qemu/hw/scsi
Thomas Huth 9fe6e8139d hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
We cannot use the generic reentrancy guard in the LSI code, so
we have to manually prevent endless reentrancy here. The problematic
lsi_execute_script() function has already a way to detect whether
too many instructions have been executed - we just have to slightly
change the logic here that it also takes into account if the function
has been called too often in a reentrant way.

The code in fuzz-lsi53c895a-test.c has been taken from an earlier
patch by Mauro Matteo Cascella.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit b987718bbb)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-05-28 12:02:26 +03:00
..
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c pci: Let pci_dma_rw() take MemTxAttrs argument 2021-12-31 01:05:23 +01:00
esp.c Fix several typos in documentation (found by codespell) 2022-11-11 09:39:25 +01:00
Kconfig build: move vhost-scsi configuration to Kconfig 2022-05-07 07:46:58 +02:00
lsi53c895a.c hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) 2023-05-28 12:02:26 +03:00
megasas.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
meson.build meson: convert hw/scsi 2020-08-21 06:30:28 -04:00
mfi.h Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
mptsas.h mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) 2021-04-19 15:48:12 +01:00
scsi-bus.c virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon disk hotplug events 2022-10-13 23:38:33 +02:00
scsi-disk.c scsi-disk: support setting CD-ROM block size via device options 2022-10-10 09:23:16 +02:00
scsi-generic.c scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 21:10:00 +03:00
spapr_vscsi.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
trace-events scsi-disk: allow MODE SELECT block descriptor to set the block size 2022-07-13 16:58:58 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-scsi-common.c vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
vhost-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
vhost-user-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
viosrp.h hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size 2020-03-17 15:08:50 +11:00
virtio-scsi-dataplane.c virtio-scsi: fix race in virtio_scsi_dataplane_start() 2022-08-17 07:07:37 -04:00
virtio-scsi.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
vmw_pvscsi.c hw/scsi/vmw_pvscsi.c: Use device_cold_reset() to reset SCSI devices 2022-10-18 13:58:04 +02:00
vmw_pvscsi.h scsi: VMWare PVSCSI paravirtual device implementation 2013-04-19 10:44:17 +02:00