[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: [PULL 01/12] hw/scsi/lsi53c895a: add missing decrement of reentranc
|
From: |
Thomas Huth |
|
Subject: |
Fwd: [PULL 01/12] hw/scsi/lsi53c895a: add missing decrement of reentrancy counter |
|
Date: |
Thu, 8 Feb 2024 19:02:52 +0100 |
|
User-agent: |
Mozilla Thunderbird |
Hi,
I think this is a good candidate for the next stable releases!
Thomas
-------- Forwarded Message --------
Subject: [PULL 01/12] hw/scsi/lsi53c895a: add missing decrement of
reentrancy counter
Date: Tue, 6 Feb 2024 11:43:36 +0100
From: Thomas Huth <thuth@redhat.com>
To: qemu-devel@nongnu.org
CC: Peter Maydell <peter.maydell@linaro.org>, Sven Schnelle
<svens@stackframe.org>, Helge Deller <deller@gmx.de>
From: Sven Schnelle <svens@stackframe.org>
When the maximum count of SCRIPTS instructions is reached, the code
stops execution and returns, but fails to decrement the reentrancy
counter. This effectively renders the SCSI controller unusable
because on next entry the reentrancy counter is still above the limit.
This bug was seen on HP-UX 10.20 which seems to trigger SCRIPTS
loops.
Fixes: b987718bbb ("hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI
controller (CVE-2023-0330)")
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-ID: <20240128202214.2644768-1-svens@stackframe.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
hw/scsi/lsi53c895a.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 34e3b89287..d607a5f9fb 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -1159,6 +1159,7 @@ again:
lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
lsi_disconnect(s);
trace_lsi_execute_script_stop();
+ reentrancy_level--;
return;
}
insn = read_dword(s, s->dsp);
--
2.43.0
- Fwd: [PULL 01/12] hw/scsi/lsi53c895a: add missing decrement of reentrancy counter,
Thomas Huth <=