[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer
From: |
P J P |
Subject: |
Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer |
Date: |
Tue, 1 Sep 2020 17:22:07 +0530 (IST) |
+-- On Sun, 30 Aug 2020, Alexander Bulekov wrote --+
| Here's a qtest reproducer for this one:
|
| cat << EOF |./i386-softmmu/qemu-system-i386 -nodefaults \
| -device sdhci-pci -device sd-card,drive=mydrive \
| -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
| -nographic -accel qtest -qtest stdio -nographic
| outl 0xcf8 0x80001001
| outl 0xcfc 0x7e6f25b7
| outl 0xcf8 0x80001012
| outl 0xcfc 0x842b1212
| writeb 0x12120005 0xff
| writeq 0x12120027 0x5e32b7120584125e
| write 0x0 0x1 0x21
| write 0x8 0x1 0x21
| write 0x10 0x1 0x21
| write 0x18 0x1 0x21
| write 0x20 0x1 0x21
| write 0x23 0x1 0x2b
| writeq 0x1212000c 0x123a0584052da3ab
| writeq 0x12120000 0xcfff000000000002
| writeq 0x12120027 0x5c04c1c9c100005e
| clock_step
| EOF
|
| Is it related to this https://bugs.launchpad.net/qemu/+bug/1892960 ?
Yes, it's same. This patch fixes it.
| > +++ b/hw/sd/sdhci.c
| > @@ -604,6 +604,9 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState
*s)
| > }
| > + if (s->data_count <= begin || s->data_count > s->buf_maxsz) {
| > + break;
| > + }
| > dma_memory_write(s->dma_as, s->sdmasysad,
| > &s->fifo_buffer[begin], s->data_count -
begin);
| ...
| > + if (s->data_count <= begin || s->data_count > s->buf_maxsz) {
| > + break;
| > + }
| > dma_memory_read(s->dma_as, s->sdmasysad,
| > &s->fifo_buffer[begin], s->data_count - begin);
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
- Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer,
P J P <=