[nvmewin] FW: NVME fuzz test fixes

Robles, Raymond C raymond.c.robles at intel.com
Mon Sep 21 14:03:46 PDT 2015


Intel approves this patch.

Thanks,
Ray

From: Iuliu Rus [mailto:iuliur at google.com]
Sent: Tuesday, September 15, 2015 10:08 AM
To: Thomas Freeman
Cc: Robles, Raymond C; nvmewin at lists.openfabrics.org; uliur at google.com
Subject: Re: [nvmewin] FW: NVME fuzz test fixes

Thanks for the great feedback. Fixed all and attached the new zip (same password). I also reran the tests, but for 3) the Microsoft fuzz test seems to have no coverage. It keeps asking for sense data with aloc length of 0 (like 100 times). I artificially tested this by modifying the allocLength variable in kernel debugger.



On Mon, Sep 14, 2015 at 1:41 PM, Thomas Freeman <thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>> wrote:
Iuliu,
The changes look good.
I have just a few comments.

1.        nvmeSnti.C/Line 1157 – memset(pResponseBuffer, 0, allocLength);  This was added to the comment, but it’s not clear why. I suspect it is an accidental addition. If so, this should be removed.

2.       nvmeSnti.c/Line 1519 – Since the Lun value is actually written to the second byte of the entry, the comparison should be:

if (lunIdDataOffset + SINGLE_LVL_LUN_OFFSET >= allocLength)



As an example, test with a buffer size of 0x11. Without this change, the driver will actually write the byte after the allocated buffer.

3.       nvmeSnti.c/Line 2652 & 2669. Your change handles the case where there is no data buffer. But, it does not handle the case where the buffer is smaller than sizeof(DESCRIPTOR_FORMAT_SENSE_DATA). With a small buffer allocation, these writes would access beyond the allocated buffer

                                    pSenseData->ErrorCode                    = FIXED_SENSE_DATA;

            pSenseData->SenseKey                     = SCSI_SENSE_NO_SENSE;

            pSenseData->AdditionalSenseLength        = FIXED_SENSE_DATA_ADD_LENGTH;

            pSenseData->AdditionalSenseCode          = SCSI_ADSENSE_NO_SENSE;

            pSenseData->AdditionalSenseCodeQualifier = 0;


Regards,
Tom Freeman
Software Engineer, Device Manager and Driver Development
HGST, a Western Digital company
thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>
507-322-2311<tel:507-322-2311>

[HGST_Logo_email]
3605 Hwy 52 N
Rochester, MN 55901
www.hgst.com<https://hgst.jiveon.com/external-link.jspa?url=http://www.hgst.com/>

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org>] On Behalf Of Robles, Raymond C
Sent: Friday, September 11, 2015 3:29 PM
To: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
Subject: [nvmewin] FW: NVME fuzz test fixes

All,

Here is the original patch from Google (Iuliu) for the WHCK fuzz tests.

Thanks,
Ray

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org] On Behalf Of Iuliu Rus
Sent: Monday, August 03, 2015 1:37 PM
To: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
Subject: [nvmewin] NVME fuzz test fixes

Hello,
I have attached the fixes we (Google) did for the several crashes / corruptions exposed by the Windows HCK fuzztest.exe.
We have tested this on qemu/ Server 2012 R2.
The password on the zip is "nvme" :)
HGST E-mail Confidentiality Notice & Disclaimer:
This e-mail and any files transmitted with it may contain confidential or legally privileged information of HGST and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited.  If you have received this e-mail in error, please notify the sender immediately and delete the e-mail in its entirety from your system.

_______________________________________________
nvmewin mailing list
nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
http://lists.openfabrics.org/mailman/listinfo/nvmewin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150921/b71646b2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4274 bytes
Desc: image001.png
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150921/b71646b2/attachment.png>


More information about the nvmewin mailing list