[nvmewin] FW: NVME fuzz test fixes

Iuliu Rus iuliur at google.com
Tue Sep 15 10:07:55 PDT 2015


Thanks for the great feedback. Fixed all and attached the new zip (same
password). I also reran the tests, but for 3) the Microsoft fuzz test seems
to have no coverage. It keeps asking for sense data with aloc length of 0
(like 100 times). I artificially tested this by modifying the
allocLength variable
in kernel debugger.



On Mon, Sep 14, 2015 at 1:41 PM, Thomas Freeman <thomas.freeman at hgst.com>
wrote:

> Iuliu,
>
> The changes look good.
>
> I have just a few comments.
>
> 1.        nvmeSnti.C/Line 1157 – *memset(pResponseBuffer, 0,
> allocLength);*  This was added to the comment, but it’s not clear why. I
> suspect it is an accidental addition. If so, this should be removed.
>
> 2.       nvmeSnti.c/Line 1519 – Since the Lun value is actually written
> to the second byte of the entry, the comparison should be:
>
> *if (lunIdDataOffset + SINGLE_LVL_LUN_OFFSET >= allocLength*)
>
>
>
> As an example, test with a buffer size of 0x11. Without this change, the
> driver will actually write the byte after the allocated buffer.
>
> 3.       nvmeSnti.c/Line 2652 & 2669. Your change handles the case where
> there is no data buffer. But, it does not handle the case where the buffer
> is smaller than sizeof(DESCRIPTOR_FORMAT_SENSE_DATA). With a small buffer
> allocation, these writes would access beyond the allocated buffer
>
>                                     pSenseData->ErrorCode
> = FIXED_SENSE_DATA;
>
>             pSenseData->SenseKey                     = SCSI_SENSE_NO_SENSE;
>
>             pSenseData->AdditionalSenseLength        =
> FIXED_SENSE_DATA_ADD_LENGTH;
>
>             pSenseData->AdditionalSenseCode          =
> SCSI_ADSENSE_NO_SENSE;
>
>             pSenseData->AdditionalSenseCodeQualifier = 0;
>
>
>
>
>
> Regards,
>
> *Tom Freeman*
>
> *Software Engineer, Device Manager and Driver Development*
>
> HGST, a Western Digital company
>
> thomas.freeman at hgst.com
>
> 507-322-2311
>
>
>
> [image: HGST_Logo_email]
>
> 3605 Hwy 52 N
> Rochester, MN 55901
> www.hgst.com
> <https://hgst.jiveon.com/external-link.jspa?url=http://www.hgst.com/>
>
>
>
> *From:* nvmewin-bounces at lists.openfabrics.org [mailto:
> nvmewin-bounces at lists.openfabrics.org] *On Behalf Of *Robles, Raymond C
> *Sent:* Friday, September 11, 2015 3:29 PM
> *To:* nvmewin at lists.openfabrics.org
> *Subject:* [nvmewin] FW: NVME fuzz test fixes
>
>
>
> All,
>
>
>
> Here is the original patch from Google (Iuliu) for the WHCK fuzz tests.
>
>
>
> Thanks,
>
> Ray
>
>
>
> *From:* nvmewin-bounces at lists.openfabrics.org [
> mailto:nvmewin-bounces at lists.openfabrics.org
> <nvmewin-bounces at lists.openfabrics.org>] *On Behalf Of *Iuliu Rus
> *Sent:* Monday, August 03, 2015 1:37 PM
> *To:* nvmewin at lists.openfabrics.org
> *Subject:* [nvmewin] NVME fuzz test fixes
>
>
>
> Hello,
>
> I have attached the fixes we (Google) did for the several crashes /
> corruptions exposed by the Windows HCK fuzztest.exe.
>
> We have tested this on qemu/ Server 2012 R2.
>
> The password on the zip is "nvme" :)
>
> *HGST E-mail Confidentiality Notice & Disclaimer:*
> This e-mail and any files transmitted with it may contain confidential or
> legally privileged information of HGST and are intended solely for the use
> of the individual or entity to which they are addressed. If you are not the
> intended recipient, any disclosure, copying, distribution or any action
> taken or omitted to be taken in reliance on it, is prohibited.  If you have
> received this e-mail in error, please notify the sender immediately and
> delete the e-mail in its entirety from your system.
>
> _______________________________________________
> nvmewin mailing list
> nvmewin at lists.openfabrics.org
> http://lists.openfabrics.org/mailman/listinfo/nvmewin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150915/413bbfa2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4274 bytes
Desc: not available
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150915/413bbfa2/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fuzz_fixes.zip
Type: application/zip
Size: 2048158 bytes
Desc: not available
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150915/413bbfa2/attachment.zip>


More information about the nvmewin mailing list