676,7 +1676,12 @@ static int megasas_handle_scsi(MegasasState *s, Mega= sasCmd *cmd, lun_id =3D cmd->frame->header.lun_id; cdb_len =3D cmd->frame->header.cdb_len; =20 - assert(cdb_len > 0 && scsi_cdb_length(cdb) >=3D cdb_len); + if (!cdb_len || scsi_cdb_length(cdb) < cdb_len) { + trace_megasas_scsi_invalid_cdb_len(mfi_frame_desc(frame_cmd), + is_logical, target_id, + lun_id, cdb_len); + return MFI_STAT_ABORT_NOT_POSSIBLE; + } if (is_logical) { if (target_id >=3D MFI_MAX_LD || lun_id !=3D 0) { trace_megasas_scsi_target_not_present( --=20 2.26.2