On 1/22/20 7:23 AM, Kevin Wolf wrote:
> Am 22.01.2020 um 12:53 hat Alexander Popov geschrieben:
>> On 23.12.2019 20:51, Alexander Popov wrote:
>>> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
>>> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
>>> ide_dma_cb() introduced in the commit a718978ed58a in July 2015.
>>>
>>> This patch series fixes incorrect handling of some PRDTs in ide_dma_cb()
>>> and improves the ide-test to cover more PRDT cases (including one
>>> that causes that particular qemu crash).
>>>
>>> Changes from v2 (thanks to Kevin Wolf for the feedback):
>>> - the assertion about prepare_buf() return value is improved;
>>> - the patch order is reversed to keep the tree bisectable;
>>> - the unit-test performance is improved -- now it runs 8 seconds
>>> instead of 3 minutes on my laptop.
>>>
>>> Alexander Popov (2):
>>> ide: Fix incorrect handling of some PRDTs in ide_dma_cb()
>>> tests/ide-test: Create a single unit-test covering more PRDT cases
>>>
>>> hw/ide/core.c | 30 +++++---
>>> tests/ide-test.c | 174 ++++++++++++++++++++---------------------------
>>> 2 files changed, 96 insertions(+), 108 deletions(-)
>>
>> Hello!
>>
>> Pinging again about this fix and unit-test...
>>
>> It's ready. Kevin Wolf has reviewed this (thanks a lot!).
>>
>> What is next?
>
> I asked John about it just yesterday (if he will merge it or if he would
> prefer me to take it through my tree) and he promised to take a look
> very soon.
>
> Kevin
>
Going to merge it today.
--js
