* [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer
@ 2021-11-19 20:11 Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 1/2] hw/scsi/megasas: Fails command if SGL buffer overflows Philippe Mathieu-Daudé
` (4 more replies)
0 siblings, 5 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-19 20:11 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block,
Alexander Bulekov, Qiuhao Li, Darren Kenny, Bandan Das,
Stefan Hajnoczi, Hannes Reinecke, Paolo Bonzini,
Philippe Mathieu-Daudé
Fix issue #521 reported by Alex some months ago:
https://gitlab.com/qemu-project/qemu/-/issues/521
Philippe Mathieu-Daudé (2):
hw/scsi/megasas: Fails command if SGL buffer overflows
tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
hw/scsi/megasas.c | 1 +
tests/qtest/fuzz-megasas-test.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
--
2.31.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH-for-6.2 1/2] hw/scsi/megasas: Fails command if SGL buffer overflows
2021-11-19 20:11 [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Philippe Mathieu-Daudé
@ 2021-11-19 20:11 ` Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 2/2] tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521 Philippe Mathieu-Daudé
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-19 20:11 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block,
Alexander Bulekov, Qiuhao Li, Darren Kenny, Bandan Das,
Stefan Hajnoczi, Hannes Reinecke, Paolo Bonzini,
Philippe Mathieu-Daudé
If we detect an overflow on the SGL buffer, do not
keep processing the command: discard it. TARGET_FAILURE
sense code will be returned (MFI_STAT_SCSI_DONE_WITH_ERROR).
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/521
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
No, I haven't looked at the datasheet.
---
hw/scsi/megasas.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 4ff51221d4c..8f357841004 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -303,6 +303,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl)
}
if (cmd->iov_size > iov_size) {
trace_megasas_iovec_overflow(cmd->index, iov_size, cmd->iov_size);
+ goto unmap;
} else if (cmd->iov_size < iov_size) {
trace_megasas_iovec_underflow(cmd->index, iov_size, cmd->iov_size);
}
--
2.31.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH-for-6.2 2/2] tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
2021-11-19 20:11 [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 1/2] hw/scsi/megasas: Fails command if SGL buffer overflows Philippe Mathieu-Daudé
@ 2021-11-19 20:11 ` Philippe Mathieu-Daudé
2021-11-22 11:17 ` [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Darren Kenny
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-19 20:11 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block,
Alexander Bulekov, Qiuhao Li, Darren Kenny, Bandan Das,
Stefan Hajnoczi, Hannes Reinecke, Paolo Bonzini,
Philippe Mathieu-Daudé
Without the previous commit, this test triggers:
$ make check-qtest-x86_64
[...]
Running test qtest-x86_64/fuzz-megasas-test
qemu-system-x86_64: softmmu/physmem.c:3229: address_space_unmap: Assertion `mr != NULL' failed.
Broken pipe
ERROR qtest-x86_64/fuzz-megasas-test - too few tests run (expected 2, got 1)
Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/qtest/fuzz-megasas-test.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/tests/qtest/fuzz-megasas-test.c b/tests/qtest/fuzz-megasas-test.c
index 940a76bf25a..e1141c58a4e 100644
--- a/tests/qtest/fuzz-megasas-test.c
+++ b/tests/qtest/fuzz-megasas-test.c
@@ -34,6 +34,34 @@ static void test_lp1878263_megasas_zero_iov_cnt(void)
qtest_quit(s);
}
+/*
+ * Overflow SGL buffer.
+ * https://gitlab.com/qemu-project/qemu/-/issues/521
+ */
+static void test_gitlab_issue521_megasas_sgl_ovf(void)
+{
+ QTestState *s = qtest_init("-display none -m 32M -machine q35 "
+ "-nodefaults -device megasas "
+ "-device scsi-cd,drive=null0 "
+ "-blockdev "
+ "driver=null-co,read-zeroes=on,node-name=null0");
+ qtest_outl(s, 0xcf8, 0x80000818);
+ qtest_outl(s, 0xcfc, 0xc000);
+ qtest_outl(s, 0xcf8, 0x80000804);
+ qtest_outw(s, 0xcfc, 0x05);
+ qtest_bufwrite(s, 0x0, "\x01", 0x1);
+ qtest_bufwrite(s, 0x7, "\x01", 0x1);
+ qtest_bufwrite(s, 0x10, "\x02", 0x1);
+ qtest_bufwrite(s, 0x16, "\x01", 0x1);
+ qtest_bufwrite(s, 0x28, "\x01", 0x1);
+ qtest_bufwrite(s, 0x33, "\x01", 0x1);
+ qtest_outb(s, 0xc040, 0x0);
+ qtest_outb(s, 0xc040, 0x20);
+ qtest_outl(s, 0xc040, 0x20000000);
+ qtest_outb(s, 0xc040, 0x20);
+ qtest_quit(s);
+}
+
int main(int argc, char **argv)
{
const char *arch = qtest_get_arch();
@@ -43,6 +71,8 @@ int main(int argc, char **argv)
if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt",
test_lp1878263_megasas_zero_iov_cnt);
+ qtest_add_func("fuzz/gitlab_issue521_megasas_sgl_ovf",
+ test_gitlab_issue521_megasas_sgl_ovf);
}
return g_test_run();
--
2.31.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer
2021-11-19 20:11 [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 1/2] hw/scsi/megasas: Fails command if SGL buffer overflows Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 2/2] tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521 Philippe Mathieu-Daudé
@ 2021-11-22 11:17 ` Darren Kenny
2021-12-13 12:32 ` Philippe Mathieu-Daudé
2021-12-17 9:22 ` Paolo Bonzini
4 siblings, 0 replies; 7+ messages in thread
From: Darren Kenny @ 2021-11-22 11:17 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Qiuhao Li,
Alexander Bulekov, Bandan Das, Stefan Hajnoczi, Hannes Reinecke,
Paolo Bonzini, Philippe Mathieu-Daudé
For the series:
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Thanks,
Darren.
On Friday, 2021-11-19 at 21:11:39 +01, Philippe Mathieu-Daudé wrote:
> Fix issue #521 reported by Alex some months ago:
> https://gitlab.com/qemu-project/qemu/-/issues/521
>
> Philippe Mathieu-Daudé (2):
> hw/scsi/megasas: Fails command if SGL buffer overflows
> tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
>
> hw/scsi/megasas.c | 1 +
> tests/qtest/fuzz-megasas-test.c | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 31 insertions(+)
>
> --
> 2.31.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer
2021-11-19 20:11 [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Philippe Mathieu-Daudé
` (2 preceding siblings ...)
2021-11-22 11:17 ` [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Darren Kenny
@ 2021-12-13 12:32 ` Philippe Mathieu-Daudé
2021-12-15 10:30 ` Philippe Mathieu-Daudé
2021-12-17 9:22 ` Paolo Bonzini
4 siblings, 1 reply; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-12-13 12:32 UTC (permalink / raw)
To: qemu-devel, QEMU Trivial
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block,
Alexander Bulekov, Qiuhao Li, Darren Kenny, Bandan Das,
Stefan Hajnoczi, Hannes Reinecke, Paolo Bonzini
Too late for 6.2 now, so Cc'ing qemu-trivial (series reviewed).
On 11/19/21 21:11, Philippe Mathieu-Daudé wrote:
> Fix issue #521 reported by Alex some months ago:
> https://gitlab.com/qemu-project/qemu/-/issues/521
>
> Philippe Mathieu-Daudé (2):
> hw/scsi/megasas: Fails command if SGL buffer overflows
> tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer
2021-12-13 12:32 ` Philippe Mathieu-Daudé
@ 2021-12-15 10:30 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-12-15 10:30 UTC (permalink / raw)
To: qemu-devel, QEMU Trivial, qemu-block
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, Alexander Bulekov,
Qiuhao Li, Darren Kenny, Bandan Das, Stefan Hajnoczi,
Hannes Reinecke, Paolo Bonzini
ping?
On 12/13/21 13:32, Philippe Mathieu-Daudé wrote:
> Too late for 6.2 now, so Cc'ing qemu-trivial (series reviewed).
>
> On 11/19/21 21:11, Philippe Mathieu-Daudé wrote:
>> Fix issue #521 reported by Alex some months ago:
>> https://gitlab.com/qemu-project/qemu/-/issues/521
>>
>> Philippe Mathieu-Daudé (2):
>> hw/scsi/megasas: Fails command if SGL buffer overflows
>> tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer
2021-11-19 20:11 [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Philippe Mathieu-Daudé
` (3 preceding siblings ...)
2021-12-13 12:32 ` Philippe Mathieu-Daudé
@ 2021-12-17 9:22 ` Paolo Bonzini
4 siblings, 0 replies; 7+ messages in thread
From: Paolo Bonzini @ 2021-12-17 9:22 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Darren Kenny,
Qiuhao Li, Alexander Bulekov, Bandan Das, Stefan Hajnoczi,
Hannes Reinecke
On 11/19/21 21:11, Philippe Mathieu-Daudé wrote:
> Fix issue #521 reported by Alex some months ago:
> https://gitlab.com/qemu-project/qemu/-/issues/521
>
> Philippe Mathieu-Daudé (2):
> hw/scsi/megasas: Fails command if SGL buffer overflows
> tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
>
> hw/scsi/megasas.c | 1 +
> tests/qtest/fuzz-megasas-test.c | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 31 insertions(+)
>
Queued, thanks.
Paolo
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-12-17 9:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-19 20:11 [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 1/2] hw/scsi/megasas: Fails command if SGL buffer overflows Philippe Mathieu-Daudé
2021-11-19 20:11 ` [PATCH-for-6.2 2/2] tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521 Philippe Mathieu-Daudé
2021-11-22 11:17 ` [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer Darren Kenny
2021-12-13 12:32 ` Philippe Mathieu-Daudé
2021-12-15 10:30 ` Philippe Mathieu-Daudé
2021-12-17 9:22 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).