Re: [PATCH] scsi: check inquiry buffer length to prevent crash

2023-05-11 Thread Théo Maillart
>From 31fd9e07df62663e6fb427ce3e7e767e07cf7aeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Maillart?= Date: Wed, 26 Apr 2023 13:57:44 +0200 Subject: [PATCH] scsi: check inquiry buffer length to prevent crash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Trans

Re: [PATCH] scsi: check inquiry buffer length to prevent crash

2023-05-11 Thread Paolo Bonzini
On 5/11/23 12:37, Théo Maillart wrote: On Wed, May 10, 2023 at 6:11 PM Paolo Bonzini > wrote: On 4/26/23 15:37, Théo Maillart wrote: > --- a/hw/scsi/scsi-generic.c > +++ b/hw/scsi/scsi-generic.c > @@ -191,7 +191,7 @@ static int scsi_handle_inqui

Re: [PATCH] scsi: check inquiry buffer length to prevent crash

2023-05-11 Thread Théo Maillart
On Wed, May 10, 2023 at 6:11 PM Paolo Bonzini wrote: > On 4/26/23 15:37, Théo Maillart wrote: > > --- a/hw/scsi/scsi-generic.c > > +++ b/hw/scsi/scsi-generic.c > > @@ -191,7 +191,7 @@ static int scsi_handle_inquiry_reply(SCSIGenericReq > *r, SCSIDevice *s, int len) > > if ((s->type == TYPE_

Re: [PATCH] scsi: check inquiry buffer length to prevent crash

2023-05-10 Thread Paolo Bonzini
On 4/26/23 15:37, Théo Maillart wrote: --- a/hw/scsi/scsi-generic.c +++ b/hw/scsi/scsi-generic.c @@ -191,7 +191,7 @@ static int scsi_handle_inquiry_reply(SCSIGenericReq *r, SCSIDevice *s, int len) if ((s->type == TYPE_DISK || s->type == TYPE_ZBC) && (r->req.cmd.buf[1] & 0x01)) {

Re: [PATCH] scsi: check inquiry buffer length to prevent crash

2023-05-10 Thread Théo Maillart
This crash appeared on the latest linux guests, most likely because of this commit from the linux kernel: v5.18-rc1-157-gc92a6b5d6335 On Wed, Apr 26, 2023 at 7:13 PM Théo Maillart wrote: > > Le mer. 26 avr. 2023 à 15:38, Théo Maillart a > écrit : > >> Using linux 6.x guest, at boot time, an i

Re: [PATCH] scsi: check inquiry buffer length to prevent crash

2023-04-26 Thread Théo Maillart
Le mer. 26 avr. 2023 à 15:38, Théo Maillart a écrit : > Using linux 6.x guest, at boot time, an inquiry makes qemu crash. > Here is a trace of the scsi inquiry in question: > > scsi_req_parsed target 1 lun 0 tag 0x2cffb48 command 18 dir 1 length 4 > scsi_req_parsed_lba target 1 lun 0 tag 0x2cffb4

[PATCH] scsi: check inquiry buffer length to prevent crash

2023-04-26 Thread Théo Maillart
Using linux 6.x guest, at boot time, an inquiry makes qemu crash. Here is a trace of the scsi inquiry in question: scsi_req_parsed target 1 lun 0 tag 0x2cffb48 command 18 dir 1 length 4 scsi_req_parsed_lba target 1 lun 0 tag 0x2cffb48 command 18 lba 110592 scsi_req_alloc target 1 lun 0 tag 0x2cffb