On 4/28/24 20:25, Jeuk Kim wrote:
From: Jeuk Kim <[email protected]>It fixes the buffer overflow vulnerability in the ufs device. The bug was detected by sanitizers. You can reproduce it by: cat << EOF |\ qemu-system-x86_64 \ -display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \ file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \ ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio outl 0xcf8 0x80000810 outl 0xcfc 0xe0000000 outl 0xcf8 0x80000804 outw 0xcfc 0x06 write 0xe0000058 0x1 0xa7 write 0xa 0x1 0x50 EOF Resolves: #2299 Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests") Reported-by: Zheyu Ma <[email protected]> Signed-off-by: Jeuk Kim <[email protected]> --- hw/ufs/ufs.c | 8 ++++++++ 1 file changed, 8 insertions(+)
For some reason this appears to cause failures on s390x: https://gitlab.com/qemu-project/qemu/-/jobs/6740883283 All of the timeouts are new with this patch alone applied, and go away when reverted. I wasn't aware that these tests used ufs, but I have no other explanation... r~
