mbox series

[PATCH-for-9.0?,0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

Message ID 20240408083605.55238-1-philmd@linaro.org
Headers show
Series hw/block/nand: Fix out-of-bound access in NAND block buffer | expand

Message

Philippe Mathieu-Daudé April 8, 2024, 8:36 a.m. UTC 
Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446

Philippe Mathieu-Daudé (3):
  hw/block/nand: Factor nand_load_iolen() method out
  hw/block/nand: Have blk_load() return boolean indicating success
  hw/block/nand: Fix out-of-bound access in NAND block buffer

 hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 34 insertions(+), 16 deletions(-)

Comments

Mauro Matteo Cascella April 8, 2024, 3:45 p.m. UTC | #1 
On Mon, Apr 8, 2024 at 10:36 AM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:
>
> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446

Does hw/block/nand meet the security requirements for CVE assignment?

=> https://www.qemu.org/docs/master/system/security.html

> Philippe Mathieu-Daudé (3):
>   hw/block/nand: Factor nand_load_iolen() method out
>   hw/block/nand: Have blk_load() return boolean indicating success
>   hw/block/nand: Fix out-of-bound access in NAND block buffer
>
>  hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
>  1 file changed, 34 insertions(+), 16 deletions(-)
>
> --
> 2.41.0
>
Kevin Wolf April 9, 2024, 10:55 a.m. UTC | #2 
Am 08.04.2024 um 10:36 hat Philippe Mathieu-Daudé geschrieben:
> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446
> 
> Philippe Mathieu-Daudé (3):
>   hw/block/nand: Factor nand_load_iolen() method out
>   hw/block/nand: Have blk_load() return boolean indicating success
>   hw/block/nand: Fix out-of-bound access in NAND block buffer

As we're short on time for 9.0:

Reviewed-by: Kevin Wolf <kwolf@redhat.com>

But it feels to me like this device could use some more cleanup to make
the code more robust.

Kevin
Philippe Mathieu-Daudé April 9, 2024, 1:57 p.m. UTC | #3 
On 8/4/24 17:45, Mauro Matteo Cascella wrote:
> On Mon, Apr 8, 2024 at 10:36 AM Philippe Mathieu-Daudé
> <philmd@linaro.org> wrote:
>>
>> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446
> 
> Does hw/block/nand meet the security requirements for CVE assignment?
> 
> => https://www.qemu.org/docs/master/system/security.html

I don't think this device model is used in virtualization,
so I don't think so. (Cc'ing qemu-arm@ in case).
Thanks!

> 
>> Philippe Mathieu-Daudé (3):
>>    hw/block/nand: Factor nand_load_iolen() method out
>>    hw/block/nand: Have blk_load() return boolean indicating success
>>    hw/block/nand: Fix out-of-bound access in NAND block buffer
>>
>>   hw/block/nand.c | 50 +++++++++++++++++++++++++++++++++----------------
>>   1 file changed, 34 insertions(+), 16 deletions(-)
>>
>> --
>> 2.41.0
>>
>