mbox

[PULL,0/3] Memory/SDHCI/ParallelFlash patches for v7.2.0-rc0

Message ID 20221108183352.9466-1-philmd@linaro.org
State New
Headers show

Pull-request

https://github.com/philmd/qemu.git tags/memflash-20221108

Message

Philippe Mathieu-Daudé Nov. 8, 2022, 6:33 p.m. UTC
The following changes since commit ade760a2f63804b7ab1839fbc3e5ddbf30538718:

  Merge tag 'pull-request-2022-11-08' of https://gitlab.com/thuth/qemu into staging (2022-11-08 11:34:06 -0500)

are available in the Git repository at:

  https://github.com/philmd/qemu.git tags/memflash-20221108

for you to fetch changes up to cf9b3efd816518f9f210f50a0fa3e46a00b33c27:

  Revert "hw/block/pflash_cfi: Error out if dev length isn't power of 2" (2022-11-08 19:29:25 +0100)

----------------------------------------------------------------
Memory/SDHCI/ParallelFlash patches queue

- Fix wrong end address dump in 'info mtree' (Zhenzhong Duan)
- Fix in SDHCI for CVE-2022-3872 (myself)
- Revert latest pflash check of underlying block size (Daniel
  Henrique Barboza & myself)

----------------------------------------------------------------

Daniel Henrique Barboza (1):
  Revert "hw/block/pflash_cfi: Error out if dev length isn't power of 2"

Philippe Mathieu-Daudé (1):
  hw/sd/sdhci: Do not set Buf Wr Ena before writing block
    (CVE-2022-3872)

Zhenzhong Duan (1):
  memory: Fix wrong end address dump

 hw/block/pflash_cfi01.c | 8 ++------
 hw/block/pflash_cfi02.c | 5 -----
 hw/sd/sdhci.c           | 2 +-
 softmmu/physmem.c       | 2 +-
 4 files changed, 4 insertions(+), 13 deletions(-)

Comments

Stefan Hajnoczi Nov. 8, 2022, 8:49 p.m. UTC | #1
On Tue, 8 Nov 2022 at 13:35, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
>
> The following changes since commit ade760a2f63804b7ab1839fbc3e5ddbf30538718:
>
>   Merge tag 'pull-request-2022-11-08' of https://gitlab.com/thuth/qemu into staging (2022-11-08 11:34:06 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/philmd/qemu.git tags/memflash-20221108
>
> for you to fetch changes up to cf9b3efd816518f9f210f50a0fa3e46a00b33c27:
>
>   Revert "hw/block/pflash_cfi: Error out if dev length isn't power of 2" (2022-11-08 19:29:25 +0100)
>
> ----------------------------------------------------------------
> Memory/SDHCI/ParallelFlash patches queue
>
> - Fix wrong end address dump in 'info mtree' (Zhenzhong Duan)
> - Fix in SDHCI for CVE-2022-3872 (myself)

There is a CI failure:

>>> G_TEST_DBUS_DAEMON=/builds/qemu-project/qemu/tests/dbus-vmstate-daemon.sh MALLOC_PERTURB_=127 QTEST_QEMU_BINARY=./qemu-system-arm QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon QTEST_QEMU_IMG=./qemu-img /builds/qemu-project/qemu/build/tests/qtest/npcm7xx_sdhci-test --tap -k
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
stderr:
** Message: 19:27:52.411: /tmp/sdhci_ZD2EV1
**
ERROR:../tests/qtest/npcm7xx_sdhci-test.c:101:sdwrite_read: assertion
failed: (!memcmp(rmsg, msg, len))

https://gitlab.com/qemu-project/qemu/-/jobs/3292896670

Stefan
Stefan Hajnoczi Nov. 8, 2022, 8:57 p.m. UTC | #2
I've dropped the SDHCI CVE fix due to the CI failure.

The rest of the commits are still in the staging tree and I plan to
include them in v7.2.0-rc0.

Stefan
Philippe Mathieu-Daudé Nov. 9, 2022, 7:43 a.m. UTC | #3
On 8/11/22 21:57, Stefan Hajnoczi wrote:
> I've dropped the SDHCI CVE fix due to the CI failure.
> 
> The rest of the commits are still in the staging tree and I plan to
> include them in v7.2.0-rc0.

Thank you Stefan, sorry for not catching that failure sooner.
Salvatore Bonaccorso Dec. 21, 2023, 9:19 p.m. UTC | #4
Hi Philippe,

On Wed, Nov 09, 2022 at 08:43:19AM +0100, Philippe Mathieu-Daudé wrote:
> On 8/11/22 21:57, Stefan Hajnoczi wrote:
> > I've dropped the SDHCI CVE fix due to the CI failure.
> > 
> > The rest of the commits are still in the staging tree and I plan to
> > include them in v7.2.0-rc0.
> 
> Thank you Stefan, sorry for not catching that failure sooner.

I was looking through some older CVE's for qemu which are tracked
still unfixed in Debian and noticed CVE-2022-3872 . Do you happen to
know if the fix for CVE-2022-3872, the dropped one above, was ever
fixed in another way? Or did that felt trough the cracks?

Regards,
Salvatore