[{"id":1770514,"web_url":"http://patchwork.ozlabs.org/comment/1770514/","msgid":"<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>","list_archive_url":null,"date":"2017-09-18T21:28:26","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":64571,"url":"http://patchwork.ozlabs.org/api/people/64571/","name":"Alistair Francis","email":"alistair23@gmail.com"},"content":"On Sat, Sep 16, 2017 at 3:35 AM, Michael Olbrich\n<m.olbrich@pengutronix.de> wrote:\n> The current code checks if the next block exceeds the size of the card.\n> This generates an error while reading the last block of the card.\n> Do the out-of-bounds check when starting to read a new block to fix this.\n>\n> This issue became visible with increased error checking in Linux 4.13.\n>\n> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>\n\nThanks for the patch!\n\n> ---\n>\n> Changes in v2:\n>  - fixed warning\n>\n> I'm not quite sure if 0x00 is the correct return value, but it's used\n> elsewhere in the same function when an error occurs, so it seems\n> reasonable.\n\nReturning 0 looks fine to me.\n\n>\n>  hw/sd/sd.c | 12 ++++++------\n>  1 file changed, 6 insertions(+), 6 deletions(-)\n>\n> diff --git a/hw/sd/sd.c b/hw/sd/sd.c\n> index ba47bff4db80..35347a5bbcde 100644\n> --- a/hw/sd/sd.c\n> +++ b/hw/sd/sd.c\n> @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)\n>          break;\n>\n>      case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */\n> -        if (sd->data_offset == 0)\n> +        if (sd->data_offset == 0) {\n> +            if (sd->data_start + io_len > sd->size) {\n> +                sd->card_status |= ADDRESS_ERROR;\n> +                return 0x00;\n> +            }\n\nWhy move it inside the if (sd->data_offset == 0) and not just below\nthe ret = sd->data[sd->data_offset ++] ?\n\nThanks,\nAlistair\n\n>              BLK_READ_BLOCK(sd->data_start, io_len);\n> +        }\n>          ret = sd->data[sd->data_offset ++];\n>\n>          if (sd->data_offset >= io_len) {\n> @@ -1812,11 +1817,6 @@ uint8_t sd_read_data(SDState *sd)\n>                      break;\n>                  }\n>              }\n> -\n> -            if (sd->data_start + io_len > sd->size) {\n> -                sd->card_status |= ADDRESS_ERROR;\n> -                break;\n> -            }\n>          }\n>          break;\n>\n> --\n> 2.14.1\n>\n>","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"oyHfcV1A\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xwzfZ3b7Jz9s7m\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 19 Sep 2017 07:29:23 +1000 (AEST)","from localhost ([::1]:38994 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1du3bT-00044m-4V\n\tfor incoming@patchwork.ozlabs.org; Mon, 18 Sep 2017 17:29:19 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:48142)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1du3b8-00043g-Ua\n\tfor qemu-devel@nongnu.org; Mon, 18 Sep 2017 17:28:59 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1du3b8-0002lD-1z\n\tfor qemu-devel@nongnu.org; Mon, 18 Sep 2017 17:28:58 -0400","from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241]:33870)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <alistair23@gmail.com>)\n\tid 1du3b7-0002ks-Qr\n\tfor qemu-devel@nongnu.org; Mon, 18 Sep 2017 17:28:57 -0400","by mail-wm0-x241.google.com with SMTP id i131so2114695wma.1\n\tfor <qemu-devel@nongnu.org>; Mon, 18 Sep 2017 14:28:57 -0700 (PDT)","by 10.28.191.130 with HTTP; Mon, 18 Sep 2017 14:28:26 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=t3FTEVQCOGftpqtfqarG/gcmhpHq/pw86FPMapTvYz8=;\n\tb=oyHfcV1AgOyJ5hv5YZeyGAUp/gl68PC9o/XogIQWnlc5/ltBdZCnM6qKnTorDuqFUl\n\tkOeAQaaWAhdcJTmxNDc1Y7rFpVknhEU+P+JZLfD+Fv9Iy4ly7KKieyco16m9gjbu36WE\n\ttKEFfrQSD6uqTPPm1JgApqV0fNGsrlBAuX6xWgst2Hj2tryW3UWh4vOYDTZqCGuVby+t\n\tfUO7loKuFBUkGbme9IKsimFNwU9LUI5HTsXr6Pkwxn0MTR90yW7/3MnHQboh4eUIpkfL\n\trU5x9sr+D4XyZUoLH+g5ECj10NpYGUdrETwUiZSdCnw/t+gYx8eih7lUvDe8ufH16EGP\n\thQ6w==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=t3FTEVQCOGftpqtfqarG/gcmhpHq/pw86FPMapTvYz8=;\n\tb=JOUo0YqrOZfW+6CuoLCLYaS/0dVF2olK45UAD8guuQEmVJqzHR7jBK5UI+6phRMnaR\n\tNknZmbzzOrRIh8UrULIDp5dy0ZZuUi408VCv2e8qstvUzrPnhwiBU8WFJO/j+hlU579F\n\tWzE5m5qU21pBm4lMXYy89xbwyP7OahTrU0snFloypJPMcFAvVTtv/n+ooLglNkqQe3A4\n\tuKPnVX14BIBxdKw+GvTzg8llb3kNFvrUPavqJb2Xokpv7hd3FMleRjmbsntfYBIKOVWU\n\tKZcBUy3v74po27hDOr4S9xCdNGsUpkoL/UV20wqJm5PfL576Rl0yXaa4Jh5CXP5+uYaW\n\t9Z2w==","X-Gm-Message-State":"AHPjjUiCxpSB95MuHA/RnGW0CupPbWFR7Zp6FKN7TEx6Un4+ToxMzqyb\n\tiZfLgQdbd8C9+slcnpHLz1eKIh3IbNSUZ6Pin3c=","X-Google-Smtp-Source":"AOwi7QDysm+Q2IS7RJCTTq5Y8zg2hIuLTYMniq/Kuq+sUy+UvqtyQyayOHpeiYhIbKztvFkFTgK6JTj1eF5L4Hto//Y=","X-Received":"by 10.28.129.23 with SMTP id c23mr10944734wmd.27.1505770136589; \n\tMon, 18 Sep 2017 14:28:56 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<20170916103523.1482-1-m.olbrich@pengutronix.de>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>","From":"Alistair Francis <alistair23@gmail.com>","Date":"Mon, 18 Sep 2017 14:28:26 -0700","Message-ID":"<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>","To":"Michael Olbrich <m.olbrich@pengutronix.de>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c09::241","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1770746,"web_url":"http://patchwork.ozlabs.org/comment/1770746/","msgid":"<20170919082358.43upqf3lawg2aqtg@pengutronix.de>","list_archive_url":null,"date":"2017-09-19T08:23:58","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":64504,"url":"http://patchwork.ozlabs.org/api/people/64504/","name":"Michael Olbrich","email":"m.olbrich@pengutronix.de"},"content":"On Mon, Sep 18, 2017 at 02:28:26PM -0700, Alistair Francis wrote:\n> On Sat, Sep 16, 2017 at 3:35 AM, Michael Olbrich\n> <m.olbrich@pengutronix.de> wrote:\n> > The current code checks if the next block exceeds the size of the card.