[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 0/7] megasas: fix TOCTOU and segmentation fault bugs
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PATCH 0/7] megasas: fix TOCTOU and segmentation fault bugs |
Date: |
Tue, 6 Jun 2017 14:17:40 +0200 |
The first patch add a simple no-op qtest. Patches 2-6 change the
device to only read from cmd->frame once, thus avoiding TOC-TOU
bugs and possible vulnerabilities.
The last patch fixes a NULL pointer dereference reported by PJP.
It has a dependency on patch 4, because megasas_abort_command now
needs an extra cmd->dcmd_opcode != -1 check (and cmd->dcmd_opcode is
added in patch 4).
Paolo
Paolo Bonzini (7):
megasas: add qtest
megasas: do not read sense length more than once from frame
megasas: do not read iovec count more than once from frame
megasas: do not read DCMD opcode more than once from frame
megasas: do not read command more than once from frame
megasas: do not read SCSI req parameters more than once from frame
megasas: always store SCSIRequest* into MegasasCmd
hw/scsi/megasas.c | 175 ++++++++++++++++++++++---------------------------
tests/Makefile.include | 3 +
tests/megasas-test.c | 86 ++++++++++++++++++++++++
3 files changed, 168 insertions(+), 96 deletions(-)
create mode 100644 tests/megasas-test.c
--
2.13.0
- [Qemu-devel] [PATCH 0/7] megasas: fix TOCTOU and segmentation fault bugs,
Paolo Bonzini <=
- [Qemu-devel] [PATCH 3/7] megasas: do not read iovec count more than once from frame, Paolo Bonzini, 2017/06/06
- [Qemu-devel] [PATCH 1/7] megasas: add qtest, Paolo Bonzini, 2017/06/06
- [Qemu-devel] [PATCH 4/7] megasas: do not read DCMD opcode more than once from frame, Paolo Bonzini, 2017/06/06
- [Qemu-devel] [PATCH 2/7] megasas: do not read sense length more than once from frame, Paolo Bonzini, 2017/06/06
- [Qemu-devel] [PATCH 5/7] megasas: do not read command more than once from frame, Paolo Bonzini, 2017/06/06
- [Qemu-devel] [PATCH 6/7] megasas: do not read SCSI req parameters more than once from frame, Paolo Bonzini, 2017/06/06
- [Qemu-devel] [PATCH 7/7] megasas: always store SCSIRequest* into MegasasCmd, Paolo Bonzini, 2017/06/06
- Re: [Qemu-devel] [PATCH 0/7] megasas: fix TOCTOU and segmentation fault bugs, no-reply, 2017/06/06