[v1] hw/sd/sdhci: Fix DMA Transfer Block Size field width

[PATCH 0/3] hw/sd/sdhci: Fix DMA Transfer Block Size field width

Philippe Mathieu-Daudé posted 3 patches 3 years, 8 months ago

Diff against v2
Download series mbox

Test FreeBSD failed

Test docker-mingw@fedora passed

Test checkpatch passed

Test docker-quick@centos7 passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200901140127.111454-1-f4bug@amsat.org

There is a newer version of this series

hw/sd/sdhci.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

Expand all Fold all

[PATCH 0/3] hw/sd/sdhci: Fix DMA Transfer Block Size field width

Posted by Philippe Mathieu-Daudé 3 years, 8 months ago

Fix the SDHCI issue reported last week by Alexander:
https://bugs.launchpad.net/qemu/+bug/1892960

The field is 12-bit (4KiB) but the guest can set
up to 16-bit (64KiB), leading to OOB access.

Philippe Mathieu-Daudé (3):
  hw/sd/sdhci: Fix qemu_log_mask() format string
  hw/sd/sdhci: Document the datasheet used
  hw/sd/sdhci: Fix DMA Transfer Block Size field

 hw/sd/sdhci.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

-- 
2.26.2