[nvmewin] FW: NVME fuzz test fixes

Uma Parepalli Uma.Parepalli at skhms.com
Mon Sep 14 17:12:32 PDT 2015


Just curious, do you see the same issues if you use the standard Windows inbox driver?
Thank you,
Uma

Uma Parepalli
uma.parepalli at skhms.com<mailto:uma.parepalli at skhms.com> Cell: 408 805 9260
SK Hynix Memory Solutions, 3103 N 1st St, San Jose, CA 95134



From: nvmewin-bounces at lists.openfabrics.org [mailto:nvmewin-bounces at lists.openfabrics.org] On Behalf Of Thomas Freeman
Sent: Monday, September 14, 2015 1:42 PM
To: Robles, Raymond C; nvmewin at lists.openfabrics.org; uliur at google.com
Subject: Re: [nvmewin] FW: NVME fuzz test fixes

Iuliu,
The changes look good.
I have just a few comments.

1.        nvmeSnti.C/Line 1157 – memset(pResponseBuffer, 0, allocLength);  This was added to the comment, but it’s not clear why. I suspect it is an accidental addition. If so, this should be removed.

2.       nvmeSnti.c/Line 1519 – Since the Lun value is actually written to the second byte of the entry, the comparison should be:

if (lunIdDataOffset + SINGLE_LVL_LUN_OFFSET >= allocLength)



As an example, test with a buffer size of 0x11. Without this change, the driver will actually write the byte after the allocated buffer.

3.       nvmeSnti.c/Line 2652 & 2669. Your change handles the case where there is no data buffer. But, it does not handle the case where the buffer is smaller than sizeof(DESCRIPTOR_FORMAT_SENSE_DATA). With a small buffer allocation, these writes would access beyond the allocated buffer

                                    pSenseData->ErrorCode                    = FIXED_SENSE_DATA;

            pSenseData->SenseKey                     = SCSI_SENSE_NO_SENSE;

            pSenseData->AdditionalSenseLength        = FIXED_SENSE_DATA_ADD_LENGTH;

            pSenseData->AdditionalSenseCode          = SCSI_ADSENSE_NO_SENSE;

            pSenseData->AdditionalSenseCodeQualifier = 0;


Regards,
Tom Freeman
Software Engineer, Device Manager and Driver Development
HGST, a Western Digital company
thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>
507-322-2311

[HGST_Logo_email]
3605 Hwy 52 N
Rochester, MN 55901
www.hgst.com<https://hgst.jiveon.com/external-link.jspa?url=http://www.hgst.com/>

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org]<mailto:[mailto:nvmewin-bounces at lists.openfabrics.org]> On Behalf Of Robles, Raymond C
Sent: Friday, September 11, 2015 3:29 PM
To: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
Subject: [nvmewin] FW: NVME fuzz test fixes

All,

Here is the original patch from Google (Iuliu) for the WHCK fuzz tests.

Thanks,
Ray

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org] On Behalf Of Iuliu Rus
Sent: Monday, August 03, 2015 1:37 PM
To: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
Subject: [nvmewin] NVME fuzz test fixes

Hello,
I have attached the fixes we (Google) did for the several crashes / corruptions exposed by the Windows HCK fuzztest.exe.
We have tested this on qemu/ Server 2012 R2.
The password on the zip is "nvme" :)
HGST E-mail Confidentiality Notice & Disclaimer:
This e-mail and any files transmitted with it may contain confidential or legally privileged information of HGST and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited.  If you have received this e-mail in error, please notify the sender immediately and delete the e-mail in its entirety from your system.
The information contained in this e-mail is considered confidential of SK hynix memory solutions Inc. and intended only for the persons addressed or copied in this e-mail. Any unauthorized use, dissemination of the information, or copying of this message is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150915/86f6bcb4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4274 bytes
Desc: image001.png
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150915/86f6bcb4/attachment.png>


More information about the nvmewin mailing list