Fix the SDHCI issue reported last week by Alexander:
https://bugs.launchpad.net/qemu/+bug/1892960

The field is 12-bit (4KiB) but the guest can set
up to 16-bit (64KiB), leading to OOB access.

since v1:
commited unstaged change in patch #3...

Philippe Mathieu-Daudé (3):
  hw/sd/sdhci: Fix qemu_log_mask() format string
  hw/sd/sdhci: Document the datasheet used
  hw/sd/sdhci: Fix DMA Transfer Block Size field

 hw/sd/sdhci.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

-- 
2.26.2

For this series:

Tested-by: Alexander Bulekov <alxndr@bu.edu>

On 200901 1604, Philippe Mathieu-Daudé wrote:
> Fix the SDHCI issue reported last week by Alexander:
> https://bugs.launchpad.net/qemu/+bug/1892960
> 
> The field is 12-bit (4KiB) but the guest can set
> up to 16-bit (64KiB), leading to OOB access.
> 
> since v1:
> commited unstaged change in patch #3...
> 
> Philippe Mathieu-Daudé (3):
>   hw/sd/sdhci: Fix qemu_log_mask() format string
>   hw/sd/sdhci: Document the datasheet used
>   hw/sd/sdhci: Fix DMA Transfer Block Size field
> 
>  hw/sd/sdhci.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> -- 
> 2.26.2
> 

On 9/1/20 4:04 PM, Philippe Mathieu-Daudé wrote:
> Fix the SDHCI issue reported last week by Alexander:
> https://bugs.launchpad.net/qemu/+bug/1892960
> 
> The field is 12-bit (4KiB) but the guest can set
> up to 16-bit (64KiB), leading to OOB access.
> 
> since v1:
> commited unstaged change in patch #3...
> 
> Philippe Mathieu-Daudé (3):
>   hw/sd/sdhci: Fix qemu_log_mask() format string
>   hw/sd/sdhci: Document the datasheet used
>   hw/sd/sdhci: Fix DMA Transfer Block Size field

Thanks, series applied to my sd-next tree.