From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52552)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Zk7ph-0000vO-FC
	for qemu-devel@nongnu.org; Thu, 08 Oct 2015 05:50:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Zk7pM-0000kG-AF
	for qemu-devel@nongnu.org; Thu, 08 Oct 2015 05:49:53 -0400
Received: from mail-wi0-x235.google.com ([2a00:1450:400c:c05::235]:37341)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Zk7pK-0000f7-OV
	for qemu-devel@nongnu.org; Thu, 08 Oct 2015 05:49:30 -0400
Received: by wicfx3 with SMTP id fx3so17029858wic.0
	for <qemu-devel@nongnu.org>; Thu, 08 Oct 2015 02:49:30 -0700 (PDT)
Date: Thu, 8 Oct 2015 10:49:27 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20151008094927.GB14090@stefanha-thinkpad.redhat.com>
References: <abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com>
	<CAPokK=p9-7Qw++Ohon0jwn=Rrpvt=cqTmBL+2Gu6Gn5Y+b1Obg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAPokK=p9-7Qw++Ohon0jwn=Rrpvt=cqTmBL+2Gu6Gn5Y+b1Obg@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH v1 1/1] sdhci.c: Limit the maximum block
	size
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Crosthwaite <crosthwaitepeter@gmail.com>
Cc: Bazhaniuk Oleksandr <oleksandr.bazhaniuk@intel.com>, Peter Maydell <peter.maydell@linaro.org>, Igor Mitsyanko <i.mitsyanko@gmail.com>, Markus Armbruster <armbru@redhat.com>, Walter James L <james.l.walter@intel.com>, "qemu-devel@nongnu.org Developers" <qemu-devel@nongnu.org>, Alistair Francis <alistair.francis@xilinx.com>, Sai Pavan Boddu <saipava@xilinx.com>, Kevin OConnor <kevin@koconnor.net>, wehuang@redhat.com, John Snow <jsnow@redhat.com>, secure@intel.com

On Tue, Oct 06, 2015 at 11:34:46AM -0700, Peter Crosthwaite wrote:
> On Tue, Oct 6, 2015 at 10:40 AM, Alistair Francis
> <alistair.francis@xilinx.com> wrote:
> > It is possible for the guest to set an invalid block
> > size which is larger then the fifo_buffer[] array. This
> > could cause a buffer overflow.
> >
> > To avoid this limit the maximum size of the blksize variable.
> >
> > Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
> > Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
> > Reported-by: Intel Security ATR <secure@intel.com>
> > Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
> 
> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
> 
> With Pavan's patches and now this, the SD patches are starting to pile
> up on list. What queue do they target? target-arm (as lead/major user)
> or something block-related?

I can pick them up for now in my block pull requests.  Note that I'm not
an SD expert so I can't review/maintain the code.

Stefan