From patchwork Tue Jul 14 13:58:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 277888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F4E4C433E2 for ; Tue, 14 Jul 2020 13:59:53 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3A0F8224F9 for ; Tue, 14 Jul 2020 13:59:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YHHnRI+P" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3A0F8224F9 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amsat.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:49362 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jvLTM-0006Bn-HM for qemu-devel@archiver.kernel.org; Tue, 14 Jul 2020 09:59:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34990) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvLRx-00049P-Pt; Tue, 14 Jul 2020 09:58:25 -0400 Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c]:45838) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jvLRv-0003RD-WB; Tue, 14 Jul 2020 09:58:25 -0400 Received: by mail-wr1-x42c.google.com with SMTP id s10so21729482wrw.12; Tue, 14 Jul 2020 06:58:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5I6k15BzbxNW4yNX/t4jNCAcu35UtS7fJs1XxZN10R0=; b=YHHnRI+P0gG4nIRZRwsYF24p36aNG8+O+pJufhLsg9q8J1uIi+1qKVMwv/y458Hb6p QM/I/MJKoaBjuurGba2EboQGmvdsuqnBUXWv8IX2gYviBCS2gplU3+eEu2iUdDsYoPpK ++xMIW4eLuRPBLRtvKCEWVC93ysSGzIT4NqEpXRNqa2kubX5jgQhZq5RoWUd6HmIkn3r TfgIspd8IdW+kJk+arvrrSSb3IGA0d7FLlVItVQqsijjEHqzXquuS/+OAZz8+VvYQTLR /V5qSRKC2oWrdtWEwTXcH4JvA5Fl9fAJXxpxrzQBOahdM4EDdXqrXw+krKXcldJiQTNG Zf5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=5I6k15BzbxNW4yNX/t4jNCAcu35UtS7fJs1XxZN10R0=; b=JbI6o+xy38AIUcnzvgnqwZoIT/Uzk/FNxhKPDjPPybm4e03SquPDGOyOIx0b1oAGc/ cLx/LPTNwwAoS7pZfN1itwhiWhHZEUf/Gvdyjj66dEpAT+0aX1W3ZLe+HvW8RdZK8ud/ WUidyIzz1UGXpv12XXvNtUUep5NH/69r4wJhsvB3eqiwgMU8rGkdzZKCp0o6qej4BY2L zeMD7WNcV87+qi3g/Q6LpER2sJRMV//yHV75hKuOBh9xTLGUSzJqS7tzO/NNlWc1sx6H hfRUKhAxLHPUiV9IBWOfy4qkLH57xsdOJsRV4fbG5ekD5fO48EzK8kLEdX9hZYxfBkWy 69ng== X-Gm-Message-State: AOAM530AN3wRRIot/lsjvZtsUfTQByhMbrgkr7s+nkD41V4funW0Ehu5 2X6xOffW3ZL+SpcV5kpYoD10+R2AIk0= X-Google-Smtp-Source: ABdhPJz5bROAe8qtRtC4SXchBBTLcoHaGNu4uhXmxoaPlu/ZATMOPalWf2Y4KweluI+pIBEaF36gWA== X-Received: by 2002:adf:81c7:: with SMTP id 65mr5441231wra.47.1594735101989; Tue, 14 Jul 2020 06:58:21 -0700 (PDT) Received: from localhost.localdomain (138.red-83-57-170.dynamicip.rima-tde.net. [83.57.170.138]) by smtp.gmail.com with ESMTPSA id k14sm29145343wrn.76.2020.07.14.06.58.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jul 2020 06:58:21 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 4/9] tests/acceptance/boot_linux: Expand SD card image to power of 2 Date: Tue, 14 Jul 2020 15:58:09 +0200 Message-Id: <20200714135814.19910-5-f4bug@amsat.org> X-Mailer: git-send-email 2.21.3 In-Reply-To: <20200714135814.19910-1-f4bug@amsat.org> References: <20200714135814.19910-1-f4bug@amsat.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42c; envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wr1-x42c.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: 0 X-Spam_score: 0.0 X-Spam_bar: / X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=1, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-block@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Wainer dos Santos Moschetta , Prasad J Pandit , Alexander Bulekov , Alistair Francis , Cleber Rosa , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" In few commits we won't allow SD card images with invalid size (not aligned to a power of 2). Prepare the tests: add the pow2ceil() and image_pow2ceil_expand() methods and resize the images (expanding) of the tests using SD cards. