git.ipfire.org Git - thirdparty/qemu.git/commit

author	Thomas Huth <thuth@redhat.com>
	Mon, 22 May 2023 09:10:11 +0000 (11:10 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Fri, 26 May 2023 15:56:39 +0000 (18:56 +0300)
commit	e49884a90987744ddb54b2fadc770633eb6a4d62
tree	aa30e0b7dd99d2b400012a1b46676fd4279cf4b2	tree
parent	9d622451fdf9693a2265d5c04b041627f81d8c1d	commit \| diff

hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)

We cannot use the generic reentrancy guard in the LSI code, so
we have to manually prevent endless reentrancy here. The problematic
lsi_execute_script() function has already a way to detect whether
too many instructions have been executed - we just have to slightly
change the logic here that it also takes into account if the function
has been called too often in a reentrant way.

The code in fuzz-lsi53c895a-test.c has been taken from an earlier
patch by Mauro Matteo Cascella.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit b987718bbb1d0eabf95499b976212dd5f0120d75)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

hw/scsi/lsi53c895a.c		diff \| blob \| blame \| history
tests/qtest/fuzz-lsi53c895a-test.c		diff \| blob \| blame \| history