[{"id":3684888,"web_url":"http://patchwork.ozlabs.org/comment/3684888/","msgid":"","list_archive_url":null,"date":"2026-04-30T18:14:23","subject":"Re: [PULL 25/51] riscv_htif: reject invalid signature ranges (end <=\n begin)","submitter":{"id":183,"url":"http://patchwork.ozlabs.org/api/people/183/","name":"Michael Tokarev","email":"mjt@tls.msk.ru"},"content":"On 29.04.2026 07:47, alistair23@gmail.com wrote:\n> From: Munkhbaatar Enkhbaatar \n> \n> Prevents huge allocations and crashes caused by malformed HTIF signature\n> addresses.\n> \n> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3205\n> Signed-off-by: Munkhbaatar Enkhbaatar \n> Reviewed-by: Alistair Francis \n> Message-ID: <20251209085349.61510-1-munkhuu0825@gmail.com>\n> [ Squashed with following commit to fix build failures\n> hw/char/riscv_htif: Fix format specifier for uint64_t\n> \n> Message-ID: <20260415134826.1742308-1-chao.liu.zevorn@gmail.com>\n> Signed-off-by: Chao Liu \n> ]\n> Tested-by: Tao Tang \n> Reviewed-by: Philippe Mathieu-Daudé \n> Signed-off-by: Chao Liu \n> Signed-off-by: Alistair Francis \n> ---\n> hw/char/riscv_htif.c | 6 ++++++\n> 1 file changed, 6 insertions(+)\n\nThis change, it looks like, should be part of stable qemu series.\nI'm picking it up, please let me know if I shouldn't.\n\nThanks,\n\n/mjt","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=tls.msk.ru header.i=@tls.msk.ru header.a=rsa-sha256\n header.s=202602 header.b=NrI6B2/N;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g62QV2NTsz1yHZ\n\tfor ; Fri, 01 May 2026 04:15:12 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wIVuW-0003SN-H4; Thu, 30 Apr 2026 14:14:54 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wIVuG-0003Ra-8l; Thu, 30 Apr 2026 14:14:37 -0400","from isrv.corpit.ru ([212.248.84.144])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wIVuD-0002EJ-0i; Thu, 30 Apr 2026 14:14:36 -0400","from [192.168.177.146] (mjtthink.wg.tls.msk.ru [192.168.177.146])\n by isrv.corpit.ru (Postfix) with ESMTP id 3F7101A56C4;\n Thu, 30 Apr 2026 21:12:53 +0300 (MSK)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;\n t=1777572774; bh=5ZV+JPPudW/i0sJsnF+Pi+GLLRiR8JCVUNl+0w4WBe4=;\n h=Date:Subject:To:Cc:References:From:In-Reply-To;\n