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Reviewed-by: Cleber Rosa Message-Id: <20200713183209.26308-5-f4bug@amsat.org> --- tests/acceptance/boot_linux_console.py | 31 ++++++++++++++++++-------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/tests/acceptance/boot_linux_console.py b/tests/acceptance/boot_linux_console.py index b7e8858c2d..67c3b2f3d1 100644 --- a/tests/acceptance/boot_linux_console.py +++ b/tests/acceptance/boot_linux_console.py @@ -28,6 +28,22 @@ except CmdNotFoundError: P7ZIP_AVAILABLE = False +""" +Round up to next power of 2 +""" +def pow2ceil(x): + return 1 if x == 0 else 2**(x - 1).bit_length() + +""" +Expand file size to next power of 2 +""" +def image_pow2ceil_expand(path): + size = os.path.getsize(path) + size_aligned = pow2ceil(size) + if size != size_aligned: + with open(path, 'ab+') as fd: + fd.truncate(size_aligned) + class LinuxKernelTest(Test): KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 ' @@ -636,6 +652,7 @@ def test_arm_orangepi_sd(self): rootfs_path_xz = self.fetch_asset(rootfs_url, asset_hash=rootfs_hash) rootfs_path = os.path.join(self.workdir, 'rootfs.cpio') archive.lzma_uncompress(rootfs_path_xz, rootfs_path) + image_pow2ceil_expand(rootfs_path) self.vm.set_console() kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE + @@ -673,7 +690,7 @@ def test_arm_orangepi_bionic(self): :avocado: tags=device:sd """ - # This test download a 196MB compressed image and expand it to 932MB... + # This test download a 196MB compressed image and expand it to 1GB image_url = ('https://dl.armbian.com/orangepipc/archive/' 'Armbian_19.11.3_Orangepipc_bionic_current_5.3.9.7z') image_hash = '196a8ffb72b0123d92cea4a070894813d305c71e' @@ -681,6 +698,7 @@ def test_arm_orangepi_bionic(self): image_name = 'Armbian_19.11.3_Orangepipc_bionic_current_5.3.9.img' image_path = os.path.join(self.workdir, image_name) process.run("7z e -o%s %s" % (self.workdir, image_path_7z)) + image_pow2ceil_expand(image_path) self.vm.set_console() self.vm.add_args('-drive', 'file=' + image_path + ',if=sd,format=raw', @@ -714,7 +732,7 @@ def test_arm_orangepi_uboot_netbsd9(self): :avocado: tags=machine:orangepi-pc :avocado: tags=device:sd """ - # This test download a 304MB compressed image and expand it to 1.3GB... + # This test download a 304MB compressed image and expand it to 2GB deb_url = ('http://snapshot.debian.org/archive/debian/' '20200108T145233Z/pool/main/u/u-boot/' 'u-boot-sunxi_2020.01%2Bdfsg-1_armhf.deb') @@ -731,8 +749,9 @@ def test_arm_orangepi_uboot_netbsd9(self): image_hash = '2babb29d36d8360adcb39c09e31060945259917a' image_path_gz = self.fetch_asset(image_url, asset_hash=image_hash) image_path = os.path.join(self.workdir, 'armv7.img') - image_drive_args = 'if=sd,format=raw,snapshot=on,file=' + image_path archive.gzip_uncompress(image_path_gz, image_path) + image_pow2ceil_expand(image_path) + image_drive_args = 'if=sd,format=raw,snapshot=on,file=' + image_path # dd if=u-boot-sunxi-with-spl.bin of=armv7.img bs=1K seek=8 conv=notrunc with open(uboot_path, 'rb') as f_in: @@ -740,12 +759,6 @@ def test_arm_orangepi_uboot_netbsd9(self): f_out.seek(8 * 1024) shutil.copyfileobj(f_in, f_out) - # Extend image, to avoid that NetBSD thinks the partition - # inside the image is larger than device size itself - f_out.seek(0, 2) - f_out.seek(64 * 1024 * 1024, 1) - f_out.write(bytearray([0x00])) - self.vm.set_console() self.vm.add_args('-nic', 'user', '-drive', image_drive_args, From patchwork Tue Jul 14 13:58:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 277887 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7956C433E4 for ; Tue, 14 Jul 2020 14:01:51 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 874D222267 for ; Tue, 14 Jul 2020 14:01:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="vUkZjAiq" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 874D222267 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amsat.