On 23.12.2019 20:51, Alexander Popov wrote: > Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu > using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in > ide_dma_cb() introduced in the commit a718978ed58a in July 2015. > > This patch series fixes incorrect handling of some PRDTs in ide_dma_cb() > and improves the ide-test to cover more PRDT cases (including one > that causes that particular qemu crash). > > Changes from v2 (thanks to Kevin Wolf for the feedback): > - the assertion about prepare_buf() return value is improved; > - the patch order is reversed to keep the tree bisectable; > - the unit-test performance is improved -- now it runs 8 seconds > instead of 3 minutes on my laptop. > > Alexander Popov (2): > ide: Fix incorrect handling of some PRDTs in ide_dma_cb() > tests/ide-test: Create a single unit-test covering more PRDT cases > > hw/ide/core.c | 30 +++++--- > tests/ide-test.c | 174 ++++++++++++++++++++--------------------------- > 2 files changed, 96 insertions(+), 108 deletions(-)
Hello! Pinging again about this fix and unit-test... It's ready. Kevin Wolf has reviewed this (thanks a lot!). What is next? Best regards, Alexander