\n> > This generates an error while reading the last block of the card.\n> > Do the out-of-bounds check when starting to read a new block to fix this.\n> >\n> > This issue became visible with increased error checking in Linux 4.13.\n> >\n> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>\n> \n> Thanks for the patch!\n> \n> > ---\n> >\n> > Changes in v2:\n> >  - fixed warning\n> >\n> > I'm not quite sure if 0x00 is the correct return value, but it's used\n> > elsewhere in the same function when an error occurs, so it seems\n> > reasonable.\n> \n> Returning 0 looks fine to me.\n> \n> >\n> >  hw/sd/sd.c | 12 ++++++------\n> >  1 file changed, 6 insertions(+), 6 deletions(-)\n> >\n> > diff --git a/hw/sd/sd.c b/hw/sd/sd.c\n> > index ba47bff4db80..35347a5bbcde 100644\n> > --- a/hw/sd/sd.c\n> > +++ b/hw/sd/sd.c\n> > @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)\n> >          break;\n> >\n> >      case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */\n> > -        if (sd->data_offset == 0)\n> > +        if (sd->data_offset == 0) {\n> > +            if (sd->data_start + io_len > sd->size) {\n> > +                sd->card_status |= ADDRESS_ERROR;\n> > +                return 0x00;\n> > +            }\n> \n> Why move it inside the if (sd->data_offset == 0) and not just below\n> the ret = sd->data[sd->data_offset ++] ?\n> \n> >              BLK_READ_BLOCK(sd->data_start, io_len);\n\nMostly because of the line above. This copies the full block from the\nbackend storage to sd->data, so we need to make sure that the data is\nactually available to fill sd->data, not if it's ok to access a certain\nbyte within sd->data.\n\nMichael\n\n> > +        }\n> >          ret = sd->data[sd->data_offset ++];\n> >\n> >          if (sd->data_offset >= io_len) {\n> > @@ -1812,11 +1817,6 @@ uint8_t sd_read_data(SDState *sd)\n> >                      break;\n> >                  }\n> >              }\n> > -\n> > -            if (sd->data_start + io_len > sd->size) {\n> > -                sd->card_status |= ADDRESS_ERROR;\n> > -                break;\n> > -            }\n> >          }\n> >          break;\n> >\n> > --\n> > 2.14.1\n> >\n> >\n>","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xxGBc311Wz9s7M\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 19 Sep 2017 18:24:38 +1000 (AEST)","from localhost ([::1]:40742 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1duDpb-0003Cr-He\n\tfor incoming@patchwork.ozlabs.org; Tue, 19 Sep 2017 04:24:35 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:33877)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <mol@pengutronix.de>) id 1duDpB-0003BE-K5\n\tfor qemu-devel@nongnu.org; Tue, 19 Sep 2017 04:24:10 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <mol@pengutronix.de>) id 1duDpA-0003Gn-7o\n\tfor qemu-devel@nongnu.org; Tue, 19 Sep 2017 04:24:09 -0400","from metis.ext.pengutronix.de\n\t([2001:67c:670:201:290:27ff:fe1d:cc33]:43333)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <mol@pengutronix.de>) id 1duDp9-0003Du-WF\n\tfor qemu-devel@nongnu.org; Tue, 19 Sep 2017 04:24:08 -0400","from [2001:67c:670:100:5054:ff:fe2a:3aa]\n\t(helo=pty.hi.pengutronix.de)\n\tby metis.ext.pengutronix.de with esmtps\n\t(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)\n\t(envelope-from <mol@pengutronix.de>)\n\tid 1duDp1-0004CQ-NQ; Tue, 19 Sep 2017 10:23:59 +0200","from mol by pty.hi.pengutronix.de with local (Exim 4.89)\n\t(envelope-from <mol@pengutronix.de>)\n\tid 1duDp0-0005P7-Ud; Tue, 19 Sep 2017 10:23:58 +0200"],"Date":"Tue, 19 Sep 2017 10:23:58 +0200","From":"Michael Olbrich <m.olbrich@pengutronix.de>","To":"\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Message-ID":"<20170919082358.43upqf3lawg2aqtg@pengutronix.de>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>","X-Sent-From":"Pengutronix Hildesheim","X-URL":"http://www.pengutronix.de/","X-IRC":"#ptxdist @freenode","X-Accept-Language":"de,en","X-Accept-Content-Type":"text/plain","X-Uptime":"10:14:43 up 91 days, 19:02, 58 users, load average: 0.00, 0.01,\n\t0.04","User-Agent":"NeoMutt/20170113 (1.7.2)","X-SA-Exim-Connect-IP":"2001:67c:670:100:5054:ff:fe2a:3aa","X-SA-Exim-Mail-From":"mol@pengutronix.de","X-SA-Exim-Scanned":"No (on metis.ext.pengutronix.de);\n\tSAEximRunCond expanded to false","X-PTX-Original-Recipient":"qemu-devel@nongnu.org","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2001:67c:670:201:290:27ff:fe1d:cc33","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Alistair Francis <alistair23@gmail.com>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1771472,"web_url":"http://patchwork.ozlabs.org/comment/1771472/","msgid":"<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>","list_archive_url":null,"date":"2017-09-20T00:09:51","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":64571,"url":"http://patchwork.ozlabs.org/api/people/64571/","name":"Alistair Francis","email":"alistair23@gmail.com"},"content":"On Tue, Sep 19, 2017 at 1:23 AM, Michael Olbrich\n<m.olbrich@pengutronix.de> wrote:\n> On Mon, Sep 18, 2017 at 02:28:26PM -0700, Alistair Francis wrote:\n>> On Sat, Sep 16, 2017 at 3:35 AM, Michael Olbrich\n>> <m.olbrich@pengutronix.de> wrote:\n>> > The current code checks if the next block exceeds the size of the card.\n>> > This generates an error while reading the last block of the card.\n>> > Do the out-of-bounds check when starting to read a new block to fix this.\n>> >\n>> > This issue became visible with increased error checking in Linux 4.13.\n>> >\n>> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>\n>>\n>> Thanks for the patch!