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:57640 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jvLVG-0001E4-Ml for qemu-devel@archiver.kernel.org; Tue, 14 Jul 2020 10:01:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35006) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvLRz-0004Ca-5z; Tue, 14 Jul 2020 09:58:27 -0400 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:46954) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jvLRx-0003RQ-IC; Tue, 14 Jul 2020 09:58:26 -0400 Received: by mail-wr1-x441.google.com with SMTP id r12so21717594wrj.13; Tue, 14 Jul 2020 06:58:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qdaethCtbmwxVVjeZXalK6EzGf52ykfDlbfqX2TJkVg=; b=vUkZjAiqe1MaENLAtCNcHc3UpXA9CN1HQSEkcVq38xEA9Nm1L76nO/n05QtcMHSWVm qPkhWXVVHL+U12n0S7gx16CMHCZEbVz19PNHZh1wOGI7Txbyr5dMAWZtqT8xEl0cwTtN c4BNqKw8J80gmoSyNDO+AB8sK4jpsrPRmebRgh8e6mEAUzVXTA9ADMOu7qD+MOlmYqmu 9/TEV7J06iE5Vt1xwagYnZDq5GI4fqpKf3+fTO9+4JqGQnaOlFqyZvH94hSp1CsD/sxG 7SZokAwJA32WSG9G7UiZt/JgAXzhBYHzZu9+OUH26x+REIrHOCi/62ZhBiIzaVEpwhHe 02HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=qdaethCtbmwxVVjeZXalK6EzGf52ykfDlbfqX2TJkVg=; b=aGXXFHGNiFCSY0z0hVFKIS4ZR4p8YbDb2oT0muCclxiwbxRdqpDKY3OaG9QTxPOOHQ 3ZSDyWH3eEmEIGXSBbwrAZsbgMoK/UuopK2oiBR/IEBpE4A48XsmTuV5xwE1PcGbZGbg yGbQS765CrUofsfxiCq5rS9G2dP5xIC/ub2IwdsYop06hZtHkFd4rg1tIHu98kZY0j/e D51Si1x9dRSi772dJcECNaH6QakQDwN+IxDQFVmBbIGRz7koBiLpvXZTRrV0CznQuUOR 3my2c4ZfdRduYOgCIqlavGqEl/SMmeOhQaaj0InlOH7MFXZbzKIli0b0kPyL2k5fZePE NUxg== X-Gm-Message-State: AOAM532P+CgvLrXUkfuULyUVEXRmLVfhMaku/e2sBytsU1HguHtuFRfm 8jc/UF7mozOWckkRTNypQ+L9uSkI+9g= X-Google-Smtp-Source: ABdhPJw0b9oM3ooLZseqYXZhs7Ci6R9aXgnT6N1WswBsMBgP8XfaYYLhpzRFVQC/GuNQVACNQQ7zKw== X-Received: by 2002:adf:f2c5:: with SMTP id d5mr5807558wrp.96.1594735103363; Tue, 14 Jul 2020 06:58:23 -0700 (PDT) Received: from localhost.localdomain (138.red-83-57-170.dynamicip.rima-tde.net. [83.57.170.138]) by smtp.gmail.com with ESMTPSA id k14sm29145343wrn.76.2020.07.14.06.58.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jul 2020 06:58:22 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 5/9] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards Date: Tue, 14 Jul 2020 15:58:10 +0200 Message-Id: <20200714135814.19910-6-f4bug@amsat.org> X-Mailer: git-send-email 2.21.3 In-Reply-To: <20200714135814.19910-1-f4bug@amsat.org> References: <20200714135814.19910-1-f4bug@amsat.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::441; envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wr1-x441.