cover more PRDT cases including one
that causes this particular qemu crash.
The test is developed according to the Programming Interface for
Bus Master IDE Controller (Revision 1.0 5/16/94).
Signed-off-by: Alexander Popov
---
tests/ide-test.c | 137 +
arger size than the IDE transfer size,
the Interrupt and Active bits in the Controller status register
are both set to 1.
Signed-off-by: Alexander Popov
---
hw/ide/core.c | 30 ++
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/hw/ide/core.c b/hw/
Hello Kevin,
Thanks for your review,
On 21.11.2019 18:03, Kevin Wolf wrote:
> Am 14.11.2019 um 18:25 hat Alexander Popov geschrieben:
>> The commit a718978ed58a from July 2015 introduced the assertion which
>> implies that the size of successful DMA transfers handled in ide_dma_cb
On 27.11.2019 01:09, Kevin Wolf wrote:
> Am 26.11.2019 um 22:24 hat Alexander Popov geschrieben:
>> Hello Kevin,
>>
>> Thanks for your review,
>>
>> On 21.11.2019 18:03, Kevin Wolf wrote:
>>> Am 14.11.2019 um 18:25 hat Alexander Popov geschrieben:
&
26 июля 2019 г. 2:25:03 GMT+02:00, John Snow пишет:
>Oh, this is fun.
...
>I can worry about a proper fix for 4.2+.
Hello John,
Thanks for your letter.
I double-checked the git history and mailing list, I'm still sure
that my fix for this assertion is correct.
You know this code very wel
On 23.12.2019 20:51, Alexander Popov wrote:
> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
> ide_dma_cb() introduced in the commit a718978ed58a in July 2015.
>
> This patch series
On 23.01.2020 02:14, John Snow wrote:
> On 12/23/19 12:51 PM, Alexander Popov wrote:
>> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
>> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
>> ide_dma_cb() introduced in the commit a718
On 27.07.2019 00:09, Alexander Popov wrote:
> On 26.07.2019 2:25:03 GMT+02:00, John Snow wrote:
>> Oh, this is fun.
> ...
>> I can worry about a proper fix for 4.2+.
>
> Hello John,
>
> Thanks for your letter.
>
> I double-checked the git history and mailing li
On 06.11.2019 15:08, Michael S. Tsirkin wrote:
> On Wed, Nov 06, 2019 at 01:17:51PM +0300, Alexander Popov wrote:
>> On 27.07.2019 00:09, Alexander Popov wrote:
>>> On 26.07.2019 2:25:03 GMT+02:00, John Snow wrote:
>>>> Oh, this is fun.
>>> ...
>
On 06.11.2019 15:05, Michael S. Tsirkin wrote:
> On Thu, Jul 25, 2019 at 08:25:03PM -0400, John Snow wrote:
>>
>>
>> On 7/5/19 10:07 AM, Alexander Popov wrote:
>>> This assertion was introduced in the commit a718978ed58a in July 2015.
>>> It implies th
e prepare_buf() handler. If it is not a multiple of 512 then end
the DMA transfer with an error.
That also fixes the I/O stall in guests after a DMA transfer request
for less than the size of a sector.
Signed-off-by: Alexander Popov
---
hw/ide/core.c | 11 +--
1 file changed, 5 insertion
On 07.11.2019 01:05, Alexander Popov wrote:
> On 06.11.2019 15:05, Michael S. Tsirkin wrote:
>> Do you want to cook up a patch like this then?
>
> Yes, I will take this task and return with a patch.
>
> Thanks!
I've just sent the v2 of the patch.
Looking forward to yo
On 07.01.2020 10:44, Kevin Wolf wrote:
> Am 23.12.2019 um 18:51 hat Alexander Popov geschrieben:
>> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
>> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
>> ide_dma_cb() introduced in th
Hello Kevin,
Thanks for your review!
On 19.12.2019 18:12, Kevin Wolf wrote:
> Am 16.12.2019 um 19:14 hat Alexander Popov geschrieben:
>> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
>> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion i
Hello Kevin!
Thanks again for your review.
On 19.12.2019 18:01, Kevin Wolf wrote:
> Am 16.12.2019 um 19:14 hat Alexander Popov geschrieben:
>> The commit a718978ed58a from July 2015 introduced the assertion which
>> implies that the size of successful DMA transfers handle
arger size than the IDE transfer size,
the Interrupt and Active bits in the Controller status register
are both set to 1.
Signed-off-by: Alexander Popov
---
hw/ide/core.c | 30 ++
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/hw/ide/core.c b/hw/
improved -- now it runs 8 seconds
instead of 3 minutes on my laptop.
Alexander Popov (2):
ide: Fix incorrect handling of some PRDTs in ide_dma_cb()
tests/ide-test: Create a single unit-test covering more PRDT cases
hw/ide/core.c| 30 +---
tests/ide-test.c | 174
cover more PRDT cases including one
that causes this particular qemu crash.
The test is developed according to the Programming Interface for
Bus Master IDE Controller (Revision 1.0 5/16/94).
Signed-off-by: Alexander Popov
---
tests/ide-test.c | 174 -
On 24.12.2019 03:20, John Snow wrote:
> On 12/19/19 10:01 AM, Kevin Wolf wrote:
>>
>> John, what do you think?
>>
>
> I've been out to lunch for a little while. There are some issues that I
> recall with IDE, but couldn't find the time to fix prior to 4.2.
Hello John.
> I'll review all the outst
On 23.12.2019 20:51, Alexander Popov wrote:
> Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
> using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
> ide_dma_cb() introduced in the commit a718978ed58a in July 2015.
>
> This patch series
On 24.12.2019 07:18, Alexander Popov wrote:
> On 24.12.2019 03:20, John Snow wrote:
>> On 12/19/19 10:01 AM, Kevin Wolf wrote:
>>>
>>> John, what do you think?
>>>
>>
>> I've been out to lunch for a little while. There are some issues that I
On 05.07.2019 17:07, Alexander Popov wrote:
> This assertion was introduced in the commit a718978ed58a in July 2015.
> It implies that the size of successful DMA transfers handled in
> ide_dma_cb() should be multiple of 512 (the size of a sector).
>
> But guest systems can initiat
On 05.07.2019 17:07, Alexander Popov wrote:
> This assertion was introduced in the commit a718978ed58a in July 2015.
> It implies that the size of successful DMA transfers handled in
> ide_dma_cb() should be multiple of 512 (the size of a sector).
>
> But guest systems can initiat
}
printf("[+] sg0 is opened\n");
printf("[.] qemu should break here:\n");
fflush(stdout);
ioctl(fd, SCSI_IOCTL_SEND_COMMAND, cmd);
printf("[-] qemu didn't break\n");
free(cmd);
return 1;
}
Signed-off-
24 matches
Mail list logo
