From nobody Mon Feb 9 23:31:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=ilande.co.uk Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1694637949135478.1837649427405; Wed, 13 Sep 2023 13:45:49 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qgWj0-0007wN-7i; Wed, 13 Sep 2023 16:44:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qgWiw-0007w7-IT for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:34 -0400 Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qgWir-0007NS-CQ for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:33 -0400 Received: from [2a00:23c4:8baf:5f00:38a1:1ac:b42:501a] (helo=localhost.localdomain) by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qgWid-0003uU-P8; Wed, 13 Sep 2023 21:44:19 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DVxzxH+aMVL1Mz4gK1nPDYOSkhTi79kfdn8A6RFNfUs=; b=L5DuVP03okpisSZhps1ev3WEuh xeQP1M1H4vZ37ZucteHUAfSwFQ5VJbf8HX9FfSDFVmCWr2z7CM/+/mn/vijl7mYmaYmVn8eOTpIww JH6D2Q+8YgVmd/0sgUUhxkKCZhIPJnV8GPyEaMtiaTmzA4iDuDDD01j9pc7Sd3B/Ml2ezwXbNW+Ro E6SBlkynaiaPYCyM4LDvf2XRe1BDLdBrtWJHoZmnLq0L+LXbgE8Bukt2aZRLL6a6L/dP2JeCMCVXb h9x/LIqAdcx+nQsQqffWyaQapRdmt8jj5NUzHh6piuBgm1LNFf0wZxNgCOFFS7LZH7QHwkjZyiRv4 pL3BrCd+PasTMuXFZPfHfJg9wBNXfTA+oOc5Pkq6EhqPgoxEbQI7C/vbi//HSQrod5/mSHLjWq4bd xfT28dSX1hjVWy0WTUH4pIGjt7M4thOSoDd79ecDsQvDnk2O0/9MvUVf0mzyHdi5/28tR3/ZRQZJw VKO8nC+a23aAa3uwi6eEYkDgOZkwXS38enckqu5J4zJEc/+04RWyUgeN74ml+WrcorRXwIdNAWbe9 3P8GljLvDWR9vUW9OF4vLv1w3N8qbV90mBz6LFZsN0rmpgUMo44nvtBksMi7FhRl0AG4giUscAClx +Amx5YKzSWf+PgVHxg9JstJuCxaXPGN/UT7YJUrH8=; From: Mark Cave-Ayland To: pbonzini@redhat.com, fam@euphon.net, qemu-devel@nongnu.org Date: Wed, 13 Sep 2023 21:44:08 +0100 Message-Id: <20230913204410.65650-2-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk> References: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 2a00:23c4:8baf:5f00:38a1:1ac:b42:501a X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH 1/3] esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux() X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk) Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1694637950330100001 Content-Type: text/plain; charset="utf-8" The call to esp_dma_enable() was being made with the SYSBUS_ESP type instea= d of the ESP type. This meant that when GPIO 1 was being used to trigger a DMA request from an external DMA controller, the setting of ESPState's dma_enab= led field would clobber unknown memory whilst the dma_cb callback pointer would typically return NULL so the DMA request would never start. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Thomas Huth --- hw/scsi/esp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index e52188d022..4218a6a960 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -1395,7 +1395,7 @@ static void sysbus_esp_gpio_demux(void *opaque, int i= rq, int level) parent_esp_reset(s, irq, level); break; case 1: - esp_dma_enable(opaque, irq, level); + esp_dma_enable(s, irq, level); break; } } --=20 2.39.2 From nobody Mon Feb 9 23:31:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=ilande.co.uk Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1694637930285458.75403188750033; Wed, 13 Sep 2023 13:45:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qgWj2-0007x7-Q2; Wed, 13 Sep 2023 16:44:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qgWj1-0007wz-Jp for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:39 -0400 Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qgWit-0007a7-G8 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:39 -0400 Received: from [2a00:23c4:8baf:5f00:38a1:1ac:b42:501a] (helo=localhost.localdomain) by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qgWih-0003uU-VY; Wed, 13 Sep 2023 21:44:24 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jndB8n2H6Bo7XmQ+0Mz5XDVcRQkLTrjD1HFlDra3TIA=; b=ciSGGjY2Kr9HY3y0VpCroENdWH ArgPTvRgntsnM/J5V4mvkiKN0gL6y9OvwY1eCdInhjrwsUbMV+3CC8bU6bDW/ly2AFjZAT5wkHccM +rvBYQKK7fEGehZx3VJeK20o9M10xXmvLM+yath5Kd0UF4RXbmOR2Ek0J0ZHIUKhUNJhy4mgTUa+w RgHk79N2obhCvELKak35CxihrMPhNfMQQSmiAOuK8aTzyMKeJ8g/Iv5DFZg92edLZFrl8+qkju7Yd EKHW6GzvuY5KnWNLi3RmIriNB1e+RTKbAXtKkoQKYmCsWQTSI4N0bLhxpzc3oiC+JgUkwsHPeF4/i tka5pPfRAl5uw0VasHpysNhoOTHF6BlfRqwEggJMKuYYPYopT6K3yNrTAVWYLDdBCRl63KwvkVMUC /KDlMpZgDSkXk8uH/wd60uLzVRPy7CHV0BeFT7MFZfdAaTFmrg4CHmPIjg/6mdhnIzDVYX/GX4WsW SOLOAiuNGAiiHIhkMxErFCvi0nMNaHPUGNlrU/zQCc8KqXdG/C9OrCVe7bih7mVs8I8BShQ0zEYZN JlY0BAcZvzWwkhHiEIyiqE80NDIiccGRVDWRg6HuOYwQAQ7PRo9Fo6R+yn83csf6GGKaxeCNUAITl 4KHQkndkZ+5ubhR4Ik1GEFgOTl8VSZ5VeR9/psGzc=; From: Mark Cave-Ayland To: pbonzini@redhat.com, fam@euphon.net, qemu-devel@nongnu.org