qemu-e2k/hw/scsi
Thomas Huth b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
We cannot use the generic reentrancy guard in the LSI code, so
we have to manually prevent endless reentrancy here. The problematic
lsi_execute_script() function has already a way to detect whether
too many instructions have been executed - we just have to slightly
change the logic here that it also takes into account if the function
has been called too often in a reentrant way.

The code in fuzz-lsi53c895a-test.c has been taken from an earlier
patch by Mauro Matteo Cascella.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-26 09:37:04 +02:00
..
emulation.c
esp-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
esp.c
Kconfig
lsi53c895a.c hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) 2023-05-26 09:37:04 +02:00
megasas.c
meson.build
mfi.h
mpi.h
mptconfig.c
mptendian.c
mptsas.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
mptsas.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
scsi-bus.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
scsi-disk.c dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race 2023-02-23 19:49:35 +01:00
scsi-generic.c scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 08:53:51 +02:00
spapr_vscsi.c
srp.h
trace-events
trace.h
vhost-scsi-common.c vhost-scsi: fix memleak of vsc->inflight 2023-01-08 01:54:23 -05:00
vhost-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
vhost-user-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
viosrp.h Updated the FSF address to <https://www.gnu.org/licenses/> 2023-02-27 09:15:39 +01:00
virtio-scsi-dataplane.c aio-wait: avoid AioContext lock in aio_wait_bh_oneshot() 2023-05-10 14:15:13 +02:00
virtio-scsi.c virtio-scsi: reset SCSI devices from main loop thread 2023-02-23 19:49:35 +01:00
vmw_pvscsi.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
vmw_pvscsi.h