Thomas Huth 436dc33465 hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) ...

We cannot use the generic reentrancy guard in the LSI code, so
we have to manually prevent endless reentrancy here. The problematic
lsi_execute_script() function has already a way to detect whether
too many instructions have been executed - we just have to slightly
change the logic here that it also takes into account if the function
has been called too often in a reentrant way.

The code in fuzz-lsi53c895a-test.c has been taken from an earlier
patch by Mauro Matteo Cascella.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit b987718bbb)
Resolves: bsc#1207205 (CVE-2023-0330)
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>

2023-07-26 15:34:39 +02:00

..

emulation.c

scsi-generic: avoid invalid access to struct when emulating block limits

2018-11-06 21:35:06 +01:00

esp-pci.c

pci: Let pci_dma_rw() take MemTxAttrs argument

2021-12-31 01:05:23 +01:00

esp.c

esp: recreate ESPState current_req after migration

2022-03-09 09:29:10 +00:00

Kconfig

build: move vhost-scsi configuration to Kconfig

2022-05-07 07:46:58 +02:00

lsi53c895a.c

hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)

2023-07-26 15:34:39 +02:00

megasas.c

hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()

2023-06-01 15:46:49 +02:00

meson.build

meson: convert hw/scsi

2020-08-21 06:30:28 -04:00

mfi.h

Fix 'writeable' typos

2022-06-08 19:38:47 +01:00

mpi.h

hw: Add support for LSI SAS1068 (mptsas) device

2016-02-09 15:45:26 +01:00

mptconfig.c

nomaintainer: Fix Lesser GPL version number

2020-11-15 17:04:40 +01:00

mptendian.c

nomaintainer: Fix Lesser GPL version number

2020-11-15 17:04:40 +01:00

mptsas.c

Remove unnecessary minimum_version_id_old fields

2022-01-28 15:38:23 +01:00

mptsas.h

mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392)

2021-04-19 15:48:12 +01:00

scsi-bus.c

include: Move hardware version declarations to new qemu/hw-version.h

2022-02-21 13:30:20 +00:00

scsi-disk.c

scsi-disk: ensure block size is non-zero and changes limited to bits 8-15

2022-08-01 15:22:39 +02:00

scsi-generic.c

scsi-generic: check for additional SG_IO status on completion

2023-06-01 15:46:49 +02:00

spapr_vscsi.c

Trivial: 3 char repeat typos

2022-06-28 11:06:02 +02:00

srp.h

spapr-vscsi: add task management

2013-09-12 08:46:21 +02:00

trace-events

scsi-disk: allow MODE SELECT block descriptor to set the block size

2022-07-13 16:58:58 +02:00

trace.h

trace: switch position of headers to what Meson requires

2020-08-21 06:18:24 -04:00

vhost-scsi-common.c

vhost-scsi: support inflight io track

2020-09-30 19:09:20 +02:00

vhost-scsi.c

virtio: add vhost support for virtio devices

2022-05-16 04:38:40 -04:00

vhost-user-scsi.c

hw/vhost-user-scsi|blk: set supports_config flag correctly

2022-06-09 19:32:49 -04:00

viosrp.h

hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size

2020-03-17 15:08:50 +11:00

virtio-scsi-dataplane.c

virtio-scsi: fix race in virtio_scsi_dataplane_start()

2022-08-17 07:07:37 -04:00

virtio-scsi.c

virtio: drop name parameter for virtio_init()

2022-05-16 04:38:40 -04:00

vmw_pvscsi.c

pci: Let ld*_pci_dma() propagate MemTxResult

2021-12-31 01:05:27 +01:00

vmw_pvscsi.h

scsi: VMWare PVSCSI paravirtual device implementation

2013-04-19 10:44:17 +02:00