Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_can

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()
Date:	Mon, 25 Jan 2021 15:52:43 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0

You forgot to Cc the subsystem maintainers...

./scripts/get_maintainer.pl -f hw/scsi/megasas.c
Hannes Reinecke <hare@suse.com> (supporter:megasas)
Paolo Bonzini <pbonzini@redhat.com> (supporter:SCSI)
Fam Zheng <fam@euphon.net> (reviewer:SCSI)

On 1/25/21 3:22 PM, Mauro Matteo Cascella wrote:
> Hello,
> 
> Any updates on this little patch? Please find below a reproducer for
> this bug (thanks Alexander):
> https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg02567.html

"Little patch" but with security involvements ;)

As Paolo usually asks for reproducer to be integrated with the fix,
it might save him/you time if you respin with the reproducer. You
can have a look at
https://www.mail-archive.com/qemu-block@nongnu.org/msg78982.html
for example.

That said, unrelated to your patch but I'm not sure how useful it
is to test for bugs found by fuzzer each time in our CI. There are
borderline cases not representing proper use. Maybe we could run
them weekly instead...

> Thank you,
> 
> On Thu, Dec 24, 2020 at 6:55 PM Mauro Matteo Cascella
> <mcascell@redhat.com> wrote:
>>
>> Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
>> This check prevents a potential NULL pointer dereference issue.
>>
>> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
>> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
>> Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
>> ---
>>  hw/scsi/megasas.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
>> index 1a5fc5857d..77510e120c 100644
>> --- a/hw/scsi/megasas.c
>> +++ b/hw/scsi/megasas.c
>> @@ -1893,7 +1893,7 @@ static void megasas_command_cancelled(SCSIRequest *req)
>>  {
>>      MegasasCmd *cmd = req->hba_private;
>>
>> -    if (!cmd) {
>> +    if (!cmd || !cmd->frame) {
>>          return;
>>      }
>>      cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
>> --
>> 2.29.2
>>
> 
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled(), Alexander Bulekov, 2021/01/13
- Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled(), Mauro Matteo Cascella, 2021/01/25
  - Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled(), Philippe Mathieu-Daudé <=
    - Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled(), Mauro Matteo Cascella, 2021/01/26

Prev by Date: Re: [PATCH v2 01/12] configure: Only check for audio drivers if system-mode is selected
Next by Date: Re: [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517)
Previous by thread: Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()
Next by thread: Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()
Index(es):
- Date
- Thread