Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
qemu.20747
esp-ensure-that-do_cmd-is-set-to-zero-be.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File esp-ensure-that-do_cmd-is-set-to-zero-be.patch of Package qemu.20747
From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Date: Wed, 7 Apr 2021 20:58:00 +0100 Subject: esp: ensure that do_cmd is set to zero before submitting an ESP select command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 607206948cacda4a80be5b976dba490970a18a76 References: bsc#1180433, CVE-2020-35504 bsc#1180434, CVE-2020-35505 bsc#1180435, CVE-2020-35506 When a CDB has been received and is about to be submitted to the SCSI layer via one of the ESP select commands, ensure that do_cmd is set to zero before executing the command. Otherwise a guest executing 2 valid CDBs in quick sequence can invoke the SCSI .transfer_data callback again before do_cmd is set to zero by the callback function triggering an assert at the start of esp_transfer_data(). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210407195801.685-12-mark.cave-ayland@ilande.co.uk> Signed-off-by: Jose R Ziviani <jose.ziviani@suse.com> --- hw/scsi/esp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 7fa3d352cdbd421a1ce6a796355d..db263b5e2411b78eefdb924f263f 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -246,8 +246,10 @@ static void handle_satn(ESPState *s) } s->pdma_cb = satn_pdma_cb; len = get_cmd(s, buf, sizeof(buf)); - if (len) + if (len) { + s->do_cmd = 0; do_cmd(s, buf); + } } static void s_without_satn_pdma_cb(ESPState *s) @@ -272,6 +274,7 @@ static void handle_s_without_atn(ESPState *s) s->pdma_cb = s_without_satn_pdma_cb; len = get_cmd(s, buf, sizeof(buf)); if (len) { + s->do_cmd = 0; do_busid_cmd(s, buf, 0); } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor