Re: [PATCH v2 0/9] hw/sd/sdcard: Fix CVE-2020-13253

[Philippe Mathieu-Daudé]

On 7/13/20 8:32 PM, Philippe Mathieu-Daudé wrote:
> This series fixes CVE-2020-13253 by only allowing SD card image
> sizes power of 2, and not switching to SEND_DATA state when the
> address is invalid (out of range).
> 
> Patches missing review:
>  3: boot_linux: Tag tests using a SD card with 'device:sd'
>  4: boot_linux: Expand SD card image to power of 2
>  7: hw/sd/sdcard: Do not allow invalid SD card sizes
> 
> Since v1:
> Fixes issue due to image not power of 2:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg720737.html
> 
> Supersedes: <20200707132116.26207-1-f4bug@amsat.org>
> 
> Niek Linnenbank (1):
>   docs/orangepi: Add instructions for resizing SD image to power of two
> 
> Philippe Mathieu-Daudé (8):
>   MAINTAINERS: Cc qemu-block mailing list
>   tests/acceptance/boot_linux: Tag tests using a SD card with
>     'device:sd'
>   tests/acceptance/boot_linux: Expand SD card image to power of 2
>   hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
>   hw/sd/sdcard: Simplify realize() a bit
>   hw/sd/sdcard: Do not allow invalid SD card sizes
>   hw/sd/sdcard: Update coding style to make checkpatch.pl happy
>   hw/sd/sdcard: Do not switch to ReceivingData if address is invalid
> 
>  docs/system/arm/orangepi.rst           | 16 ++++-
>  hw/sd/sd.c                             | 86 ++++++++++++++++++++------
>  MAINTAINERS                            |  1 +
>  tests/acceptance/boot_linux_console.py | 30 ++++++---
>  4 files changed, 102 insertions(+), 31 deletions(-)

Thanks for the reviews.

I addressed Cleber minor comment and will send a pull request shortly.

Phil.