scsi-disk: handle invalid cdb length

Message ID	20190429235109.20307-1-brogers@suse.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: Bruce Rogers <brogers@suse.com> To: qemu-devel@nongnu.org Date: Mon, 29 Apr 2019 17:51:09 -0600 Message-Id: <20190429235109.20307-1-brogers@suse.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Qemu-devel] [PATCH] scsi-disk: handle invalid cdb length Precedence: list Cc: fam@euphon.net, pbonzini@redhat.com, Bruce Rogers <brogers@suse.com> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	scsi-disk: handle invalid cdb length \| expand scsi-disk: handle invalid cdb length

Message ID

20190429235109.20307-1-brogers@suse.com (mailing list archive)

State

New, archived

Headers

From: Bruce Rogers <brogers@suse.com>
To: qemu-devel@nongnu.org
Date: Mon, 29 Apr 2019 17:51:09 -0600
Message-Id: <20190429235109.20307-1-brogers@suse.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [Qemu-devel] [PATCH] scsi-disk: handle invalid cdb length
Precedence: list
Cc: fam@euphon.net, pbonzini@redhat.com, Bruce Rogers <brogers@suse.com>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

scsi-disk: handle invalid cdb length | expand

Commit Message

Bruce Rogers April 29, 2019, 11:51 p.m. UTC

While investigating link-time-optimization, the compiler flagged this
case of not handling the error return from scsi_cdb_length(). Handle
this error case with a trace report.

Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/scsi/scsi-disk.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Eric Blake April 30, 2019, 1:37 a.m. UTC | #1

On 4/29/19 6:51 PM, Bruce Rogers wrote:
> While investigating link-time-optimization, the compiler flagged this
> case of not handling the error return from scsi_cdb_length(). Handle
> this error case with a trace report.
> 
> Signed-off-by: Bruce Rogers <brogers@suse.com>
> ---
>  hw/scsi/scsi-disk.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
> index e7e865ab3b..dc13c892ef 100644
> --- a/hw/scsi/scsi-disk.c
> +++ b/hw/scsi/scsi-disk.c
> @@ -2520,6 +2520,10 @@ static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
>      int len = scsi_cdb_length(buf);
>      char *line_buffer, *p;
>  
> +    if (len < 0) {
> +        trace_scsi_disk_new_request(lun, tag, "bad cdb length!");

I'd drop the !. We aren't shouting at the trace clients, after all :)

Bruce Rogers April 30, 2019, 2:04 a.m. UTC | #2

>>> On 4/29/2019 at 7:37 PM, Eric Blake <eblake@redhat.com> wrote:
> On 4/29/19 6:51 PM, Bruce Rogers wrote:
>> While investigating link-time-optimization, the compiler flagged this
>> case of not handling the error return from scsi_cdb_length(). Handle
>> this error case with a trace report.
>> 
>> Signed-off-by: Bruce Rogers <brogers@suse.com>
>> ---
>>  hw/scsi/scsi-disk.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>> 
>> diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
>> index e7e865ab3b..dc13c892ef 100644
>> --- a/hw/scsi/scsi-disk.c
>> +++ b/hw/scsi/scsi-disk.c
>> @@ -2520,6 +2520,10 @@ static void scsi_disk_new_request_dump(uint32_t lun, 
> uint32_t tag, uint8_t *buf)
>>      int len = scsi_cdb_length(buf);
>>      char *line_buffer, *p;
>>  
>> +    if (len < 0) {
>> +        trace_scsi_disk_new_request(lun, tag, "bad cdb length!");
> 
> I'd drop the !. We aren't shouting at the trace clients, after all :)

Got it.

Bruce

no-reply@patchew.org May 1, 2019, 4:47 p.m. UTC | #3

Patchew URL: https://patchew.org/QEMU/20190429235109.20307-1-brogers@suse.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===




The full log is available at
http://patchew.org/logs/20190429235109.20307-1-brogers@suse.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e7e865ab3b..dc13c892ef 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2520,6 +2520,10 @@  static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
     int len = scsi_cdb_length(buf);
     char *line_buffer, *p;
 
+    if (len < 0) {
+        trace_scsi_disk_new_request(lun, tag, "bad cdb length!");
+        return;
+    }
     line_buffer = g_malloc(len * 5 + 1);
 
     for (i = 0, p = line_buffer; i < len; i++) {