qemu-e2k/hw/scsi
Thomas Huth b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
We cannot use the generic reentrancy guard in the LSI code, so
we have to manually prevent endless reentrancy here. The problematic
lsi_execute_script() function has already a way to detect whether
too many instructions have been executed - we just have to slightly
change the logic here that it also takes into account if the function
has been called too often in a reentrant way.

The code in fuzz-lsi53c895a-test.c has been taken from an earlier
patch by Mauro Matteo Cascella.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-26 09:37:04 +02:00
..
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
esp.c Fix several typos in documentation (found by codespell) 2022-11-11 09:39:25 +01:00
Kconfig build: move vhost-scsi configuration to Kconfig 2022-05-07 07:46:58 +02:00
lsi53c895a.c hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) 2023-05-26 09:37:04 +02:00
megasas.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
meson.build meson: convert hw/scsi 2020-08-21 06:30:28 -04:00
mfi.h Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
mptsas.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
scsi-bus.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
scsi-disk.c dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race 2023-02-23 19:49:35 +01:00
scsi-generic.c scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 08:53:51 +02:00
spapr_vscsi.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
trace-events scsi-disk: allow MODE SELECT block descriptor to set the block size 2022-07-13 16:58:58 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-scsi-common.c vhost-scsi: fix memleak of vsc->inflight 2023-01-08 01:54:23 -05:00
vhost-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
vhost-user-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
viosrp.h Updated the FSF address to <https://www.gnu.org/licenses/> 2023-02-27 09:15:39 +01:00
virtio-scsi-dataplane.c aio-wait: avoid AioContext lock in aio_wait_bh_oneshot() 2023-05-10 14:15:13 +02:00
virtio-scsi.c virtio-scsi: reset SCSI devices from main loop thread 2023-02-23 19:49:35 +01:00
vmw_pvscsi.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
vmw_pvscsi.h