qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] c60b29: hw/sd/sdcard: When card is in wrong s


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] c60b29: hw/sd/sdcard: When card is in wrong state, log whi...
Date: Tue, 13 Jul 2021 00:56:35 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: c60b292106132f72c1a5afbbd9c55dbc341d1620
      
https://github.com/qemu/qemu/commit/c60b292106132f72c1a5afbbd9c55dbc341d1620
  Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
  Date:   2021-07-12 (Mon, 12 Jul 2021)

  Changed paths:
    M hw/sd/sd.c

  Log Message:
  -----------
  hw/sd/sdcard: When card is in wrong state, log which state it is

We report the card is in an inconsistent state, but don't precise
in which state it is. Add this information, as it is useful when
debugging problems.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-2-f4bug@amsat.org>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>


  Commit: 66c152d7b45ae8bd2a021226bb7689424d872687
      
https://github.com/qemu/qemu/commit/66c152d7b45ae8bd2a021226bb7689424d872687
  Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
  Date:   2021-07-12 (Mon, 12 Jul 2021)

  Changed paths:
    M hw/sd/sd.c

  Log Message:
  -----------
  hw/sd/sdcard: Extract address_in_range() helper, log invalid accesses

Multiple commands have to check the address requested is valid.
Extract this code pattern as a new address_in_range() helper, and
log invalid accesses as guest errors.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-3-f4bug@amsat.org>


  Commit: 59b63d78be1f67c87b79331dcc825e485efd3bcf
      
https://github.com/qemu/qemu/commit/59b63d78be1f67c87b79331dcc825e485efd3bcf
  Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
  Date:   2021-07-12 (Mon, 12 Jul 2021)

  Changed paths:
    M MAINTAINERS
    M hw/sd/sd.c
    A tests/qtest/fuzz-sdcard-test.c
    M tests/qtest/meson.build

  Log Message:
  -----------
  hw/sd/sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)

OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers an assertion:

  qemu-fuzz-i386: hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t): 
Assertion `wpnum < sd->wpgrps_size' failed.
  ==11578== ERROR: libFuzzer: deadly signal
  #8 0x7ffff628e091 in __assert_fail
  #9 0x5555588f1a3c in sd_wpbits hw/sd/sd.c:824:9
  #10 0x5555588dd271 in sd_normal_command hw/sd/sd.c:1383:38
  #11 0x5555588d777c in sd_do_command hw/sd/sd.c
  #12 0x555558cb25a0 in sdbus_do_command hw/sd/core.c:100:16
  #13 0x555558e02a9a in sdhci_send_command hw/sd/sdhci.c:337:12
  #14 0x555558dffa46 in sdhci_write hw/sd/sdhci.c:1187:9
  #15 0x5555598b9d76 in memory_region_write_accessor softmmu/memory.c:489:5

Similarly to commit 8573378e62d ("hw/sd: fix out-of-bounds check
for multi block reads"), check the address range before sending
the status of the write protection bits.

Include the qtest reproducer provided by Alexander Bulekov:

  $ make check-qtest-i386
  ...
  Running test qtest-i386/fuzz-sdcard-test
  qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < 
sd->wpgrps_size' failed.

Reported-by: OSS-Fuzz (Issue 29225)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/450
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210702155900.148665-4-f4bug@amsat.org>


  Commit: eca73713358f7abb18f15c026ff4267b51746992
      
https://github.com/qemu/qemu/commit/eca73713358f7abb18f15c026ff4267b51746992
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-07-12 (Mon, 12 Jul 2021)

  Changed paths:
    M MAINTAINERS
    M hw/sd/sd.c
    A tests/qtest/fuzz-sdcard-test.c
    M tests/qtest/meson.build

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20210712' into staging

SD/MMC patches queue

- sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)

# gpg: Signature made Mon 12 Jul 2021 11:28:13 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" 
[full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/sdmmc-20210712:
  hw/sd/sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)
  hw/sd/sdcard: Extract address_in_range() helper, log invalid accesses
  hw/sd/sdcard: When card is in wrong state, log which state it is

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/57e28d34c0cb...eca73713358f



reply via email to

[Prev in Thread] Current Thread [Next in Thread]