1. Patchew
  2. QEMU
  3. View series

[PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

Philippe Mathieu-Daudé posted 3 patches 3 weeks, 3 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20240408083605.55238-1-philmd@linaro.org
Maintainers: Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>
There is a newer version of this series
hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
1 file changed, 34 insertions(+), 16 deletions(-)
[PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Posted by Philippe Mathieu-Daudé 3 weeks, 3 days ago 
Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446

Philippe Mathieu-Daudé (3):
  hw/block/nand: Factor nand_load_iolen() method out
  hw/block/nand: Have blk_load() return boolean indicating success
  hw/block/nand: Fix out-of-bound access in NAND block buffer

 hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 34 insertions(+), 16 deletions(-)

-- 
2.41.0
Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Posted by Kevin Wolf 3 weeks, 2 days ago 
Am 08.04.2024 um 10:36 hat Philippe Mathieu-Daudé geschrieben:
> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446
> 
> Philippe Mathieu-Daudé (3):
>   hw/block/nand: Factor nand_load_iolen() method out
>   hw/block/nand: Have blk_load() return boolean indicating success
>   hw/block/nand: Fix out-of-bound access in NAND block buffer

As we're short on time for 9.0:

Reviewed-by: Kevin Wolf <kwolf@redhat.com>

But it feels to me like this device could use some more cleanup to make
the code more robust.

Kevin
Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Posted by Mauro Matteo Cascella 3 weeks, 3 days ago 
On Mon, Apr 8, 2024 at 10:36 AM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:
>
> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446

Does hw/block/nand meet the security requirements for CVE assignment?

=> https://www.qemu.org/docs/master/system/security.html

> Philippe Mathieu-Daudé (3):
>   hw/block/nand: Factor nand_load_iolen() method out
>   hw/block/nand: Have blk_load() return boolean indicating success
>   hw/block/nand: Fix out-of-bound access in NAND block buffer
>
>  hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
>  1 file changed, 34 insertions(+), 16 deletions(-)
>
> --
> 2.41.0
>

-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0
Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Posted by Philippe Mathieu-Daudé 3 weeks, 2 days ago 
On 8/4/24 17:45, Mauro Matteo Cascella wrote:
> On Mon, Apr 8, 2024 at 10:36 AM Philippe Mathieu-Daudé
> <philmd@linaro.org> wrote:
>>
>> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446
> 
> Does hw/block/nand meet the security requirements for CVE assignment?
> 
> => https://www.qemu.org/docs/master/system/security.html

I don't think this device model is used in virtualization,
so I don't think so. (Cc'ing qemu-arm@ in case).
Thanks!

> 
>> Philippe Mathieu-Daudé (3):
>>    hw/block/nand: Factor nand_load_iolen() method out
>>    hw/block/nand: Have blk_load() return boolean indicating success
>>    hw/block/nand: Fix out-of-bound access in NAND block buffer
>>
>>   hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
>>   1 file changed, 34 insertions(+), 16 deletions(-)
>>
>> --
>> 2.41.0
>>
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.