f25d5b2eaa
- hw/scsi/lsi53c895a: add missing decrement of reentrancy counter - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) - net: Update MemReentrancyGuard for NIC - net: Provide MemReentrancyGuard * to qemu_new_nic() - memory: prevent dma-reentracy issues - softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR - Fixed the early version of CVE-2022-4144 patch is not fully adapted Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 3bcb3fc33c4b6898652a388d45e4bf59372ff4aa Mon Sep 17 00:00:00 2001
|
|
From: Sven Schnelle <svens@stackframe.org>
|
|
Date: Sun, 28 Jan 2024 21:22:14 +0100
|
|
Subject: [PATCH] hw/scsi/lsi53c895a: add missing decrement of reentrancy
|
|
counter
|
|
|
|
When the maximum count of SCRIPTS instructions is reached, the code
|
|
stops execution and returns, but fails to decrement the reentrancy
|
|
counter. This effectively renders the SCSI controller unusable
|
|
because on next entry the reentrancy counter is still above the limit.
|
|
|
|
This bug was seen on HP-UX 10.20 which seems to trigger SCRIPTS
|
|
loops.
|
|
|
|
Fixes: b987718bbb ("hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)")
|
|
Signed-off-by: Sven Schnelle <svens@stackframe.org>
|
|
Message-ID: <20240128202214.2644768-1-svens@stackframe.org>
|
|
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
|
Tested-by: Helge Deller <deller@gmx.de>
|
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
---
|
|
hw/scsi/lsi53c895a.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
|
|
index 299e021fa1..336923be1c 100644
|
|
--- a/hw/scsi/lsi53c895a.c
|
|
+++ b/hw/scsi/lsi53c895a.c
|
|
@@ -1158,6 +1158,7 @@ again:
|
|
lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
|
|
lsi_disconnect(s);
|
|
trace_lsi_execute_script_stop();
|
|
+ reentrancy_level--;
|
|
return;
|
|
}
|
|
insn = read_dword(s, s->dsp);
|
|
--
|
|
2.27.0
|
|
|