On 210624 1012, Philippe Mathieu-Daudé wrote: > On 6/24/21 4:50 AM, Alexander Bulekov wrote: > > On 210623 2000, Philippe Mathieu-Daudé wrote: > >> Hi Ubi-Wan Kenubi and Tom, > >> > >> In commit a9bcedd (SD card size has to be power of 2) we decided > >> to restrict SD card size to avoid security problems (CVE-2020-13253) > >> but this became not practical to some users. > >> > >> This RFC series tries to remove the limitation, keeping our > >> functional tests working. It is unfinished work because I had to > >> attend other topics, but sending it early as RFC to get feedback. > >> I'll keep working when I get more time, except if one if you can > >> help me. > >> > >> Alexander, could you generate a qtest reproducer with the fuzzer > >> corpus? See: https://bugs.launchpad.net/qemu/+bug/1878054 > > > > I think that bug was already fixed - the reproducer no logner causes a > > timeout on 6.0. Did I misunderstand something? > > That bug was fixed but now I'm changing the code and would like to feel > sure I'm not re-introducing the problem, so having the reproducer in the > tree would help.
Ok - I'll try to come up with one. Minimizing reproducers for timeouts is trickier than crashes :-) > > > I applied this series and ran the OSS-Fuzz corpus for the sdhci-v3 > > config. The only problem it found is this assert() (that exists without the > > patch anyways): > > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29225 > > Sigh. > > > Let me know if this is something you think I should report on gitlab.. > > Yes please :( Ok here it is: https://gitlab.com/qemu-project/qemu/-/issues/450 The fuzzer I left running for 24h also found another bug (looks like DMA reentrancy), which I thought was introduced by this patchset, since OSS-Fuzz had not reported it in months of fuzzing. However, as a sanity-check I tried it against qemu.git and it crashed - strange... Anyways here it is: https://gitlab.com/qemu-project/qemu/-/issues/451 -Alex > > > I'll leave the fuzzer running for another 24h or so, but otherwise I'm > > happy to leave a Tested-by, once there is a V1 series > > -Alex > > Thanks! > > Phil.