[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI cont
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [PATCH v2] hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) |
|
Date: |
Mon, 22 May 2023 07:23:35 -0400 |
On Mon, 22 May 2023 at 05:11, Thomas Huth <thuth@redhat.com> wrote:
>
> We cannot use the generic reentrancy guard in the LSI code, so
> we have to manually prevent endless reentrancy here. The problematic
> lsi_execute_script() function has already a way to detect whether
> too many instructions have been executed - we just have to slightly
> change the logic here that it also takes into account if the function
> has been called too often in a reentrant way.
>
> The code in fuzz-lsi53c895a-test.c has been taken from an earlier
> patch by Mauro Matteo Cascella.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> v2: Add a comment about the reentrancy problem to the source code
>
> hw/scsi/lsi53c895a.c | 23 +++++++++++++++------
> tests/qtest/fuzz-lsi53c895a-test.c | 33 ++++++++++++++++++++++++++++++
> 2 files changed, 50 insertions(+), 6 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>