hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Thomas Huth <thuth@redhat.com>	2023-05-22 11:10:11 +0200
committer	Thomas Huth <thuth@redhat.com>	2023-05-26 09:37:04 +0200
commit	b987718bbb1d0eabf95499b976212dd5f0120d75 (patch)
tree	b264b48cab337c3168ea450930c1e0e718ec349b /include/hw/qdev-core.h
parent	d139fe9ad8a27bcc50b4ead77d2f97d191a0e95e (diff)
download	focaccia-qemu-b987718bbb1d0eabf95499b976212dd5f0120d75.tar.gz focaccia-qemu-b987718bbb1d0eabf95499b976212dd5f0120d75.zip

hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)

We cannot use the generic reentrancy guard in the LSI code, so
we have to manually prevent endless reentrancy here. The problematic
lsi_execute_script() function has already a way to detect whether
too many instructions have been executed - we just have to slightly
change the logic here that it also takes into account if the function
has been called too often in a reentrant way.

The code in fuzz-lsi53c895a-test.c has been taken from an earlier
patch by Mauro Matteo Cascella.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>

Diffstat (limited to 'include/hw/qdev-core.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: