[v4,00/14] hw/sd/sdcard: Fix CVE-2020-13253 & cleanups

Patches 5 & 6 fix CVE-2020-13253.
The rest are (accumulated) cleanups.

Missing review:
[PATCH 01/14] MAINTAINERS: Cc qemu-block mailing list
[PATCH 03/14] hw/sd/sdcard: Move some definitions to use them earlier
[PATCH 04/14] hw/sd/sdcard: Use the HWBLOCK_SIZE definition
[PATCH 05/14] hw/sd/sdcard: Do not switch to ReceivingData if address is invalid
[PATCH 07/14] hw/sd/sdcard: Check address is in range
[PATCH 11/14] hw/sd/sdcard: Make iolen unsigned
[PATCH 12/14] hw/sd/sdcard: Correctly display the command name in trace events

$ git backport-diff -u v3
Key:
[----] : patches are identical
[####] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/14:[----] [--] 'MAINTAINERS: Cc qemu-block mailing list'
002/14:[----] [--] 'hw/sd/sdcard: Update coding style to make checkpatch.pl happy'
003/14:[down] 'hw/sd/sdcard: Move some definitions to use them earlier'
004/14:[down] 'hw/sd/sdcard: Use the HWBLOCK_SIZE definition'
005/14:[0030] [FC] 'hw/sd/sdcard: Do not switch to ReceivingData if address is invalid'
006/14:[----] [--] 'hw/sd/sdcard: Restrict Class 6 commands to SCSD cards'
007/14:[down] 'hw/sd/sdcard: Check address is in range'
008/14:[----] [--] 'hw/sd/sdcard: Update the SDState documentation'
009/14:[----] [--] 'hw/sd/sdcard: Simplify cmd_valid_while_locked()'
010/14:[----] [--] 'hw/sd/sdcard: Constify sd_crc*()'s message argument'
011/14:[0004] [FC] 'hw/sd/sdcard: Make iolen unsigned'
012/14:[----] [-C] 'hw/sd/sdcard: Correctly display the command name in trace events'
013/14:[0004] [FC] 'hw/sd/sdcard: Display offset in read/write_data() trace events'
014/14:[----] [--] 'hw/sd/sdcard: Simplify realize() a bit'

Philippe Mathieu-Daudé (14):
  MAINTAINERS: Cc qemu-block mailing list
  hw/sd/sdcard: Update coding style to make checkpatch.pl happy
  hw/sd/sdcard: Move some definitions to use them earlier
  hw/sd/sdcard: Use the HWBLOCK_SIZE definition
  hw/sd/sdcard: Do not switch to ReceivingData if address is invalid
  hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
  hw/sd/sdcard: Check address is in range
  hw/sd/sdcard: Update the SDState documentation
  hw/sd/sdcard: Simplify cmd_valid_while_locked()
  hw/sd/sdcard: Constify sd_crc*()'s message argument
  hw/sd/sdcard: Make iolen unsigned
  hw/sd/sdcard: Correctly display the command name in trace events
  hw/sd/sdcard: Display offset in read/write_data() trace events
  hw/sd/sdcard: Simplify realize() a bit

 hw/sd/sd.c         | 139 +++++++++++++++++++++++++++++----------------
 MAINTAINERS        |   1 +
 hw/sd/trace-events |   4 +-
 3 files changed, 92 insertions(+), 52 deletions(-)

On Fri, Jun 26, 2020 at 6:28 PM Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
>
> Patches 5 & 6 fix CVE-2020-13253.
> The rest are (accumulated) cleanups.

Wrong branch... sorry for the noise :/

Patchew URL: https://patchew.org/QEMU/20200626162818.25840-1-f4bug@amsat.org/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

                 from /tmp/qemu-test/src/include/qemu/osdep.h:126,
                 from /tmp/qemu-test/src/hw/sd/sd.c:33:
/tmp/qemu-test/src/hw/sd/sd.c: In function 'sd_addr_to_wpnum':
/tmp/qemu-test/src/hw/sd/sd.c:546:19: error: 'sd' undeclared (first use in this function); did you mean 'send'?
  546 |     assert(addr < sd->size);
      |                   ^~
/usr/x86_64-w64-mingw32/sys-root/mingw/include/glib-2.0/glib/gmacros.h:928:8: note: in definition of macro '_G_BOOLEAN_EXPR'
---
/tmp/qemu-test/src/hw/sd/sd.c:546:5: note: in expansion of macro 'assert'
  546 |     assert(addr < sd->size);
      |     ^~~~~~
make: *** [/tmp/qemu-test/src/rules.mak:69: hw/sd/sd.o] Error 1
make: *** Waiting for unfinished jobs....
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 669, in <module>
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=704d59d597a64bfdbe6aaf7e32fe45b0', '-u', '1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-smffcfw5/src/docker-src.2020-06-26-12.48.10.24057:/var/tmp/qemu:z,ro', 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=704d59d597a64bfdbe6aaf7e32fe45b0
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-smffcfw5/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    3m3.444s
user    0m8.625s


The full log is available at
http://patchew.org/logs/20200626162818.25840-1-f4bug@amsat.org/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Patchew URL: https://patchew.org/QEMU/20200626162818.25840-1-f4bug@amsat.org/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

In file included from /tmp/qemu-test/src/include/qemu/osdep.h:101:0,
                 from /tmp/qemu-test/src/hw/sd/sd.c:33:
/tmp/qemu-test/src/hw/sd/sd.c: In function 'sd_addr_to_wpnum':
/tmp/qemu-test/src/hw/sd/sd.c:546:19: error: 'sd' undeclared (first use in this function)
     assert(addr < sd->size);
                   ^
/tmp/qemu-test/src/hw/sd/sd.c:546:19: note: each undeclared identifier is reported only once for each function it appears in
make: *** [hw/sd/sd.o] Error 1
make: *** Waiting for unfinished jobs....
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 669, in <module>
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=ea6cded0171c4bc4bd3fe971fe0b86bb', '-u', '1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-fvx14yef/src/docker-src.2020-06-26-12.52.48.1687:/var/tmp/qemu:z,ro', 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=ea6cded0171c4bc4bd3fe971fe0b86bb
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-fvx14yef/src'
make: *** [docker-run-test-quick@centos7] Error 2

real    2m10.002s
user    0m7.978s


The full log is available at
http://patchew.org/logs/20200626162818.25840-1-f4bug@amsat.org/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com