1. Patchew
  2. QEMU
  3. View series

[PATCH v2 0/9] hw/sd/sdcard: Fix CVE-2020-13253

Philippe Mathieu-Daudé posted 9 patches 3 years, 9 months ago
Test checkpatch passed
Test docker-mingw@fedora passed
Test FreeBSD passed
Test docker-quick@centos7 passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200713183209.26308-1-f4bug@amsat.org
docs/system/arm/orangepi.rst           | 16 ++++-
hw/sd/sd.c                             | 86 ++++++++++++++++++++------
MAINTAINERS                            |  1 +
tests/acceptance/boot_linux_console.py | 30 ++++++---
4 files changed, 102 insertions(+), 31 deletions(-)
[PATCH v2 0/9] hw/sd/sdcard: Fix CVE-2020-13253
Posted by Philippe Mathieu-Daudé 3 years, 9 months ago 
This series fixes CVE-2020-13253 by only allowing SD card image
sizes power of 2, and not switching to SEND_DATA state when the
address is invalid (out of range).

Patches missing review:
 3: boot_linux: Tag tests using a SD card with 'device:sd'
 4: boot_linux: Expand SD card image to power of 2
 7: hw/sd/sdcard: Do not allow invalid SD card sizes

Since v1:
Fixes issue due to image not power of 2:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg720737.html

Supersedes: <20200707132116.26207-1-f4bug@amsat.org>

Niek Linnenbank (1):
  docs/orangepi: Add instructions for resizing SD image to power of two

Philippe Mathieu-Daudé (8):
  MAINTAINERS: Cc qemu-block mailing list
  tests/acceptance/boot_linux: Tag tests using a SD card with
    'device:sd'
  tests/acceptance/boot_linux: Expand SD card image to power of 2
  hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
  hw/sd/sdcard: Simplify realize() a bit
  hw/sd/sdcard: Do not allow invalid SD card sizes
  hw/sd/sdcard: Update coding style to make checkpatch.pl happy
  hw/sd/sdcard: Do not switch to ReceivingData if address is invalid

 docs/system/arm/orangepi.rst           | 16 ++++-
 hw/sd/sd.c                             | 86 ++++++++++++++++++++------
 MAINTAINERS                            |  1 +
 tests/acceptance/boot_linux_console.py | 30 ++++++---
 4 files changed, 102 insertions(+), 31 deletions(-)

-- 
2.21.3
Re: [PATCH v2 0/9] hw/sd/sdcard: Fix CVE-2020-13253
Posted by Philippe Mathieu-Daudé 3 years, 9 months ago 
On 7/13/20 8:32 PM, Philippe Mathieu-Daudé wrote:
> This series fixes CVE-2020-13253 by only allowing SD card image
> sizes power of 2, and not switching to SEND_DATA state when the
> address is invalid (out of range).
> 
> Patches missing review:
>  3: boot_linux: Tag tests using a SD card with 'device:sd'
>  4: boot_linux: Expand SD card image to power of 2
>  7: hw/sd/sdcard: Do not allow invalid SD card sizes
> 
> Since v1:
> Fixes issue due to image not power of 2:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg720737.html
> 
> Supersedes: <20200707132116.26207-1-f4bug@amsat.org>
> 
> Niek Linnenbank (1):
>   docs/orangepi: Add instructions for resizing SD image to power of two
> 
> Philippe Mathieu-Daudé (8):
>   MAINTAINERS: Cc qemu-block mailing list
>   tests/acceptance/boot_linux: Tag tests using a SD card with
>     'device:sd'
>   tests/acceptance/boot_linux: Expand SD card image to power of 2
>   hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
>   hw/sd/sdcard: Simplify realize() a bit
>   hw/sd/sdcard: Do not allow invalid SD card sizes
>   hw/sd/sdcard: Update coding style to make checkpatch.pl happy
>   hw/sd/sdcard: Do not switch to ReceivingData if address is invalid
> 
>  docs/system/arm/orangepi.rst           | 16 ++++-
>  hw/sd/sd.c                             | 86 ++++++++++++++++++++------
>  MAINTAINERS                            |  1 +
>  tests/acceptance/boot_linux_console.py | 30 ++++++---
>  4 files changed, 102 insertions(+), 31 deletions(-)

Thanks for the reviews.

I addressed Cleber minor comment and will send a pull request shortly.

Phil.

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.