\n>>\n>> > ---\n>> >\n>> > Changes in v2:\n>> >  - fixed warning\n>> >\n>> > I'm not quite sure if 0x00 is the correct return value, but it's used\n>> > elsewhere in the same function when an error occurs, so it seems\n>> > reasonable.\n>>\n>> Returning 0 looks fine to me.\n>>\n>> >\n>> >  hw/sd/sd.c | 12 ++++++------\n>> >  1 file changed, 6 insertions(+), 6 deletions(-)\n>> >\n>> > diff --git a/hw/sd/sd.c b/hw/sd/sd.c\n>> > index ba47bff4db80..35347a5bbcde 100644\n>> > --- a/hw/sd/sd.c\n>> > +++ b/hw/sd/sd.c\n>> > @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)\n>> >          break;\n>> >\n>> >      case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */\n>> > -        if (sd->data_offset == 0)\n>> > +        if (sd->data_offset == 0) {\n>> > +            if (sd->data_start + io_len > sd->size) {\n>> > +                sd->card_status |= ADDRESS_ERROR;\n>> > +                return 0x00;\n>> > +            }\n>>\n>> Why move it inside the if (sd->data_offset == 0) and not just below\n>> the ret = sd->data[sd->data_offset ++] ?\n>>\n>> >              BLK_READ_BLOCK(sd->data_start, io_len);\n>\n> Mostly because of the line above. This copies the full block from the\n> backend storage to sd->data, so we need to make sure that the data is\n> actually available to fill sd->data, not if it's ok to access a certain\n> byte within sd->data.\n\nDoesn't this mean that the check is only done for the first block\nthen? When data_offset is 0.\n\nThanks,\nAlistair\n\n>\n> Michael\n>\n>> > +        }\n>> >          ret = sd->data[sd->data_offset ++];\n>> >\n>> >          if (sd->data_offset >= io_len) {\n>> > @@ -1812,11 +1817,6 @@ uint8_t sd_read_data(SDState *sd)\n>> >                      break;\n>> >                  }\n>> >              }\n>> > -\n>> > -            if (sd->data_start + io_len > sd->size) {\n>> > -                sd->card_status |= ADDRESS_ERROR;\n>> > -                break;\n>> > -            }\n>> >          }\n>> >          break;\n>> >\n>> > --\n>> > 2.14.1\n>> >\n>> >\n>>\n>\n> --\n> Pengutronix e.K.                           |                             |\n> Industrial Linux Solutions                 | http://www.pengutronix.de/  |\n> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |\n> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"p5Oh5Y1M\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xxgBK3kyqz9s06\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 20 Sep 2017 10:10:48 +1000 (AEST)","from localhost ([::1]:45961 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1duSbF-0007U3-25\n\tfor incoming@patchwork.ozlabs.org; Tue, 19 Sep 2017 20:10:45 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:48299)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1duSau-0007Te-Pm\n\tfor qemu-devel@nongnu.org; Tue, 19 Sep 2017 20:10:26 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1duSat-0007yz-BQ\n\tfor qemu-devel@nongnu.org; Tue, 19 Sep 2017 20:10:24 -0400","from mail-wr0-x241.google.com ([2a00:1450:400c:c0c::241]:35872)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <alistair23@gmail.com>)\n\tid 1duSat-0007yI-4f\n\tfor qemu-devel@nongnu.org; Tue, 19 Sep 2017 20:10:23 -0400","by mail-wr0-x241.google.com with SMTP id g50so592662wra.3\n\tfor <qemu-devel@nongnu.org>; Tue, 19 Sep 2017 17:10:23 -0700 (PDT)","by 10.28.191.130 with HTTP; Tue, 19 Sep 2017 17:09:51 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=RqHt4mdP40oikWnIlhD95Izln6HhuVrnQNPWK9xfueA=;\n\tb=p5Oh5Y1MQYjYJNbw3vTfmiASKee+4Y8C6B/MugxvUjWMxbeYVte20+Qo2jBRMgLMkD\n\tI2PScU7Y5uYxFOthwAtXXqSZ7j3K//09O1QOutbLnmX2IooBhH2Ng2cJWyS/+g6WU/mn\n\t4B6PF2PP3ss+7w+UNBgDavjEvZlTMLsAMD/VrUufYOFNRgI5URZUJk+nNfnDpvLPIc1J\n\taNiL0gNvt/A2viTaS5PVoeUNwifcwbdeECgkXhNiKRorwoPw5tM52zwDAMHAFNWMoRV8\n\tpDOeGkHLlgRkF/V5FzPh7YetoKVQcSm9wxvRJwlMN8sVyq9OGxxAS0UPg5tHwOgPZLu/\n\tljnw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=RqHt4mdP40oikWnIlhD95Izln6HhuVrnQNPWK9xfueA=;\n\tb=Fmdbtf47MEyon0dCFD4mnXRBtl0Lo4gbf1mtzRrJWmwn6sz8mqXx6q+kyfB2xkxSL8\n\tBogiy/fRpBjrB39QhET6J/Lq1qDjSvH7QcHHCDQiCy4f3WjD2m/RTpszz3Zl+yodG/aJ\n\t/R4/6bacjjVtKTrA0OiRuPPYyvQ9Yh7C3d66U81YmXWqNpTqmn3I4txjCwjosK9h4Ktx\n\tt/XB8xfcY8bxdYzj9v44j2K23MnzqTdyuK/xwLpZbOA2vTGhPAQ7r9reGJcmR3fdUqVV\n\tB7WjmwPSeZIfGVM/WZZvr0IqtQYMRW3jBVYodp6h1M7UX+VTpff2eTOsnhyEp1ApFfPR\n\tkYSA==","X-Gm-Message-State":"AHPjjUjyI4su/jMRJ42SJwoAkUrmzUQq9egz7fNeh7qTn1hzeATV8Upx\n\taf1QW2z/rfn8QjZlz+zwiG3yNin5qPl0Xb5IDfO7yw==","X-Google-Smtp-Source":"AOwi7QCAwKDhP8CeYH1OE1j456BNtt0mOkWGLqVthKYVenRsE6/0sIzlVPv3czHajugSlyVfQ3ppVu0iIfhPJJQ+GgA=","X-Received":"by 10.223.136.119 with SMTP id e52mr2534253wre.225.1505866222052;\n\tTue, 19 Sep 2017 17:10:22 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<20170919082358.43upqf3lawg2aqtg@pengutronix.de>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>","From":"Alistair Francis <alistair23@gmail.com>","Date":"Tue, 19 Sep 2017 17:09:51 -0700","Message-ID":"<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>","To":"Michael Olbrich <m.olbrich@pengutronix.de>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c0c::241","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1771609,"web_url":"http://patchwork.ozlabs.org/comment/1771609/","msgid":"<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>","list_archive_url":null,"date":"2017-09-20T06:19:05","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":64504,"url":"http://patchwork.ozlabs.org/api/people/64504/","name":"Michael Olbrich","email":"m.olbrich@pengutronix.de"},"content":"On Tue, Sep 19, 2017 at 05:09:51PM -0700, Alistair Francis wrote:\n> On Tue, Sep 19, 2017 at 1:23 AM, Michael Olbrich\n> <m.olbrich@pengutronix.de> wrote:\n> > On Mon, Sep 18, 2017 at 02:28:26PM -0700, Alistair Francis wrote:\n> >> On Sat, Sep 16, 2017 at 3:35 AM, Michael Olbrich\n> >> <m.olbrich@pengutronix.de> wrote:\n> >> >  hw/sd/sd.c | 12 ++++++------\n> >> >  1 file changed, 6 insertions(+), 6 deletions(-)\n> >> >\n> >> > diff --git a/hw/sd/sd.c b/hw/sd/sd.c\n> >> > index ba47bff4db80..35347a5bbcde 100644\n> >> > --- a/hw/sd/sd.c\n> >> > +++ b/hw/sd/sd.c\n> >> > @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)\n> >> >          break;\n> >> >\n> >> >      case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */\n> >> > -        if (sd->data_offset == 0)\n> >> > +        if (sd->data_offset == 0) {\n> >> > +            if (sd->data_start + io_len > sd->size) {\n> >> > +                sd->card_status |= ADDRESS_ERROR;\n> >> > +                return 0x00;\n> >> > +            }\n> >>\n> >> Why move it inside the if (sd->data_offset == 0) and not just below\n> >> the ret = sd->data[sd->data_offset ++] ?