Date: Wed, 13 Sep 2023 21:44:09 +0100 Message-Id: <20230913204410.65650-3-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk> References: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 2a00:23c4:8baf:5f00:38a1:1ac:b42:501a X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH 2/3] esp: restrict non-DMA transfer length to that of available data X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk) Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1694637932633100003 Content-Type: text/plain; charset="utf-8" In the case where a SCSI layer transfer is incorrectly terminated, it is possible for a TI command to cause a SCSI buffer overflow due to the expected transfer data length being less than the available data in the FIFO. When this occurs the unsigned async_len variable underflows and becomes a large offset which writes past the end of the allocated SCSI buffer. Restrict the non-DMA transfer length to be the smallest of the expected transfer length and the available FIFO data to ensure that it is no longer possible for the SCSI buffer overflow to occur. Signed-off-by: Mark Cave-Ayland Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1810 Reviewed-by: Thomas Huth --- hw/scsi/esp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 4218a6a960..9b11d8c573 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -759,7 +759,8 @@ static void esp_do_nodma(ESPState *s) } =20 if (to_device) { - len =3D MIN(fifo8_num_used(&s->fifo), ESP_FIFO_SZ); + len =3D MIN(s->async_len, ESP_FIFO_SZ); + len =3D MIN(len, fifo8_num_used(&s->fifo)); esp_fifo_pop_buf(&s->fifo, s->async_buf, len); s->async_buf +=3D len; s->async_len -=3D len; --=20 2.39.2 From nobody Mon Feb 9 23:31:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=ilande.co.uk Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1694637941444572.8089936546855; Wed, 13 Sep 2023 13:45:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qgWj7-0007xa-Ee; Wed, 13 Sep 2023 16:44:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qgWj5-0007xN-5o for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:43 -0400 Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qgWiy-0007ix-WC for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:42 -0400 Received: from [2a00:23c4:8baf:5f00:38a1:1ac:b42:501a] (helo=localhost.localdomain) by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qgWim-0003uU-5b; Wed, 13 Sep 2023 21:44:28 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2iS8Qzhbb8035J7C/TqM8tWwK2buTw+wyqXr6GpMqIo=; b=zLA56ecOlNizbt0g3BRGtcL958 EYZD21oBZ+hYeuNTWQs2XY4nfuUftNfULmyTVWazejmHfI0vgSR32WOYfvQg4CctW/4IGg0//XHW6 nioanceA7+48rzKkz1gHlUR0ALRT3WxXbEH7SeZXMMe2H+aTym5vKntqkkC/1pkNuKa/m5wn9oUda zc/jjY4zRrCDr8MIpHIg+nXmfn9D9WU8Wa6/MkF3DLPjQN4QdKAKLO/02DYaNFGZANnqnQ3e65JVd zNDjxiSi8KnnAnAklMEaRnCm7FXV1ZprL6ZsFOeYz2AaWDXWN73poq2Wm2BhL8Fdz3fE4xv8lDkW0 IaC5VBQfPvFDB07GqGPm57OyEDny7x1J8DRqpRkNn/iXoTQb/r/07XV2o/NoNQf6p7tjDt6nb+T3j ZpOpQqUHULadSZygc620kJC3wSkqQJqU2jAx3bosHhxbfImsNROpi95n3Vm+e1D08v0ZFAag7w1R+ Jp5n+ZN2fTsDMhsvmJCP1Lt9OSaK48RH5aga7bYBqvv/hfM9kxiJCfd2HLpBbzG3lq/NXcS5FiYLh uS2oNTTn7eIHbAutkeJgRUwsB7M/tuUJGtWVBmVFHj7PeX80pgdB50hV/AUGlsWc0qJwcu6adykma cl2zvEmSZoSIAtr0YlUC7YYZYzQS43ahH6bijbbe0=; From: Mark Cave-Ayland To: pbonzini@redhat.com, fam@euphon.net, qemu-devel@nongnu.org Date: Wed, 13 Sep 2023 21:44:10 +0100 Message-Id: <20230913204410.65650-4-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk> References: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 2a00:23c4:8baf:5f00:38a1:1ac:b42:501a X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH 3/3] scsi-disk: ensure that FORMAT UNIT commands are terminated X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk) Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1694637942014100001 Content-Type: text/plain; charset="utf-8" Otherwise when a FORMAT UNIT command is issued, the SCSI layer can become confused because it can find itself in the situation where it thinks there is still data to be transferred which can cause the next emulated SCSI command to fail. Signed-off-by: Mark Cave-Ayland Fixes: 6ab71761 ("scsi-disk: add FORMAT UNIT command") Tested-by: Thomas Huth --- hw/scsi/scsi-disk.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index e0d79c7966..4484ee8271 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1958,6 +1958,10 @@ static void scsi_disk_emulate_write_data(SCSIRequest= *req) scsi_disk_emulate_write_same(r, r->iov.iov_base); break; =20 + case FORMAT_UNIT: + scsi_req_complete(&r->req, GOOD); + break; + default: abort(); } --=20 2.39.2