<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Intel Clear";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Intel Clear";
color:#002060;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1963420932;
mso-list-type:hybrid;
mso-list-template-ids:-2116504712 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Iuliu,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The changes look good.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I have just a few comments.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> nvmeSnti.C/Line 1157 –</span>
<b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">memset(pResponseBuffer, 0, allocLength);</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> This was added to the comment, but it’s not clear
why. I suspect it is an accidental addition. If so, this should be removed.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">nvmeSnti.c/Line 1519 – Since the Lun value is actually written to the second byte of the entry, the comparison should be:<o:p></o:p></span></p>
<p class="MsoListParagraph"><b><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">if (lunIdDataOffset + SINGLE_LVL_LUN_OFFSET >= allocLength</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">)<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">As an example, test with a buffer size of 0x11. Without this change, the driver will actually write the byte after the allocated buffer.
<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">nvmeSnti.c/Line 2652 & 2669. Your change handles the case where there is no data buffer. But, it does not handle the case where the buffer is smaller
than sizeof(DESCRIPTOR_FORMAT_SENSE_DATA). With a small buffer allocation, these writes would access beyond the allocated buffer<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">pSenseData->ErrorCode = FIXED_SENSE_DATA;<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D"> pSenseData->SenseKey = SCSI_SENSE_NO_SENSE;<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D"> pSenseData->AdditionalSenseLength = FIXED_SENSE_DATA_ADD_LENGTH;<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D"> pSenseData->AdditionalSenseCode = SCSI_ADSENSE_NO_SENSE;<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D"> pSenseData->AdditionalSenseCodeQualifier = 0;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards,<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="line-height:90%"><b><span style="font-size:10.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#1F497D">Tom Freeman</span></b><b><span style="font-family:"Arial",sans-serif;color:#1F497D"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:90%"><b><span style="font-size:10.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#1F497D">Software Engineer, Device Manager and Driver Development</span></b><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><span style="font-size:10.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#1F497D">HGST, a Western Digital company</span><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><a href="mailto:thomas.freeman@hgst.com"><span style="font-size:10.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#0563C1">thomas.freeman@hgst.com</span></a><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><span style="font-size:10.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#1F497D">507-322-2311<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><span style="font-size:11.0pt;line-height:90%;font-family:"Calibri",sans-serif;color:#1F497D"><img border="0" width="172" height="56" id="Picture_x0020_1" src="cid:image001.png@01D0EEFD.F0DEE360" alt="HGST_Logo_email"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:90%">
<span style="font-size:8.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#1F497D">3605 Hwy 52 N
</span><span style="color:#1F497D"><br>
</span><span style="font-size:8.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#1F497D">Rochester, MN 55901</span><span style="color:#1F497D"><br>
</span><a href="https://hgst.jiveon.com/external-link.jspa?url=http://www.hgst.com/" target="_blank"><span style="font-size:8.0pt;line-height:90%;font-family:"Arial",sans-serif;color:#0563C1">www.hgst.com</span></a><span style="color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> nvmewin-bounces@lists.openfabrics.org [mailto:nvmewin-bounces@lists.openfabrics.org]
<b>On Behalf Of </b>Robles, Raymond C<br>
<b>Sent:</b> Friday, September 11, 2015 3:29 PM<br>
<b>To:</b> nvmewin@lists.openfabrics.org<br>
<b>Subject:</b> [nvmewin] FW: NVME fuzz test fixes<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060">All,
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060">Here is the original patch from Google (Iuliu) for the WHCK fuzz tests.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060">Ray<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"></a><span style="font-size:10.0pt;font-family:"Intel Clear";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
</span><a href="mailto:nvmewin-bounces@lists.openfabrics.org"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">nvmewin-bounces@lists.openfabrics.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> [</span><a href="mailto:nvmewin-bounces@lists.openfabrics.org"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">mailto:nvmewin-bounces@lists.openfabrics.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">]
<b>On Behalf Of </b>Iuliu Rus<br>
<b>Sent:</b> Monday, August 03, 2015 1:37 PM<br>
<b>To:</b> </span><a href="mailto:nvmewin@lists.openfabrics.org"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">nvmewin@lists.openfabrics.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
<b>Subject:</b> [nvmewin] NVME fuzz test fixes<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hello,<o:p></o:p></p>
<div>
<p class="MsoNormal">I have attached the fixes we (Google) did for the several crashes / corruptions exposed by the Windows HCK fuzztest.exe.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">We have tested this on qemu/ Server 2012 R2.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">The password on the zip is "nvme" :)<o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><strong>HGST E-mail
Confidentiality Notice & Disclaimer:</strong><br>This e-mail and any files transmitted with it may contain confidential
or legally privileged information of HGST and are intended solely for the use
of the individual or entity to which they are addressed. If you are not the
intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited. If you have received this e-mail in error,
please notify the sender immediately and delete the e-mail in its entirety from
your system.<o:p></o:p></span></p></body>
</html>