\n> >>\n> >> >              BLK_READ_BLOCK(sd->data_start, io_len);\n> >\n> > Mostly because of the line above. This copies the full block from the\n> > backend storage to sd->data, so we need to make sure that the data is\n> > actually available to fill sd->data, not if it's ok to access a certain\n> > byte within sd->data.\n> \n> Doesn't this mean that the check is only done for the first block\n> then? When data_offset is 0.\n\nNo, data_offset is reset at the end of the block. That's not visible in the\npatch. Here ist the relevant hunks with a bit more context:\n\n     case 18:\t/* CMD18:  READ_MULTIPLE_BLOCK */\n-        if (sd->data_offset == 0)\n+        if (sd->data_offset == 0) {\n+            if (sd->data_start + io_len > sd->size) {\n+                sd->card_status |= ADDRESS_ERROR;\n+                return 0x00;\n+            }\n             BLK_READ_BLOCK(sd->data_start, io_len);\n+        }\n         ret = sd->data[sd->data_offset ++];\n \n         if (sd->data_offset >= io_len) {\n             sd->data_start += io_len;\n             sd->data_offset = 0;\n[...]\n-\n-            if (sd->data_start + io_len > sd->size) {\n-                sd->card_status |= ADDRESS_ERROR;\n-                break;\n-            }\n         }\n         break;\n\nAs you can see, the old check was inside the block that resets data_offset\nto zero. This patch just delays exactly that check to the beginning of the\nnext access.\n\nRegards,\nMichael","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xxqQ71Z0xz9s7h\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 20 Sep 2017 16:21:34 +1000 (AEST)","from localhost ([::1]:46926 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1duYO5-0003ih-1t\n\tfor incoming@patchwork.ozlabs.org; Wed, 20 Sep 2017 02:21:33 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:33155)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <mol@pengutronix.de>) id 1duYLl-0002UX-KU\n\tfor qemu-devel@nongnu.org; Wed, 20 Sep 2017 02:19:10 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <mol@pengutronix.de>) id 1duYLk-0006rZ-C4\n\tfor qemu-devel@nongnu.org; Wed, 20 Sep 2017 02:19:09 -0400","from metis.ext.pengutronix.de\n\t([2001:67c:670:201:290:27ff:fe1d:cc33]:39257)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <mol@pengutronix.de>) id 1duYLk-0006d4-5N\n\tfor qemu-devel@nongnu.org; Wed, 20 Sep 2017 02:19:08 -0400","from [2001:67c:670:100:5054:ff:fe2a:3aa]\n\t(helo=pty.hi.pengutronix.de)\n\tby metis.ext.pengutronix.de with esmtps\n\t(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)\n\t(envelope-from <mol@pengutronix.de>)\n\tid 1duYLi-0005gJ-6m; Wed, 20 Sep 2017 08:19:06 +0200","from mol by pty.hi.pengutronix.de with local (Exim 4.89)\n\t(envelope-from <mol@pengutronix.de>)\n\tid 1duYLh-0000rO-Bh; Wed, 20 Sep 2017 08:19:05 +0200"],"Date":"Wed, 20 Sep 2017 08:19:05 +0200","From":"Michael Olbrich <m.olbrich@pengutronix.de>","To":"Alistair Francis <alistair23@gmail.com>","Message-ID":"<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>\n\t<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>","X-Sent-From":"Pengutronix Hildesheim","X-URL":"http://www.pengutronix.de/","X-IRC":"#ptxdist @freenode","X-Accept-Language":"de,en","X-Accept-Content-Type":"text/plain","X-Uptime":"08:12:17 up 92 days, 17:00, 58 users, load average: 0.01, 0.02,\n\t0.00","User-Agent":"NeoMutt/20170113 (1.7.2)","X-SA-Exim-Connect-IP":"2001:67c:670:100:5054:ff:fe2a:3aa","X-SA-Exim-Mail-From":"mol@pengutronix.de","X-SA-Exim-Scanned":"No (on metis.ext.pengutronix.de);\n\tSAEximRunCond expanded to false","X-PTX-Original-Recipient":"qemu-devel@nongnu.org","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2001:67c:670:201:290:27ff:fe1d:cc33","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1774940,"web_url":"http://patchwork.ozlabs.org/comment/1774940/","msgid":"<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>","list_archive_url":null,"date":"2017-09-25T19:27:04","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":5111,"url":"http://patchwork.ozlabs.org/api/people/5111/","name":"Peter Maydell","email":"peter.maydell@linaro.org"},"content":"On 20 September 2017 at 07:19, Michael Olbrich <m.olbrich@pengutronix.de> wrote:\n> On Tue, Sep 19, 2017 at 05:09:51PM -0700, Alistair Francis wrote:\n>> On Tue, Sep 19, 2017 at 1:23 AM, Michael Olbrich\n>> <m.olbrich@pengutronix.de> wrote:\n>> > On Mon, Sep 18, 2017 at 02:28:26PM -0700, Alistair Francis wrote:\n>> >> On Sat, Sep 16, 2017 at 3:35 AM, Michael Olbrich\n>> >> <m.olbrich@pengutronix.de> wrote:\n>> >> >  hw/sd/sd.c | 12 ++++++------\n>> >> >  1 file changed, 6 insertions(+), 6 deletions(-)\n>> >> >\n>> >> > diff --git a/hw/sd/sd.c b/hw/sd/sd.c\n>> >> > index ba47bff4db80..35347a5bbcde 100644\n>> >> > --- a/hw/sd/sd.c\n>> >> > +++ b/hw/sd/sd.c\n>> >> > @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)\n>> >> >          break;\n>> >> >\n>> >> >      case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */\n>> >> > -        if (sd->data_offset == 0)\n>> >> > +        if (sd->data_offset == 0) {\n>> >> > +            if (sd->data_start + io_len > sd->size) {\n>> >> > +                sd->card_status |= ADDRESS_ERROR;\n>> >> > +                return 0x00;\n>> >> > +            }\n>> >>\n>> >> Why move it inside the if (sd->data_offset == 0) and not just below\n>> >> the ret = sd->data[sd->data_offset ++] ?