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: 0 X-Spam_score: 0.0 X-Spam_bar: / X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=1, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , qemu-block@nongnu.org, qemu-stable@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Alexander Bulekov , Alistair Francis , Prasad J Pandit , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Only SCSD cards support Class 6 (Block Oriented Write Protection) commands. "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" 4.3.14 Command Functional Difference in Card Capacity Types * Write Protected Group SDHC and SDXC do not support write-protected groups. Issuing CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-Id: <20200630133912.9428-7-f4bug@amsat.org> --- hw/sd/sd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 5137168d66..1cc16bfd31 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -920,6 +920,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) sd->multi_blk_cnt = 0; } + if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { + /* Only Standard Capacity cards support class 6 commands */ + return sd_illegal; + } + switch (req.cmd) { /* Basic commands (Class 0 and Class 1) */ case 0: /* CMD0: GO_IDLE_STATE */ From patchwork Tue Jul 14 13:58:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 277886 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 528CFC433E1 for ; Tue, 14 Jul 2020 14:06:30 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1B7F322507 for ; Tue, 14 Jul 2020 14:06:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eVa22wGQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1B7F322507 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amsat.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:45634 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jvLZl-0007t7-EY for qemu-devel@archiver.kernel.org; Tue, 14 Jul 2020 10:06:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35080) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvLS4-0004NI-92; Tue, 14 Jul 2020 09:58:32 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:38925) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jvLS2-0003SL-EG; Tue, 14 Jul 2020 09:58:31 -0400 Received: by mail-wr1-x442.google.com with SMTP id q5so21792917wru.6; Tue, 14 Jul 2020 06:58:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=W0+4/XZhJEEqb40F6krDQlUM+mPLO0uytUGRIoUNtDA=; b=eVa22wGQBf/WW2MmnELEUYTMHFNQc4y8BDPWZy4BYWYo/pIt5Az7jzucHzwnh7PQPL k1foFqhijf6Q7bUBxPRC8M+oUzn5nxTbd9yHLl+TuZ8l+BWJ4dDaQOKNRY8yvnrkvLan w3ZhW/ASxEVAGOdlSh88B08tjgpEBeGUlp9MIvEFMhkQplpEaaNgnTGlGkVc8DpN4GbM lenJaB+GsgTyMaF7oj6517z+ZiVUqm3Up9AhPj4mXvRExG03q3UDhn5sQYAkvtCJn2VM ep4FqYfU1ympEN/DaQ4BQaQ0mNKDIt0kOWrF/ip3DSDmfNaFkCc3YEoLOewYFWoXsLmG IAoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=W0+4/XZhJEEqb40F6krDQlUM+mPLO0uytUGRIoUNtDA=; b=aVW7SEVE98DHZGKPhYGPiDmK4rbQ8KdzVTyKl8y49j1ipe6Wllh5B57FiNooSEQd3g IvxDqwKS86iKDb7UfsebSiQvuz0wYAz1UOCfXVqj1Gj8ORqPjdG7tz9g90+PVYOTtIJM lci1RuXevaFgYUT0jnuzQ+A8QAY9UhJD6IUEX+Nf4HucAgiUyKA48ro0IdaIpgEdiLmI 0ZGGJbdH5yTqScRn/pbN2GLZR3uEXINTYZD3Vvb1YozRJslQsKfCnDGy5/9y50FKhqvT n9J3J6T1CA/5KYMQT53fogY7pIWNykjkvG+g5Zv2+wMoMUknTBvV/LvzQSvBy7miNSFH P0Lg== X-Gm-Message-State: AOAM533xgIAeHLmymABuS6AxjEF7ni9uzDec1T2PM4WyIGrz6uhWj5g3 qIkxsPQ7jIdavfHWKE4wBgtb5mHOUmw= X-Google-Smtp-Source: ABdhPJz6sPO3GCpRtcYHGIPZmCIo5qHlzepNW2lR+bjOR2BNEmvaeBjA5TrABDAUdoMSFyElvKtaVQ== X-Received: by 2002:adf:bc41:: with SMTP id a1mr5545739wrh.186.1594735107880; Tue, 14 Jul 2020 06:58:27 -0700 (PDT) Received: from localhost.localdomain (138.red-83-57-170.dynamicip.rima-tde.net. [83.57.170.138]) by smtp.gmail.com with ESMTPSA id k14sm29145343wrn.76.2020.07.14.06.58.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jul 2020 06:58:27 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 9/9] hw/sd/sdcard: Do not switch to ReceivingData if address is invalid Date: Tue, 14 Jul 2020 15:58:14 +0200 Message-Id: <20200714135814.19910-10-f4bug@amsat.org> X-Mailer: git-send-email 2.21.3 In-Reply-To: <20200714135814.19910-1-f4bug@amsat.org> References: <20200714135814.19910-1-f4bug@amsat.