scsi-disk: fixes for block size crashes found by fuzzer

[PATCH for-7.1 0/2] scsi-disk: fixes for block size crashes found by fuzzer

Mark Cave-Ayland posted 2 patches 1 year, 9 months ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20220730122656.253448-1-mark.cave-ayland@ilande.co.uk

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Fam Zheng <fam@euphon.net>

hw/scsi/scsi-disk.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)

Expand all Fold all

[PATCH for-7.1 0/2] scsi-disk: fixes for block size crashes found by fuzzer

Posted by Mark Cave-Ayland 1 year, 9 months ago

These two patches fix a couple of issues which were found by the fuzzer as a
consequence of allowing the guest to change the SCSI block size in commit
356c4c441e ("scsi-disk: allow MODE SELECT block descriptor to set the block size").

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>


Mark Cave-Ayland (2):
  scsi-disk: fix overflow when block size is not a multiple of
    BDRV_SECTOR_SIZE
  scsi-disk: ensure block size is non-zero and changes limited to bits
    8-15

 hw/scsi/scsi-disk.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

-- 
2.30.2

Re: [PATCH for-7.1 0/2] scsi-disk: fixes for block size crashes found by fuzzer

Posted by Paolo Bonzini 1 year, 8 months ago

Queued, thanks.

Paolo