[PATCH v6 00/15] hw/sd/sdcard: Fix CVE-2020-13253 & cleanups

Philippe Mathieu-Daudé posted 15 patches 1 week ago
Test FreeBSD passed
Test docker-quick@centos7 failed
Test checkpatch passed
Test docker-mingw@fedora passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200630100342.27625-1-f4bug@amsat.org
hw/sd/sd.c         | 173 +++++++++++++++++++++++++++------------------
MAINTAINERS        |   1 +
hw/sd/trace-events |   4 +-
3 files changed, 109 insertions(+), 69 deletions(-)

[PATCH v6 00/15] hw/sd/sdcard: Fix CVE-2020-13253 & cleanups

Posted by Philippe Mathieu-Daudé 1 week ago
Patches 5 & 6 fix CVE-2020-13253.
The rest are (accumulated) cleanups.

Since v5: Fix incorrect use of sd_addr_to_wpnum() in sd_reset()

Missing review:
[PATCH 01/15] MAINTAINERS: Cc qemu-block mailing list
[PATCH 03/15] hw/sd/sdcard: Move some definitions to use them
[PATCH 04/15] hw/sd/sdcard: Use the HWBLOCK_SIZE definition
[PATCH 05/15] hw/sd/sdcard: Do not switch to ReceivingData if
[PATCH 07/15] hw/sd/sdcard: Initialize constant values first
[PATCH 08/15] hw/sd/sdcard: Check address is in range
[PATCH 12/15] hw/sd/sdcard: Make iolen unsigned
[PATCH 13/15] hw/sd/sdcard: Correctly display the command name in

$ git backport-diff -u v5
Key:
[----] : patches are identical
[####] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/15:[----] [--] 'MAINTAINERS: Cc qemu-block mailing list'
002/15:[----] [--] 'hw/sd/sdcard: Update coding style to make checkpatch.pl happy'
003/15:[----] [--] 'hw/sd/sdcard: Move some definitions to use them earlier'
004/15:[----] [--] 'hw/sd/sdcard: Use the HWBLOCK_SIZE definition'
005/15:[----] [--] 'hw/sd/sdcard: Do not switch to ReceivingData if address is invalid'
006/15:[----] [--] 'hw/sd/sdcard: Restrict Class 6 commands to SCSD cards'
007/15:[----] [--] 'hw/sd/sdcard: Initialize constant values first'
008/15:[0004] [FC] 'hw/sd/sdcard: Check address is in range'
009/15:[----] [--] 'hw/sd/sdcard: Update the SDState documentation'
010/15:[----] [--] 'hw/sd/sdcard: Simplify cmd_valid_while_locked()'
011/15:[----] [--] 'hw/sd/sdcard: Constify sd_crc*()'s message argument'
012/15:[----] [--] 'hw/sd/sdcard: Make iolen unsigned'
013/15:[----] [--] 'hw/sd/sdcard: Correctly display the command name in trace events'
014/15:[----] [--] 'hw/sd/sdcard: Display offset in read/write_data() trace events'
015/15:[----] [--] 'hw/sd/sdcard: Simplify realize() a bit'

Philippe Mathieu-Daudé (15):
  MAINTAINERS: Cc qemu-block mailing list
  hw/sd/sdcard: Update coding style to make checkpatch.pl happy
  hw/sd/sdcard: Move some definitions to use them earlier
  hw/sd/sdcard: Use the HWBLOCK_SIZE definition
  hw/sd/sdcard: Do not switch to ReceivingData if address is invalid
  hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
  hw/sd/sdcard: Initialize constant values first
  hw/sd/sdcard: Check address is in range
  hw/sd/sdcard: Update the SDState documentation
  hw/sd/sdcard: Simplify cmd_valid_while_locked()
  hw/sd/sdcard: Constify sd_crc*()'s message argument
  hw/sd/sdcard: Make iolen unsigned
  hw/sd/sdcard: Correctly display the command name in trace events
  hw/sd/sdcard: Display offset in read/write_data() trace events
  hw/sd/sdcard: Simplify realize() a bit

 hw/sd/sd.c         | 173 +++++++++++++++++++++++++++------------------
 MAINTAINERS        |   1 +
 hw/sd/trace-events |   4 +-
 3 files changed, 109 insertions(+), 69 deletions(-)

-- 
2.21.3


Re: [PATCH v6 00/15] hw/sd/sdcard: Fix CVE-2020-13253 & cleanups

Posted by no-reply@patchew.org 1 week ago
Patchew URL: https://patchew.org/QEMU/20200630100342.27625-1-f4bug@amsat.org/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

qemu-system-aarch64: /tmp/qemu-test/src/hw/sd/sd.c:546: sd_addr_to_wpnum: Assertion `addr <= sd->size' failed.
Broken pipe
/tmp/qemu-test/src/tests/qtest/libqtest.c:175: kill_qemu() detected QEMU death from signal 6 (Aborted) (core dumped)
ERROR - too few tests run (expected 66, got 0)
make: *** [check-qtest-aarch64] Error 1
make: *** Waiting for unfinished jobs....
  TEST    iotest-qcow2: 080
  TEST    iotest-qcow2: 086
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=4350b95811964ca0b89e805d9baa18ad', '-u', '1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-hzd3yz_c/src/docker-src.2020-06-30-06.28.34.4417:/var/tmp/qemu:z,ro', 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=4350b95811964ca0b89e805d9baa18ad
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-hzd3yz_c/src'
make: *** [docker-run-test-quick@centos7] Error 2

real    15m5.621s
user    0m8.700s


The full log is available at
http://patchew.org/logs/20200630100342.27625-1-f4bug@amsat.org/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com