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::442; envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wr1-x442.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: 0 X-Spam_score: 0.0 X-Spam_bar: / X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=1, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , qemu-block@nongnu.org, qemu-stable@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Alexander Bulekov , Alistair Francis , Prasad J Pandit , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Only move the state machine to ReceivingData if there is no pending error. This avoids later OOB access while processing commands queued. "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" 4.3.3 Data Read Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR occurred and no data transfer is performed. 4.3.4 Data Write Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR occurred and no data transfer is performed. WP_VIOLATION errors are not modified: the error bit is set, we stay in receive-data state, wait for a stop command. All further data transfer is ignored. See the check on sd->card_status at the beginning of sd_read_data() and sd_write_data(). Fixes: CVE-2020-13253 Cc: qemu-stable@nongnu.org Reported-by: Alexander Bulekov Buglink: https://bugs.launchpad.net/qemu/+bug/1880822 Reviewed-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-Id: <20200630133912.9428-6-f4bug@amsat.org> --- hw/sd/sd.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index f4f76f8fd2..fad9cf1ee7 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -1171,13 +1171,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) case 17: /* CMD17: READ_SINGLE_BLOCK */ switch (sd->state) { case sd_transfer_state: + + if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; + return sd_r1; + } + sd->state = sd_sendingdata_state; sd->data_start = addr; sd->data_offset = 0; - - if (sd->data_start + sd->blk_len > sd->size) { - sd->card_status |= ADDRESS_ERROR; - } return sd_r1; default: @@ -1188,13 +1190,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) case 18: /* CMD18: READ_MULTIPLE_BLOCK */ switch (sd->state) { case sd_transfer_state: + + if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; + return sd_r1; + } + sd->state = sd_sendingdata_state; sd->data_start = addr; sd->data_offset = 0; - - if (sd->data_start + sd->blk_len > sd->size) { - sd->card_status |= ADDRESS_ERROR; - } return sd_r1; default: @@ -1234,14 +1238,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) /* Writing in SPI mode not implemented. */ if (sd->spi) break; + + if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; + return sd_r1; + } + sd->state = sd_receivingdata_state; sd->data_start = addr; sd->data_offset = 0; sd->blk_written = 0; - if (sd->data_start + sd->blk_len > sd->size) { - sd->card_status |= ADDRESS_ERROR; - } if (sd_wp_addr(sd, sd->data_start)) { sd->card_status |= WP_VIOLATION; } @@ -1261,14 +1268,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) /* Writing in SPI mode not implemented. */ if (sd->spi) break; + + if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; + return sd_r1; + } + sd->state = sd_receivingdata_state; sd->data_start = addr; sd->data_offset = 0; sd->blk_written = 0; - if (sd->data_start + sd->blk_len > sd->size) { - sd->card_status |= ADDRESS_ERROR; - } if (sd_wp_addr(sd, sd->data_start)) { sd->card_status |= WP_VIOLATION; }