The first patch add a simple no-op qtest. Patches 2-6 change the device to only read from cmd->frame once, thus avoiding TOC-TOU bugs and possible vulnerabilities.
The last patch fixes a NULL pointer dereference reported by PJP. It has a dependency on patch 4, because megasas_abort_command now needs an extra cmd->dcmd_opcode != -1 check (and cmd->dcmd_opcode is added in patch 4). Paolo Paolo Bonzini (7): megasas: add qtest megasas: do not read sense length more than once from frame megasas: do not read iovec count more than once from frame megasas: do not read DCMD opcode more than once from frame megasas: do not read command more than once from frame megasas: do not read SCSI req parameters more than once from frame megasas: always store SCSIRequest* into MegasasCmd hw/scsi/megasas.c | 175 ++++++++++++++++++++++--------------------------- tests/Makefile.include | 3 + tests/megasas-test.c | 86 ++++++++++++++++++++++++ 3 files changed, 168 insertions(+), 96 deletions(-) create mode 100644 tests/megasas-test.c -- 2.13.0