On 23.01.2020 02:14, John Snow wrote: > On 12/23/19 12:51 PM, Alexander Popov wrote: >> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu >> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in >> ide_dma_cb() introduced in the commit a718978ed58a in July 2015. >> >> This patch series fixes incorrect handling of some PRDTs in ide_dma_cb() >> and improves the ide-test to cover more PRDT cases (including one >> that causes that particular qemu crash). >> >> Changes from v2 (thanks to Kevin Wolf for the feedback): >> - the assertion about prepare_buf() return value is improved; >> - the patch order is reversed to keep the tree bisectable; >> - the unit-test performance is improved -- now it runs 8 seconds >> instead of 3 minutes on my laptop. >> >> Alexander Popov (2): >> ide: Fix incorrect handling of some PRDTs in ide_dma_cb() >> tests/ide-test: Create a single unit-test covering more PRDT cases >> >> hw/ide/core.c | 30 +++++--- >> tests/ide-test.c | 174 ++++++++++++++++++++--------------------------- >> 2 files changed, 96 insertions(+), 108 deletions(-) >> > > Thanks, applied to my IDE tree: > > https://github.com/jnsnow/qemu/commits/ide > https://github.com/jnsnow/qemu.git
Happy end! Thanks a lot! Best regards, Alexander
