Re: [Qemu-devel] [PATCH v4] scsi: esp: check length before dma read

2016-06-17 Thread Paolo Bonzini
On 17/06/2016 10:16, P J P wrote: > +-- On Fri, 17 Jun 2016, Amit Shah wrote --+ > | This was flagged as an incompatibility in the vmstate by a nightly run > | of the vmstate checker: > | > | Section "esp" Description "esp" Field "cmdbuf" size mismatch: 16 , 32 > | Section "dc390" Description

Re: [Qemu-devel] [PATCH v4] scsi: esp: check length before dma read

2016-06-17 Thread Paolo Bonzini
On 17/06/2016 06:19, Amit Shah wrote: > Hi, > > On (Wed) 15 Jun 2016 [23:06:19], P J P wrote: >> From: Prasad J Pandit >> >> While doing DMA read into ESP command buffer 's->cmdbuf', it could >> write past the 's->cmdbuf' area, if it was partially filled; >> ie.

Re: [Qemu-devel] [PATCH v4] scsi: esp: check length before dma read

2016-06-17 Thread P J P
+-- On Fri, 17 Jun 2016, Amit Shah wrote --+ | This was flagged as an incompatibility in the vmstate by a nightly run | of the vmstate checker: | | Section "esp" Description "esp" Field "cmdbuf" size mismatch: 16 , 32 | Section "dc390" Description "esp" Field "cmdbuf" size mismatch: 16 , 32 |

Re: [Qemu-devel] [PATCH v4] scsi: esp: check length before dma read

2016-06-16 Thread Amit Shah
Hi, On (Wed) 15 Jun 2016 [23:06:19], P J P wrote: > From: Prasad J Pandit > > While doing DMA read into ESP command buffer 's->cmdbuf', it could > write past the 's->cmdbuf' area, if it was partially filled; > ie. 's->cmdlen' wasn't set at the start of the buffer. >

[Qemu-devel] [PATCH v4] scsi: esp: check length before dma read

2016-06-15 Thread P J P
From: Prasad J Pandit While doing DMA read into ESP command buffer 's->cmdbuf', it could write past the 's->cmdbuf' area, if it was partially filled; ie. 's->cmdlen' wasn't set at the start of the buffer. Check 'len' to avoid OOB access. Also increase the command buffer