\n>> >>\n>> >> >              BLK_READ_BLOCK(sd->data_start, io_len);\n>> >\n>> > Mostly because of the line above. This copies the full block from the\n>> > backend storage to sd->data, so we need to make sure that the data is\n>> > actually available to fill sd->data, not if it's ok to access a certain\n>> > byte within sd->data.\n>>\n>> Doesn't this mean that the check is only done for the first block\n>> then? When data_offset is 0.\n>\n> No, data_offset is reset at the end of the block.\n> [...]\n\nAlistair, were you planning to provide a reviewed-by: for this\npatch (or did you have more review comments on it)?\n\nthanks\n-- PMM","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"EBDZ3RZP\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y1DdG5GHlz9t3Z\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 26 Sep 2017 05:27:48 +1000 (AEST)","from localhost ([::1]:43938 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dwZ2g-0006jy-Eg\n\tfor incoming@patchwork.ozlabs.org; Mon, 25 Sep 2017 15:27:46 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:45956)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <peter.maydell@linaro.org>) id 1dwZ2N-0006js-QX\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 15:27:28 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <peter.maydell@linaro.org>) id 1dwZ2M-0008Er-G8\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 15:27:27 -0400","from mail-wm0-x235.google.com ([2a00:1450:400c:c09::235]:43474)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <peter.maydell@linaro.org>)\n\tid 1dwZ2M-0008Ef-9h\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 15:27:26 -0400","by mail-wm0-x235.google.com with SMTP id m72so12357498wmc.0\n\tfor <qemu-devel@nongnu.org>; Mon, 25 Sep 2017 12:27:26 -0700 (PDT)","by 10.223.139.215 with HTTP; Mon, 25 Sep 2017 12:27:04 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=RInGpJ5Dm5L7hAfloFBTlwWvb+jRgHaRP6an0nqUous=;\n\tb=EBDZ3RZPQ3Ep2c3WgVYyoVfendy1POM3WHaWWTV2WhZ2P57Ttys85YAAE/e0o2kSzT\n\tRWel/fVaGbxIlg17hs6jwkezPZHYQhZXfQMTNKNDQULbIFCRuMBgHNLUZidwtKvU6hEH\n\tzUtRA7fT+J3pXlrgNgTnEPddcWWswUlFfifBk=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=RInGpJ5Dm5L7hAfloFBTlwWvb+jRgHaRP6an0nqUous=;\n\tb=qfZFkLu2Jt5hh1QJA4XPHAs9f9n/n/PQlGsyk5yVOBtpfRF1RU0Vk3wHU7pUu558rY\n\t+DJclV2KF0u5S6SK1y8QipVYi4KK4q9K+5ZMntXL2/wqqMzN2xVEljjNc8NGxc071PMV\n\tlNY2J5xSYNezEePHKYGbjHPIqOM5aHTjmRBJ1q7/TPz5fjp7lZp6MRbMyrg7Db5lbAiX\n\t6MQ1jP/fkGVh3o1Xk5eRXi+6Ol5P1GEWvdDTwOEvfwKwa2kwL2M6v1nqmxv19Y3i1/eS\n\ticeNRXiBN5OU+/gg5uulhKd1ttosjT2p3sF0loA/dOSjRBrcb+mkuZuec+7neiSe9aLV\n\tt0bg==","X-Gm-Message-State":"AHPjjUiLXEkbs+CP1VMYN68+u2Py8KpGsUMP301diDAMWp7DU4tvNuz1\n\tAmNrwYNh7bnmWmPs58NetuyIrh8EWnuViWhUqTctPw==","X-Google-Smtp-Source":"AOwi7QC/jP3Z3rba5JYs4OT9Rd13vtHvchTOAzWPpihiZQqU8R/hrXbCtEFaA4fDb0T2+jvQd3ZSOC9w693MfTUkn2E=","X-Received":"by 10.28.166.135 with SMTP id p129mr1268980wme.147.1506367645214;\n\tMon, 25 Sep 2017 12:27:25 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>\n\t<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>\n\t<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>","From":"Peter Maydell <peter.maydell@linaro.org>","Date":"Mon, 25 Sep 2017 20:27:04 +0100","Message-ID":"<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>","To":"Michael Olbrich <m.olbrich@pengutronix.de>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c09::235","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Alistair Francis <alistair23@gmail.com>,\n\t\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1774985,"web_url":"http://patchwork.ozlabs.org/comment/1774985/","msgid":"<CAKmqyKO19A7ZKEKkLToW23jFZH1pdtv17Y4Hj==TE7ZGGFpW6w@mail.gmail.com>","list_archive_url":null,"date":"2017-09-25T21:16:47","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":64571,"url":"http://patchwork.ozlabs.org/api/people/64571/","name":"Alistair Francis","email":"alistair23@gmail.com"},"content":"On Mon, Sep 25, 2017 at 12:27 PM, Peter Maydell\n<peter.maydell@linaro.org> wrote:\n> On 20 September 2017 at 07:19, Michael Olbrich <m.olbrich@pengutronix.de> wrote:\n>> On Tue, Sep 19, 2017 at 05:09:51PM -0700, Alistair Francis wrote:\n>>> On Tue, Sep 19, 2017 at 1:23 AM, Michael Olbrich\n>>> <m.olbrich@pengutronix.de> wrote:\n>>> > On Mon, Sep 18, 2017 at 02:28:26PM -0700, Alistair Francis wrote:\n>>> >> On Sat, Sep 16, 2017 at 3:35 AM, Michael Olbrich\n>>> >> <m.olbrich@pengutronix.de> wrote:\n>>> >> >  hw/sd/sd.c | 12 ++++++------\n>>> >> >  1 file changed, 6 insertions(+), 6 deletions(-)\n>>> >> >\n>>> >> > diff --git a/hw/sd/sd.c b/hw/sd/sd.c\n>>> >> > index ba47bff4db80..35347a5bbcde 100644\n>>> >> > --- a/hw/sd/sd.c\n>>> >> > +++ b/hw/sd/sd.c\n>>> >> > @@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)\n>>> >> >          break;\n>>> >> >\n>>> >> >      case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */\n>>> >> > -        if (sd->data_offset == 0)\n>>> >> > +        if (sd->data_offset == 0) {\n>>> >> > +            if (sd->data_start + io_len > sd->size) {\n>>> >> > +                sd->card_status |= ADDRESS_ERROR;\n>>> >> > +                return 0x00;\n>>> >> > +            }\n>>> >>\n>>> >> Why move it inside the if (sd->data_offset == 0) and not just below\n>>> >> the ret = sd->data[sd->data_offset ++] ?\n>>> >>\n>>> >> >              BLK_READ_BLOCK(sd->data_start, io_len);\n>>> >\n>>> > Mostly because of the line above. This copies the full block from the\n>>> > backend storage to sd->data, so we need to make sure that the data is\n>>> > actually available to fill sd->data, not if it's ok to access a certain\n>>> > byte within sd->data.\n>>>\n>>> Doesn't this mean that the check is only done for the first block\n>>> then? When data_offset is 0.\n>>\n>> No, data_offset is reset at the end of the block.\n>> [...]\n>\n> Alistair, were you planning to provide a reviewed-by: for this\n> patch (or did you have more review comments on it)?\n\nAh woops, this slipped through. Looks fine to me then.\n\nReviewed-by: Alistair Francis <alistair.francis@xilinx.com>\n\nThanks,\nAlistair\n\n>\n> thanks\n> -- PMM","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"q9SmPIdp\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y1H422hyLz9s7c\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 26 Sep 2017 07:17:49 +1000 (AEST)","from localhost ([::1]:44338 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dwal6-0004Pk-Cw\n\tfor incoming@patchwork.ozlabs.org; Mon, 25 Sep 2017 17:17:44 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:40379)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1dwakj-0004Pf-Gp\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 17:17:22 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1dwaki-0005G6-Fh\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 17:17:21 -0400","from mail-wm0-x242.google.com ([2a00:1450:400c:c09::242]:34014)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <alistair23@gmail.com>)\n\tid 1dwaki-0005FZ-8k\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 17:17:20 -0400","by mail-wm0-x242.google.com with SMTP id i131so7959589wma.1\n\tfor <qemu-devel@nongnu.org>; Mon, 25 Sep 2017 14:17:18 -0700 (PDT)","by 10.28.135.139 with HTTP; Mon, 25 Sep 2017 14:16:47 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=XyyzymozVdZ1bDvN24Vp+RubGkZdkG1up9IkCsBQwus=;\n\tb=q9SmPIdpQOwO0HRv0Gj+iSgqc1jKHSk0Kbs2o25i0GqljYIavmdYrDOMFk9KglOPse\n\t4BwuR5B2dvuXIVmpizkDyU2lkSt5CHw6noK0gxe2dhnmu+jBUMGQGeVQ27VAH3ZPq+dB\n\t4+0/n33YPolmIg0Ug4SnPtBxK1mdzG0Di960SDkZwD5zj9IH/whv0+iiye0CTz2c++Xa\n\tj59cRIXgY51CYWyjHGyLeFGiDDPrwKaT23rsraQjDB+y7+q6xRVnYPNt9sfD4rCe9U+G\n\ttKtp7ZuPYZEOF+SIcEPzCSnBLZboxDGg0+PN7Um40Z+IMvuL9l3oKY0kzBmG5FSagmrK\n\twJiw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=XyyzymozVdZ1bDvN24Vp+RubGkZdkG1up9IkCsBQwus=;\n\tb=EKuz6W46SUZ7+V4UpnuWRe7qxsFzR7XI4SXLNWkttG4sQBUGoBusS74RgAtI2nxkbI\n\t7eZoMHN/3/Im4kWixzcImC8/S19BJVwbdk/kiyb80uq13DszsQeBXpmzn9PLNZHq/6cu\n\tMKkQ6vPnU0IEdrD2VWDSUW+gCnziGRFxdzdcHKwHEuuSbqOHVsuyzFNnFbQUopEmjuMl\n\tfORjWbKEJJZoABUeBlF6sDDOWDR5AipI0EN2xyhUEukJHrs6RSSpyOs18SQIHtsGs3Gu\n\tNWyIdFeC7+W3WmVjqrdgobkolWLMUHN98Lg5eh8CJDNmc+etiFhoYBcC/82y9WHB8cdt\n\tL1gA==","X-Gm-Message-State":"AHPjjUg5GQqHWvhf1xa9LehlmFKaAkgflFUmLcl6DngDfU2mQd1Ccj6q\n\tgrIcDiakTTLr1UmZU9CYtrdkCVvRMPBlFgROuKE=","X-Google-Smtp-Source":"AOwi7QB2tBlQWpKFhstbHJfcAYHJcm0iazrBJYSB2sjd6FTQB9vyOOtkn6XIMrSZKybPF0sJQOdx3mU2cuRvRJkPvBI=","X-Received":"by 10.28.125.205 with SMTP id y196mr1519574wmc.128.1506374237775;\n\tMon, 25 Sep 2017 14:17:17 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>\n\t<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>\n\t<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>\n\t<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>","From":"Alistair Francis <alistair23@gmail.com>","Date":"Mon, 25 Sep 2017 14:16:47 -0700","Message-ID":"<CAKmqyKO19A7ZKEKkLToW23jFZH1pdtv17Y4Hj==TE7ZGGFpW6w@mail.gmail.com>","To":"Peter Maydell <peter.maydell@linaro.org>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c09::242","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Michael Olbrich <m.olbrich@pengutronix.de>,\n\t\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1775004,"web_url":"http://patchwork.ozlabs.org/comment/1775004/","msgid":"<CAFEAcA98UwfYcHgX0V-ghe1JhO4RjNDKa0WVWBJZM27g02rdig@mail.gmail.com>","list_archive_url":null,"date":"2017-09-25T22:38:35","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":5111,"url":"http://patchwork.ozlabs.org/api/people/5111/","name":"Peter Maydell","email":"peter.maydell@linaro.org"},"content":"On 25 September 2017 at 22:16, Alistair Francis <alistair23@gmail.com> wrote:\n> On Mon, Sep 25, 2017 at 12:27 PM, Peter Maydell\n> <peter.maydell@linaro.org> wrote:\n>> Alistair, were you planning to provide a reviewed-by: for this\n>> patch (or did you have more review comments on it)?\n>\n> Ah woops, this slipped through. Looks fine to me then.\n>\n> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>\n\nCheers. Should we cc:stable on this too? I'm inclined towards 'yes'.\n\nthanks\n-- PMM","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"T3d9TCnf\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y1JtJ4D1Fz9sBW\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 26 Sep 2017 08:39:35 +1000 (AEST)","from localhost ([::1]:44621 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dwc2G-0005qi-Ks\n\tfor incoming@patchwork.ozlabs.org; Mon, 25 Sep 2017 18:39:32 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:35900)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <peter.maydell@linaro.org>) id 1dwc1i-0005qc-DS\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 18:38:59 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <peter.maydell@linaro.org>) id 1dwc1h-0005KZ-Ji\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 18:38:58 -0400","from mail-wr0-x22d.google.com ([2a00:1450:400c:c0c::22d]:55246)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <peter.maydell@linaro.org>)\n\tid 1dwc1h-0005KI-DT\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 18:38:57 -0400","by mail-wr0-x22d.google.com with SMTP id g29so10390835wrg.11\n\tfor <qemu-devel@nongnu.org>; Mon, 25 Sep 2017 15:38:57 -0700 (PDT)","by 10.223.139.215 with HTTP; Mon, 25 Sep 2017 15:38:35 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=eRGUtjJLft6xtvVJeh4JPTt6N9OwYycPZpCLo9+MaUI=;\n\tb=T3d9TCnfHaOz56YKhqGVbbeS+5Qy3RG5DGLReU6xt4EUfufAVqresRRlw8itXgkAQQ\n\tKdg8MMr1GByrR15lPeCq5L8mNoUZ5s86QQtRR22qXIst2pOMr1VR0n76axAqY+xxOZwP\n\tJJD9GIGmByinwogmgzmhmQ85Crw6p3Q0T188U=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=eRGUtjJLft6xtvVJeh4JPTt6N9OwYycPZpCLo9+MaUI=;\n\tb=b2Y9ivWd30VaS7RCf0uadD1v+Z0fYmO5em+BmZIdo2lJt5MOebV0L57RnNUAaTWvPC\n\tlPm30sazzufvL+D2ffgmxKVpHg+KF7SKO7GmRIbTqR9a0gbW4Lwh72TSoGhCZdhNN50v\n\t8DSr2kajlFGUm/Xz/TQQlVrPCg4vILKw29WH5mg4etC8gqd4iBVBN+WvbO9q5g6xHZPi\n\t2K5s3mYLQyHjRJ5vSVVjWRoJw8SJCy+FG+qjTByxWMXUPigkwolFEhRD3ONCi44BGieX\n\t9aeWrI/lBsx9txQHkCAuWZst8uRv+/jZMzdjeRonMGq9oSBr6l6eDgmJlABZc+Lo1wzn\n\tD9iA==","X-Gm-Message-State":"AHPjjUiMvrCQeiBFtb0DS9RkTan+cVmlPZfCrNM1970kK4RZnb5sELJR\n\t+fwdIqgmzstg3nrVgJec3SIKska7iI3Wk6p7LD3/jA==","X-Google-Smtp-Source":"AOwi7QBG07D/PsdNHwyBjw9XgtUP5FMiTTFalrsdbZgKCCJYH73tfWmRc9HH1pwAYD6JH61XDdRnKlX7Oqktleg0DkQ=","X-Received":"by 10.223.147.166 with SMTP id 35mr8388718wrp.90.1506379136127; \n\tMon, 25 Sep 2017 15:38:56 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<CAKmqyKO19A7ZKEKkLToW23jFZH1pdtv17Y4Hj==TE7ZGGFpW6w@mail.gmail.com>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>\n\t<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>\n\t<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>\n\t<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>\n\t<CAKmqyKO19A7ZKEKkLToW23jFZH1pdtv17Y4Hj==TE7ZGGFpW6w@mail.gmail.com>","From":"Peter Maydell <peter.maydell@linaro.org>","Date":"Mon, 25 Sep 2017 23:38:35 +0100","Message-ID":"<CAFEAcA98UwfYcHgX0V-ghe1JhO4RjNDKa0WVWBJZM27g02rdig@mail.gmail.com>","To":"Alistair Francis <alistair23@gmail.com>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c0c::22d","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Michael Olbrich <m.olbrich@pengutronix.de>,\n\t\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1775011,"web_url":"http://patchwork.ozlabs.org/comment/1775011/","msgid":"<CAKmqyKO_z2_LVMnibA38H4Ny242UJSaZ-aOk9dZ3QHC00r+_2Q@mail.gmail.com>","list_archive_url":null,"date":"2017-09-25T22:53:20","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":64571,"url":"http://patchwork.ozlabs.org/api/people/64571/","name":"Alistair Francis","email":"alistair23@gmail.com"},"content":"On Mon, Sep 25, 2017 at 3:38 PM, Peter Maydell <peter.maydell@linaro.org> wrote:\n> On 25 September 2017 at 22:16, Alistair Francis <alistair23@gmail.com> wrote:\n>> On Mon, Sep 25, 2017 at 12:27 PM, Peter Maydell\n>> <peter.maydell@linaro.org> wrote:\n>>> Alistair, were you planning to provide a reviewed-by: for this\n>>> patch (or did you have more review comments on it)?\n>>\n>> Ah woops, this slipped through. Looks fine to me then.\n>>\n>> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>\n>\n> Cheers. Should we cc:stable on this too? I'm inclined towards 'yes'.\n\nYeah, I don't see a reason not to.\n\nThanks,\nAlistair\n\n>\n> thanks\n> -- PMM","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"oHcfWFo4\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y1KCD4rwZz9t2M\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 26 Sep 2017 08:54:16 +1000 (AEST)","from localhost ([::1]:44665 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dwcGU-0000o6-RM\n\tfor incoming@patchwork.ozlabs.org; Mon, 25 Sep 2017 18:54:14 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:39168)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1dwcG9-0000no-E6\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 18:53:54 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <alistair23@gmail.com>) id 1dwcG8-0002LE-Ou\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 18:53:53 -0400","from mail-wr0-x231.google.com ([2a00:1450:400c:c0c::231]:54307)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <alistair23@gmail.com>)\n\tid 1dwcG8-0002L4-Id\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 18:53:52 -0400","by mail-wr0-x231.google.com with SMTP id g29so10431361wrg.11\n\tfor <qemu-devel@nongnu.org>; Mon, 25 Sep 2017 15:53:52 -0700 (PDT)","by 10.28.135.139 with HTTP; Mon, 25 Sep 2017 15:53:20 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=90252uKMBiIx3XHw5rB6fjg+2ptW7zZozbjlNY4T3WU=;\n\tb=oHcfWFo4Yp/xkMXBblLSDZcYo6/qh51kJqOjHq6VBfAD8ytKAyZh8jZtsPJKdTBz/h\n\t3PGlVK/IQtlE8igFXF6VV6yXwb9AmWCLDbpoh4Ap0xCmzXFJvl8feztaVfmw8G+mL2jc\n\tfbVtNvSx+T+SEzslwDCkfMOBlpXlSi9jl3GCCmIWDrr37QDqsKcswAdkS/H6pYaAZ7bg\n\tOxiKu9suZRRHAOFWJIBZkp4X18y6ZXN5L748d6quOgP5AMXYOLG+bomCZ//dKu/cXF4j\n\tR8bsnK/5ofh1+zpOohQ5tdecBRUTsL8u9vuSpgVw4Ey1czLKg+MJ4WJWBPiTJF8JBqsE\n\tnK2A==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=90252uKMBiIx3XHw5rB6fjg+2ptW7zZozbjlNY4T3WU=;\n\tb=YSAVx4eVdqJcTeffXBxEvkAea4hIYscSU5PsSFKncFm2TJDCen0EQ6uByT2IGVcdDi\n\t+kH2d9mq8UFtCohoJySiQTcwQw9KsJzMGX7C1OiTLN+XrubV2xE6ZwUiNH7OFDO/Yn6M\n\tWkU5+KDi+6rL70u5GIZSKBZLt/DOohUjB3EuvZxPWs6B+AJkmUEF20EXeBpoOEf/dvwF\n\tz2gB79LfofwRWu32iBBgQ95nOTBkyrlxr2qlepdyooSFXIXpElcx06qSwwOSH+XzyCY1\n\tZbZ1palrLSCB9/Lqe2SU4s0kac53Ozkg5IPq2wsRzXM2KXImskKelrWwxC/kJLpn99eK\n\tFrvQ==","X-Gm-Message-State":"AHPjjUgtQIEx4uomX+mWgefj5GD7ezeOoO8qy6U01R4tKE1ZXqBq/ypz\n\tWYV/0bRtAuNa0zoIkrdROH3J8JVzIw+hZC4Yak8=","X-Google-Smtp-Source":"AOwi7QDk5OmIpy6cB7jLs9l92IAXI63L9dNvTOFPnXBM58bTh0T5qDCcFHbJiyFaDcKmL1xwrRlHbqm3wjQV7JGsp3A=","X-Received":"by 10.223.187.74 with SMTP id x10mr6713746wrg.66.1506380031294; \n\tMon, 25 Sep 2017 15:53:51 