https://gitlab.com/qemu-project/qemu/-/commit/39912c14da07a2d
** Changed in: qemu
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1523811
Title:
USB assert f
No, we can't. csw.residue is non-zero if the request didn't complete yet
(usb_msd_send_status clears it via memset). We *really* should not be in
USB_MSDM_CBW state with a non-zero residue.
We need to figure how we end up with this inconsistency. Possibly via
usb_msd_handle_reset().
--
You
Looking at commit 0659879e6e5 ("usb-storage: remove MSDState->residue")
this assert seems a left-over, CSW residue should be irrelevant in CBW
path...
Gerd, can we simply remove it?
** Changed in: qemu
Status: Expired => Confirmed
--
You received this bug notification because you are a me
** Description changed:
On executing the attached python script in the guest OS, QEMU dies with
assert failure:
[run python script in guest root shell]
# python a.py
[host message]
qemu-system-x86_64: hw/usb/dev-storage.c:445: usb_msd_handle_data: Assertion
`le32_to_cpu(s->csw.r
** Tags added: fuzzer
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1523811
Title:
USB assert failure on dev-storage.c
Status in QEMU:
Expired
Bug description:
On executing the attached pytho
Using hypervisor fuzzer, hyfuzz, I found an assertion failure through
nec-usb-xhci emulator.
A malicious guest user/process could use this flaw to abort the QEMU
process on the host, resulting in a denial of service.
This was found in version 5.2.0 (master,
51db2d7cf26d05a961ec0ee0eb773594b32cc4a
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1523811
Title:
USB assert
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1523811
Title:
USB assert failure on dev-storage.c
Status in QEMU:
Incomplete
Bug description:
Triaging old bug tickets ... can you still reproduce this issue with the
latest version of QEMU (version 2.8)?
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https
