hw/scsi/lsi53c895a: add missing decrement of reentrancy counter

When the maximum count of SCRIPTS instructions is reached, the code stops execution and returns, but fails to decrement the reentrancy counter. This effectively renders the SCSI controller unusable because on next entry the reentrancy counter is still above the limit. This bug was seen on HP-UX 10.20 which seems to trigger SCRIPTS loops. Fixes: b987718bbb ("hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)") Signed-off-by: Sven Schnelle <svens@stackframe.org> Message-ID: <20240128202214.2644768-1-svens@stackframe.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Thomas Huth <thuth@redhat.com> (cherry picked from commit 8b09b7fe47082c69295a0fc0cc01b041b6385025) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
author: Sven Schnelle <svens@stackframe.org> 2024-01-28 21:22:14 +0100
committer: Michael Tokarev <mjt@tls.msk.ru> 2024-03-13 23:09:00 +0300
commit: 275436de62f0a8a346989926ed719a1600d37f4a (patch)
tree: 9b13e2ac4ea18f6bb100392b77b670bc59e91f27
parent: c57a6fca394b595405347e099d6c76bff8b493c0 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 905f5ef237..c7a3964b5f 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -1167,6 +1167,7 @@ again:
         lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
         lsi_disconnect(s);
         trace_lsi_execute_script_stop();
+        reentrancy_level--;
         return;
     }
     insn = read_dword(s, s->dsp);
author	Sven Schnelle <svens@stackframe.org>	2024-01-28 21:22:14 +0100
committer	Michael Tokarev <mjt@tls.msk.ru>	2024-03-13 23:09:00 +0300
commit	275436de62f0a8a346989926ed719a1600d37f4a (patch)
tree	9b13e2ac4ea18f6bb100392b77b670bc59e91f27
parent	c57a6fca394b595405347e099d6c76bff8b493c0 (diff)