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<CAFEAcA98UwfYcHgX0V-ghe1JhO4RjNDKa0WVWBJZM27g02rdig@mail.gmail.com>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>\n\t<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>\n\t<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>\n\t<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>\n\t<CAKmqyKO19A7ZKEKkLToW23jFZH1pdtv17Y4Hj==TE7ZGGFpW6w@mail.gmail.com>\n\t<CAFEAcA98UwfYcHgX0V-ghe1JhO4RjNDKa0WVWBJZM27g02rdig@mail.gmail.com>","From":"Alistair Francis <alistair23@gmail.com>","Date":"Mon, 25 Sep 2017 15:53:20 -0700","Message-ID":"<CAKmqyKO_z2_LVMnibA38H4Ny242UJSaZ-aOk9dZ3QHC00r+_2Q@mail.gmail.com>","To":"Peter Maydell <peter.maydell@linaro.org>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c0c::231","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Michael Olbrich <m.olbrich@pengutronix.de>,\n\t\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}},{"id":1775015,"web_url":"http://patchwork.ozlabs.org/comment/1775015/","msgid":"<CAFEAcA_tAOx7Qb_aijj6bAP7QuU4Yx8bEhU0OGq+QN=sgKsXyA@mail.gmail.com>","list_archive_url":null,"date":"2017-09-25T23:07:10","subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","submitter":{"id":5111,"url":"http://patchwork.ozlabs.org/api/people/5111/","name":"Peter Maydell","email":"peter.maydell@linaro.org"},"content":"On 25 September 2017 at 23:53, Alistair Francis <alistair23@gmail.com> wrote:\n> On Mon, Sep 25, 2017 at 3:38 PM, Peter Maydell <peter.maydell@linaro.org> wrote:\n>> On 25 September 2017 at 22:16, Alistair Francis <alistair23@gmail.com> wrote:\n>>> On Mon, Sep 25, 2017 at 12:27 PM, Peter Maydell\n>>> <peter.maydell@linaro.org> wrote:\n>>>> Alistair, were you planning to provide a reviewed-by: for this\n>>>> patch (or did you have more review comments on it)?\n>>>\n>>> Ah woops, this slipped through. Looks fine to me then.\n>>>\n>>> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>\n>>\n>> Cheers. Should we cc:stable on this too? I'm inclined towards 'yes'.\n>\n> Yeah, I don't see a reason not to.\n\nApplied to target-arm.next, thanks.\n\n-- PMM","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"cdGvXsl5\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y1KW76Rg3z9t2M\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 26 Sep 2017 09:08:02 +1000 (AEST)","from localhost ([::1]:44687 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dwcTn-0002nM-8p\n\tfor incoming@patchwork.ozlabs.org; Mon, 25 Sep 2017 19:07:59 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:40884)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <peter.maydell@linaro.org>) id 1dwcTN-0002n5-Lu\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 19:07:34 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <peter.maydell@linaro.org>) id 1dwcTM-0005xd-Ta\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 19:07:33 -0400","from mail-wr0-x22c.google.com ([2a00:1450:400c:c0c::22c]:46521)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from <peter.maydell@linaro.org>)\n\tid 1dwcTM-0005xK-Jb\n\tfor qemu-devel@nongnu.org; Mon, 25 Sep 2017 19:07:32 -0400","by mail-wr0-x22c.google.com with SMTP id o42so10476692wrb.3\n\tfor <qemu-devel@nongnu.org>; Mon, 25 Sep 2017 16:07:32 -0700 (PDT)","by 10.223.139.215 with HTTP; Mon, 25 Sep 2017 16:07:10 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=f5OWmTn5m/mqLBo0OCz04usPYXXIB/5Bk5fMVqsGFCc=;\n\tb=cdGvXsl5I2reK95H1KWmgI+JEFiMAsOxCyQnqnlcnXuCGraJM8mrjtH+bsHGoUe/8r\n\ttgEIJOukNnkZ0/CC2MdO/MSUt1KNKDFefwfAUQRMnIhmLZBo74mFzkyIsoLoHPBCZ1kT\n\tyyGzQtPiJ6RSfm4ie3xkl64mv29Zb7PXu0MqY=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=f5OWmTn5m/mqLBo0OCz04usPYXXIB/5Bk5fMVqsGFCc=;\n\tb=OVbYJVpJzXB3nWtwAcWa5ch5uSiCJ9DUJDJ/MbQwHl48VmJHZxAKzXcsMsaBfAP3nm\n\tBC5JIR6wOzOpsdRnMNBwyDdFh4IMO7lkvAC1BGO/2QakbZtNZOAhYgywSy/ydP/7mZSc\n\tAjvCA1BYcK6cQsSAbb+kmVC86Unh3/WMuazH4uWPjJ59Fu2sBC0sk4ppImGgopc1RbqJ\n\tPJMtnPpiXIOa0IztPWvlOrdyQAbFHk3BTtEO1aRxb34hO3AaPt+ZmYoE13bWlfuOihCh\n\toTBmzXoiG8cOTgT0WgKLl9mgJQOd9goDyvkqTar0DMX6yBkf2Laf4dPt6qpHEaF4ZiHC\n\tkwrw==","X-Gm-Message-State":"AHPjjUifGhhTILsJ5MCLNWKy0HGI8YV3NlguHM8CBWscpIYNNVtxr9o/\n\tJFNtDFP3K/VoEPSxVE/osiI33K2G55m8Ucx9UaosYQ==","X-Google-Smtp-Source":"AOwi7QAFBBvnUPXeobFbDtMYQs3XoGRY+nxPPECDFrdaOBqe2CEr6v0SBYcwoxMvJzAkgYPPFXFz+iTkFrTBDkzvn0k=","X-Received":"by 10.223.186.201 with SMTP id w9mr4511587wrg.230.1506380851472; \n\tMon, 25 Sep 2017 16:07:31 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<CAKmqyKO_z2_LVMnibA38H4Ny242UJSaZ-aOk9dZ3QHC00r+_2Q@mail.gmail.com>","References":"<150555367996.36.15771330325496067998@69b6ddf88678>\n\t<20170916103523.1482-1-m.olbrich@pengutronix.de>\n\t<CAKmqyKP_5dC1td8DMCEM_4v74XBZy5-rWH2z4XA8VCw4165SAg@mail.gmail.com>\n\t<20170919082358.43upqf3lawg2aqtg@pengutronix.de>\n\t<CAKmqyKOeYQHRytnhzmC0Tr3rp4KU8NomgnFhhcrKE5KP75WMow@mail.gmail.com>\n\t<20170920061905.rbv3g2ubd4c5zvn4@pengutronix.de>\n\t<CAFEAcA89F3RVOyu3SPHxZiPB-ws2sQhL71e21fAGP-_TCgOC3w@mail.gmail.com>\n\t<CAKmqyKO19A7ZKEKkLToW23jFZH1pdtv17Y4Hj==TE7ZGGFpW6w@mail.gmail.com>\n\t<CAFEAcA98UwfYcHgX0V-ghe1JhO4RjNDKa0WVWBJZM27g02rdig@mail.gmail.com>\n\t<CAKmqyKO_z2_LVMnibA38H4Ny242UJSaZ-aOk9dZ3QHC00r+_2Q@mail.gmail.com>","From":"Peter Maydell <peter.maydell@linaro.org>","Date":"Tue, 26 Sep 2017 00:07:10 +0100","Message-ID":"<CAFEAcA_tAOx7Qb_aijj6bAP7QuU4Yx8bEhU0OGq+QN=sgKsXyA@mail.gmail.com>","To":"Alistair Francis <alistair23@gmail.com>","Content-Type":"text/plain; charset=\"UTF-8\"","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2a00:1450:400c:c0c::22c","Subject":"Re: [Qemu-devel] [PATCH v2] hw/sd: fix out-of-bounds check for\n\tmulti block reads","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Michael Olbrich <m.olbrich@pengutronix.de>,\n\t\"qemu-devel@nongnu.org Developers\" <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}}]