b=NrI6B2/N13smtE9k6E+ctkZy8UqShTgSovtBLdG7vpmTcSGfXS6cDm1+UyQESuZgK\n op+L9/26JOQMaFl3ts/BOSvnVLkHur+ebULchxfjyNBES40AELA4Wc1RBPQdyEt4Uq\n N4nCW12pfSpjTKMdYe6feYW+E8O3Udz4H29oxBBGKEZehPM740VBLPFQM3Q37rgUNC\n +FxxQrHFfGf4+mMwFB4DWv+Xe17ZewCPp3Fs6yzdkoPhDZ9maigsg+jN1RPDJALXAS\n 4I0h13YiMwPB1cKDnn1gaI+eIHCFOEWz3UwPYB628szhc5EeSqE3hDN/21a92+4/0k\n 2BJIu/mH3d4pA==","Message-ID":"","Date":"Thu, 30 Apr 2026 21:14:23 +0300","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PULL 25/51] riscv_htif: reject invalid signature ranges (end <=\n begin)","To":"alistair23@gmail.com, palmer@dabbelt.com, liwei1518@gmail.com,\n daniel.barboza@oss.qualcomm.com, zhiwei_liu@linux.alibaba.com,\n chao.liu.zevorn@gmail.com, qemu-riscv@nongnu.org, qemu-devel@nongnu.org","Cc":"Munkhbaatar Enkhbaatar ,\n Alistair Francis ,\n Tao Tang , =?utf-8?q?Philippe_Mathieu-Daud?=\n\t=?utf-8?q?=C3=A9?= , qemu-stable ","References":"<20260429044752.4176397-1-alistair.francis@wdc.com>\n <20260429044752.4176397-26-alistair.francis@wdc.com>","Content-Language":"en-US, ru-RU","From":"Michael Tokarev ","Autocrypt":"addr=mjt@tls.msk.ru; keydata=\n xsFNBGYpLkcBEACsajkUXU2lngbm6RyZuCljo19q/XjZTMikctzMoJnBGVSmFV66kylUghxs\n HDQQF2YZJbnhSVt/mP6+V7gG6MKR5gYXYxLmypgu2lJdqelrtGf1XtMrobG6kuKFiD8OqV6l\n 2M5iyOZT3ydIFOUX0WB/B9Lz9WcQ6zYO9Ohm92tiWWORCqhAnwZy4ua/nMZW3RgO7bM6GZKt\n /SFIorK9rVqzv40D6KNnSyeWfqf4WN3EvEOozMfWrXbEqA7kvd6ShjJoe1FzCEQ71Fj9dQHL\n DZG+44QXvN650DqEtQ4RW9ozFk3Du9u8lbrXC5cqaCIO4dx4E3zxIddqf6xFfu4Oa5cotCM6\n /4dgxDoF9udvmC36qYta+zuDsnAXrYSrut5RBb0moez/AR8HD/cs/dS360CLMrl67dpmA+XD\n 7KKF+6g0RH46CD4cbj9c2egfoBOc+N5XYyr+6ejzeZNf40yjMZ9SFLrcWp4yQ7cpLsSz08lk\n a0RBKTpNWJdblviPQaLW5gair3tyJR+J1ER1UWRmKErm+Uq0VgLDBDQoFd9eqfJjCwuWZECp\n z2JUO+zBuGoKDzrDIZH2ErdcPx3oSlVC2VYOk6H4cH1CWr9Ri8i91ClivRAyVTbs67ha295B\n y4XnxIVaZU+jJzNgLvrXrkI1fTg4FJSQfN4W5BLCxT4sq8BDtwARAQABzSBNaWNoYWVsIFRv\n a2FyZXYgPG1qdEB0bHMubXNrLnJ1PsLBlAQTAQoAPhYhBJ2L4U4/Kp3XkZko8WGtPZjs3yyO\n BQJmKS5HAhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGGtPZjs3yyOZSAP\n /ibilK1gbHqEI2zR2J59Dc0tjtbByVmQ8IMh0SYU3j1jeUoku2UCgdnGKpwvLXtwZINgdl6Q\n cEaDBRX6drHLJFAi/sdgwVgdnDxaWVJO/ZIN/uJI0Tx7+FSAk8CWSa4IWUOzPNmtrDfb4z6v\n G36rppY8bTNKbX6nWFXuv2LXQr7g6+kKnbwv4QFpD+UFF1CrLm3byMq4ikdBXpZx030qBL61\n b7PrfXcBLao0357kWGH6C2Zu4wBnDUJwGi68pI5rzSRAFyAQsE89sjLdR1yFoBH8NiFnAQXP\n