This series fixes CVE-2020-13253 by only allowing SD card image sizes power of 2, and not switching to SEND_DATA state when the address is invalid (out of range).
Patches missing review: 3: boot_linux: Tag tests using a SD card with 'device:sd' 4: boot_linux: Expand SD card image to power of 2 7: hw/sd/sdcard: Do not allow invalid SD card sizes Since v1: Fixes issue due to image not power of 2: https://www.mail-archive.com/[email protected]/msg720737.html Supersedes: <[email protected]> Niek Linnenbank (1): docs/orangepi: Add instructions for resizing SD image to power of two Philippe Mathieu-Daudé (8): MAINTAINERS: Cc qemu-block mailing list tests/acceptance/boot_linux: Tag tests using a SD card with 'device:sd' tests/acceptance/boot_linux: Expand SD card image to power of 2 hw/sd/sdcard: Restrict Class 6 commands to SCSD cards hw/sd/sdcard: Simplify realize() a bit hw/sd/sdcard: Do not allow invalid SD card sizes hw/sd/sdcard: Update coding style to make checkpatch.pl happy hw/sd/sdcard: Do not switch to ReceivingData if address is invalid docs/system/arm/orangepi.rst | 16 ++++- hw/sd/sd.c | 86 ++++++++++++++++++++------ MAINTAINERS | 1 + tests/acceptance/boot_linux_console.py | 30 ++++++--- 4 files changed, 102 insertions(+), 31 deletions(-) -- 2.21.3
