[nvmewin] FW: NVME fuzz test fixes

Robles, Raymond C raymond.c.robles at intel.com
Tue Sep 22 17:40:46 PDT 2015


Thanks Alex!

From: nvmewin-bounces at lists.openfabrics.org [mailto:nvmewin-bounces at lists.openfabrics.org] On Behalf Of Alex Chang
Sent: Tuesday, September 22, 2015 2:28 PM
To: Thomas Freeman; Iuliu Rus
Cc: nvmewin at lists.openfabrics.org; uliur at google.com
Subject: Re: [nvmewin] FW: NVME fuzz test fixes

PMC approves the patch.

Thank you!
Alex

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org] On Behalf Of Thomas Freeman
Sent: Tuesday, September 22, 2015 1:02 PM
To: Iuliu Rus
Cc: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>; uliur at google.com<mailto:uliur at google.com>
Subject: Re: [nvmewin] FW: NVME fuzz test fixes


HGST approves these changes.

Tom Freeman
Software Engineer, Device Manager and Driver Development
HGST, a Western Digital company
thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>
507-322-2311

[HGST_Logo_email]
3605 Hwy 52 N
Rochester, MN 55901
www.hgst.com<https://hgst.jiveon.com/external-link.jspa?url=http://www.hgst.com/>

From: Iuliu Rus [mailto:iuliur at google.com]
Sent: Tuesday, September 15, 2015 12:08 PM
To: Thomas Freeman <thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>>
Cc: Robles, Raymond C <raymond.c.robles at intel.com<mailto:raymond.c.robles at intel.com>>; nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>; uliur at google.com<mailto:uliur at google.com>
Subject: Re: [nvmewin] FW: NVME fuzz test fixes

Thanks for the great feedback. Fixed all and attached the new zip (same password). I also reran the tests, but for 3) the Microsoft fuzz test seems to have no coverage. It keeps asking for sense data with aloc length of 0 (like 100 times). I artificially tested this by modifying the allocLength variable in kernel debugger.



On Mon, Sep 14, 2015 at 1:41 PM, Thomas Freeman <thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>> wrote:
Iuliu,
The changes look good.
I have just a few comments.

1.        nvmeSnti.C/Line 1157 – memset(pResponseBuffer, 0, allocLength);  This was added to the comment, but it’s not clear why. I suspect it is an accidental addition. If so, this should be removed.

2.       nvmeSnti.c/Line 1519 – Since the Lun value is actually written to the second byte of the entry, the comparison should be:

if (lunIdDataOffset + SINGLE_LVL_LUN_OFFSET >= allocLength)



As an example, test with a buffer size of 0x11. Without this change, the driver will actually write the byte after the allocated buffer.

3.       nvmeSnti.c/Line 2652 & 2669. Your change handles the case where there is no data buffer. But, it does not handle the case where the buffer is smaller than sizeof(DESCRIPTOR_FORMAT_SENSE_DATA). With a small buffer allocation, these writes would access beyond the allocated buffer

                                    pSenseData->ErrorCode                    = FIXED_SENSE_DATA;

            pSenseData->SenseKey                     = SCSI_SENSE_NO_SENSE;

            pSenseData->AdditionalSenseLength        = FIXED_SENSE_DATA_ADD_LENGTH;

            pSenseData->AdditionalSenseCode          = SCSI_ADSENSE_NO_SENSE;

            pSenseData->AdditionalSenseCodeQualifier = 0;


Regards,
Tom Freeman
Software Engineer, Device Manager and Driver Development
HGST, a Western Digital company
thomas.freeman at hgst.com<mailto:thomas.freeman at hgst.com>
507-322-2311<tel:507-322-2311>

[HGST_Logo_email]
3605 Hwy 52 N
Rochester, MN 55901
www.hgst.com<https://hgst.jiveon.com/external-link.jspa?url=http://www.hgst.com/>

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org>] On Behalf Of Robles, Raymond C
Sent: Friday, September 11, 2015 3:29 PM
To: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
Subject: [nvmewin] FW: NVME fuzz test fixes

All,

Here is the original patch from Google (Iuliu) for the WHCK fuzz tests.

Thanks,
Ray

From: nvmewin-bounces at lists.openfabrics.org<mailto:nvmewin-bounces at lists.openfabrics.org> [mailto:nvmewin-bounces at lists.openfabrics.org] On Behalf Of Iuliu Rus
Sent: Monday, August 03, 2015 1:37 PM
To: nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
Subject: [nvmewin] NVME fuzz test fixes

Hello,
I have attached the fixes we (Google) did for the several crashes / corruptions exposed by the Windows HCK fuzztest.exe.
We have tested this on qemu/ Server 2012 R2.
The password on the zip is "nvme" :)
HGST E-mail Confidentiality Notice & Disclaimer:
This e-mail and any files transmitted with it may contain confidential or legally privileged information of HGST and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited.  If you have received this e-mail in error, please notify the sender immediately and delete the e-mail in its entirety from your system.

_______________________________________________
nvmewin mailing list
nvmewin at lists.openfabrics.org<mailto:nvmewin at lists.openfabrics.org>
http://lists.openfabrics.org/mailman/listinfo/nvmewin

HGST E-mail Confidentiality Notice & Disclaimer:
This e-mail and any files transmitted with it may contain confidential or legally privileged information of HGST and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited.  If you have received this e-mail in error, please notify the sender immediately and delete the e-mail in its entirety from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150923/fede796b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4274 bytes
Desc: image001.png
URL: <http://lists.openfabrics.org/pipermail/nvmewin/attachments/20150923/fede796b/attachment.png>


More information about the nvmewin mailing list