Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command ti

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command ti

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out
Date:	Thu, 18 Feb 2021 17:46:52 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0

On 2/18/21 5:25 PM, Philippe Mathieu-Daudé wrote:
> On 2/16/21 4:46 AM, Bin Meng wrote:
>> At the end of sdhci_send_command(), it starts a data transfer if the
>> command register indicates data is associated. But the data transfer
>> should only be initiated when the command execution has succeeded.
>>
>> With this fix, the following reproducer:
>>
>> outl 0xcf8 0x80001810
>> outl 0xcfc 0xe1068000
>> outl 0xcf8 0x80001804
>> outw 0xcfc 0x7
>> write 0xe106802c 0x1 0x0f
>> write 0xe1068004 0xc 0x2801d10101fffffbff28a384
>> write 0xe106800c 0x1f 
>> 0x9dacbbcad9e8f7061524334251606f7e8d9cabbac9d8e7f60514233241505f
>> write 0xe1068003 0x28 
>> 0x80d000251480d000252280d000253080d000253e80d000254c80d000255a80d000256880d0002576
>> write 0xe1068003 0x1 0xfe
>>
>> cannot be reproduced with the following QEMU command line:
>>
>> $ qemu-system-x86_64 -nographic -M pc-q35-5.0 \
>>       -device sdhci-pci,sd-spec-version=3 \
>>       -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
>>       -device sd-card,drive=mydrive \
>>       -monitor none -serial none -qtest stdio
> 
> Can you directly add the reproducer in tests/qtest/fuzz-sdhci-test.c
> instead, similarly to tests/qtest/fuzz-test.c?

Hold on, Alexander will send a RFC series to have that conversion
done automatically.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/6] hw/sd: sdhci: Fixes to CVE-2020-17380, CVE-2020-25085, CVE-2021-3409, Bin Meng, 2021/02/15
- [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out, Bin Meng, 2021/02/15
  - Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out, Philippe Mathieu-Daudé, 2021/02/18
    - Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out, Philippe Mathieu-Daudé <=
    - Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out, Bin Meng, 2021/02/18
- [PATCH v2 2/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress, Bin Meng, 2021/02/15
  - Re: [PATCH v2 2/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress, Philippe Mathieu-Daudé, 2021/02/18
  - Re: [PATCH v2 2/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress, Philippe Mathieu-Daudé, 2021/02/18
    - Re: [PATCH v2 2/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress, Philippe Mathieu-Daudé, 2021/02/18
- [PATCH v2 3/6] hw/sd: sdhci: Correctly set the controller status for ADMA, Bin Meng, 2021/02/15
  - Re: [PATCH v2 3/6] hw/sd: sdhci: Correctly set the controller status for ADMA, Philippe Mathieu-Daudé, 2021/02/18
- [PATCH v2 4/6] hw/sd: sdhci: Simplify updating s->prnsts in sdhci_sdma_transfer_multi_blocks(), Bin Meng, 2021/02/15
  - Re: [PATCH v2 4/6] hw/sd: sdhci: Simplify updating s->prnsts in sdhci_sdma_transfer_multi_blocks(), Alexander Bulekov, 2021/02/17
  - Re: [PATCH v2 4/6] hw/sd: sdhci: Simplify updating s->prnsts in sdhci_sdma_transfer_multi_blocks(), Philippe Mathieu-Daudé, 2021/02/18

Prev by Date: Re: [PATCH v2 2/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress
Next by Date: Re: [PATCH v2 3/6] hw/sd: sdhci: Correctly set the controller status for ADMA
Previous by thread: Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out
Next by thread: Re: [PATCH v2 1/6] hw/sd: sdhci: Don't transfer any data when command time out
Index(es):
- Date
- Thread