On 7/13/20 8:32 PM, Philippe Mathieu-Daudé wrote: > This series fixes CVE-2020-13253 by only allowing SD card image > sizes power of 2, and not switching to SEND_DATA state when the > address is invalid (out of range). > > Patches missing review: > 3: boot_linux: Tag tests using a SD card with 'device:sd' > 4: boot_linux: Expand SD card image to power of 2 > 7: hw/sd/sdcard: Do not allow invalid SD card sizes > > Since v1: > Fixes issue due to image not power of 2: > https://www.mail-archive.com/qemu-devel@nongnu.org/msg720737.html > > Supersedes: <20200707132116.26207-1-f4...@amsat.org> > > Niek Linnenbank (1): > docs/orangepi: Add instructions for resizing SD image to power of two > > Philippe Mathieu-Daudé (8): > MAINTAINERS: Cc qemu-block mailing list > tests/acceptance/boot_linux: Tag tests using a SD card with > 'device:sd' > tests/acceptance/boot_linux: Expand SD card image to power of 2 > hw/sd/sdcard: Restrict Class 6 commands to SCSD cards > hw/sd/sdcard: Simplify realize() a bit > hw/sd/sdcard: Do not allow invalid SD card sizes > hw/sd/sdcard: Update coding style to make checkpatch.pl happy > hw/sd/sdcard: Do not switch to ReceivingData if address is invalid > > docs/system/arm/orangepi.rst | 16 ++++- > hw/sd/sd.c | 86 ++++++++++++++++++++------ > MAINTAINERS | 1 + > tests/acceptance/boot_linux_console.py | 30 ++++++--- > 4 files changed, 102 insertions(+), 31 deletions(-)
Thanks for the reviews. I addressed Cleber minor comment and will send a pull request shortly. Phil.