[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.7 31/53] hw/sd/sdhci: Reset @data_count index on invalid ADM
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.7 31/53] hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers |
Date: |
Fri, 6 Sep 2024 09:54:01 +0300 |
From: Philippe Mathieu-Daudé <philmd@linaro.org>
We neglected to clear the @data_count index on ADMA error,
allowing to trigger assertion in sdhci_read_dataport() or
sdhci_write_dataport().
Cc: qemu-stable@nongnu.org
Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2455
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240730092138.32443-4-philmd@linaro.org>
(cherry picked from commit ed5a159c3de48a581f46de4c8c02b4b295e6c52d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index e95ea34895..8bfdcf6854 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -846,6 +846,7 @@ static void sdhci_do_adma(SDHCIState *s)
}
}
if (res != MEMTX_OK) {
+ s->data_count = 0;
if (s->errintstsen & SDHC_EISEN_ADMAERR) {
trace_sdhci_error("Set ADMA error flag");
s->errintsts |= SDHC_EIS_ADMAERR;
--
2.39.2
- [Stable-8.2.7 19/53] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, (continued)
- [Stable-8.2.7 19/53] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 20/53] target/arm: Don't assert for 128-bit tile accesses when SVL is 128, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 21/53] target/arm: Fix UMOPA/UMOPS of 16-bit values, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 22/53] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl(), Michael Tokarev, 2024/09/06
- [Stable-8.2.7 23/53] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 24/53] docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 25/53] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb(), Michael Tokarev, 2024/09/06
- [Stable-8.2.7 26/53] hw/arm/mps2-tz.c: fix RX/TX interrupts order, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 28/53] virtio-net: Ensure queue index fits with RSS, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 29/53] virtio-net: Fix network stall at the host side waiting for kick, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 31/53] hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers,
Michael Tokarev <=
- [Stable-8.2.7 27/53] target/arm: Handle denormals correctly for FMOPA (widening), Michael Tokarev, 2024/09/06
- [Stable-8.2.7 32/53] vvfat: Fix bug in writing to middle of file, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 34/53] vvfat: Fix wrong checks for cluster mappings invariant, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 30/53] target/i386: Fix VSIB decode, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 33/53] vvfat: Fix usage of `info.file.offset`, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 37/53] nbd/server: Plumb in new args to nbd_client_add(), Michael Tokarev, 2024/09/06
- [Stable-8.2.7 36/53] iotests: Add `vvfat` tests, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 38/53] nbd/server: CVE-2024-7409: Cap default max-connections to 100, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 35/53] vvfat: Fix reading files with non-continuous clusters, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 44/53] target/i386: Do not apply REX to MMX operands, Michael Tokarev, 2024/09/06