LA8Am9FMsC7D/bi/kwKTJdcZvzdGU1HG6tJvXLWC+nqGpJNBzRdDpjqtxNuL76vVd/JbsFMS\n JchLN+01fNQ5FHglvkd6md7vO+ULq+r9An5hMiDoRbYVUOBN8uiYNk+qKbdgSfbhsgPURqHi\n 1bXkgMeMasqWbGMe7iBW/YH2ePfZ6HuKLNQDCkiWZYPQZvyXHvQHjuJJ5+US81tkqM+Q6Snq\n 0L/O/LD0qLlbinHrcx0abg06VXBoYmGICJpf/3hhWQM4f+B/5w4vpl8q0B6Osz01pBUBfYak\n CiYCNHMWWVZkW9ZnY7FWiiPOu8iE1s5oPYqBljk3FNUk04SDKMF5TxL87I2nMBnVnvp0ZAuY\n k9ojiLqlhaKnZ1+zwmwmPmXzFSwlyMczPUMSzsFNBGYpLkcBEAC0mxV2j5M1x7GiXqxNVyWy\n OnlWqJkbkoyMlWFSErf+RUYlC9qVGwUihgsgEhQMg0nJiSISmU3vsNEx5j0T13pTEyWXWBdS\n XtZpNEW1lZ2DptoGg+6unpvxd2wn+dqzJqlpr4AY3vc95q4Za/NptWtSCsyJebZ7DxCCkzET\n tzbbnCjW1souCETrMy+G916w1gJkz4V1jLlRMEEoJHLrr1XKDdJRk/34AqXPKOzILlWRFK6s\n zOWa80/FNQV5cvjc2eN1HsTMFY5hjG3zOZb60WqwTisJwArjQbWKF49NLHp/6MpiSXIxF/FU\n jcVYrEk9sKHN+pERnLqIjHA8023whDWvJide7f1V9lrVcFt0zRIhZOp0IAE86E3stSJhZRhY\n xyIAx4dpDrw7EURLOhu+IXLeEJbtW89tp2Ydm7TVAt5iqBubpHpGTWV7hwPRQX2w2MBq1hCn\n K5Xx79omukJisbLqG5xUCR1RZBUfBlYnArssIZSOpdJ9wWMK+fl5gn54cs+yziUYU3Tgk0fJ\n t0DzQsgfd2JkxOEzJACjJWti2Gh3szmdgdoPEJH1Og7KeqbOu2mVCJm+2PrNlzCybOZuHOV5\n +vSarkb69qg9nU+4ZGX1m+EFLDqVUt1g0SjY6QmM5yjGBA46G3dwTEV0/u5Wh7idNT0mRg8R\n eP/62iTL55AM6QARAQABwsF8BBgBCgAmFiEEnYvhTj8qndeRmSjxYa09mOzfLI4FAmYpLkcC\n GwwFCRLMAwAACgkQYa09mOzfLI53ag/+ITb3WW9iqvbjDueV1ZHwUXYvebUEyQV7BFofaJbJ\n Sr7ek46iYdV4Jdosvq1FW+mzuzrhT+QzadEfYmLKrQV4EK7oYTyQ5hcch55eX00o+hyBHqM2\n RR/B5HGLYsuyQNv7a08dAUmmi9eAktQ29IfJi+2Y+S1okAEkWFxCUs4EE8YinCrVergB/MG5\n S7lN3XxITIaW00faKbqGtNqij3vNxua7UenN8NHNXTkrCgA+65clqYI3MGwpqkPnXIpTLGl+\n wBI5S540sIjhgrmWB0trjtUNxe9QcTGHoHtLeGX9QV5KgzNKoUNZsyqh++CPXHyvcN3OFJXm\n VUNRs/O3/b1capLdrVu+LPd6Zi7KAyWUqByPkK18+kwNUZvGsAt8WuVQF5telJ6TutfO8xqT\n FUzuTAHE+IaRU8DEnBpqv0LJ4wqqQ2MeEtodT1icXQ/5EDtM7OTH231lJCR5JxXOnWPuG6el\n YPkzzso6HT7rlapB5nulYmplJZSZ4RmE1ATZKf+wUPocDu6N10LtBNbwHWTT5NLtxNJAJAvl\n ojis6H1kRWZE/n5buyPY2NYeyWfjjrerOYt3er55n4C1I88RSCTGeejVmXWuo65QD2epvzE6\n 3GgKngeVm7shlp7+d3D3+fAAHTvulQQqV3jOodz+B4yzuZ7WljkNrmrWrH8aI4uA98c=","In-Reply-To":"<20260429044752.4176397-26-alistair.francis@wdc.com>","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;\n helo=isrv.corpit.ru","X-Spam_score_int":"-19","X-Spam_score":"-2.0","X-Spam_bar":"--","X-Spam_report":"(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}}]