[PATCH-for-10.1 03/11] hw/sd/sdcard: Propagate response size to sd_response_r*_make()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Cc: "Guenter Roeck" <linux@roeck-us.net>,
	"Palmer Dabbelt" <palmer@dabbelt.com>,
	"Liu Zhiwei" <zhiwei_liu@linux.alibaba.com>,
	"Daniel Henrique Barboza" <dbarboza@ventanamicro.com>,
	"Strahinja Jankovic" <strahinja.p.jankovic@gmail.com>,
	qemu-riscv@nongnu.org, qemu-arm@nongnu.org,
	"Bin Meng" <bmeng.cn@gmail.com>,
	"Alistair Francis" <alistair.francis@wdc.com>,
	"Beniamino Galvani" <b.galvani@gmail.com>,
	"Ben Dooks" <ben.dooks@codethink.co.uk>,
	"Weiwei Li" <liwei1518@gmail.com>,
	qemu-block@nongnu.org,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PATCH-for-10.1 03/11] hw/sd/sdcard: Propagate response size to sd_response_r*_make()
Date: Thu, 31 Jul 2025 23:27:58 +0200	[thread overview]
Message-ID: <20250731212807.2706-4-philmd@linaro.org> (raw)
In-Reply-To: <20250731212807.2706-1-philmd@linaro.org>

All sd_response_r*_make() fill the @response buffer. Now that
sd_do_command() knows the buffer size, propagate it to the
response fillers and assert for any overflow.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 hw/sd/sd.c | 40 ++++++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 1d88aee38d5..22bdb4ca3ab 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -729,34 +729,52 @@ static int sd_req_crc_validate(SDRequest *req)
     return sd_crc7(buffer, 5) != req->crc;  /* TODO */
 }
 
-static void sd_response_r1_make(SDState *sd, uint8_t *response)
+static size_t sd_response_r1_make(SDState *sd, uint8_t *response, size_t respsz)
 {
+    size_t rsplen = 4;
+
+    assert(respsz >= 4);
     stl_be_p(response, sd->card_status);
 
     /* Clear the "clear on read" status bits */
     sd->card_status &= ~CARD_STATUS_C;
+
+    return rsplen;
 }
 
-static void sd_response_r3_make(SDState *sd, uint8_t *response)
+static size_t sd_response_r3_make(SDState *sd, uint8_t *response, size_t respsz)
 {
+    size_t rsplen = 4;
+
+    assert(respsz >= rsplen);
     stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
+
+    return rsplen;
 }
 
-static void sd_response_r6_make(SDState *sd, uint8_t *response)
+static size_t sd_response_r6_make(SDState *sd, uint8_t *response, size_t respsz)
 {
     uint16_t status;
 
+    assert(respsz >= 4);
     status = ((sd->card_status >> 8) & 0xc000) |
              ((sd->card_status >> 6) & 0x2000) |
               (sd->card_status & 0x1fff);
     sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
     stw_be_p(response + 0, sd->rca);
     stw_be_p(response + 2, status);
+
+    return 4;
 }
 
-static void sd_response_r7_make(SDState *sd, uint8_t *response)
+static size_t sd_response_r7_make(SDState *sd, uint8_t *response, size_t respsz)
 {
+    size_t rsplen = 4;
+
+    assert(respsz >= rsplen);
     stl_be_p(response, sd->vhs);
+
+    return rsplen;
 }
 
 static uint32_t sd_blk_len(SDState *sd)
@@ -2207,33 +2225,31 @@ send_response:
     switch (rtype) {
     case sd_r1:
     case sd_r1b:
-        sd_response_r1_make(sd, response);
-        rsplen = 4;
+        rsplen = sd_response_r1_make(sd, response, respsz);
         break;
 
     case sd_r2_i:
+        assert(respsz >= 16);
         memcpy(response, sd->cid, sizeof(sd->cid));
         rsplen = 16;
         break;
 
     case sd_r2_s:
+        assert(respsz >= 16);
         memcpy(response, sd->csd, sizeof(sd->csd));
         rsplen = 16;
         break;
 
     case sd_r3:
-        sd_response_r3_make(sd, response);
-        rsplen = 4;
+        rsplen = sd_response_r3_make(sd, response, respsz);
         break;
 
     case sd_r6:
-        sd_response_r6_make(sd, response);
-        rsplen = 4;
+        rsplen = sd_response_r6_make(sd, response, respsz);
         break;
 
     case sd_r7:
-        sd_response_r7_make(sd, response);
-        rsplen = 4;
+        rsplen = sd_response_r7_make(sd, response, respsz);
         break;
 
     case sd_r0:
-- 
2.49.0

next prev parent reply	other threads:[~2025-07-31 21:48 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-31 21:27 [PATCH-for-10.1 00/11] hw/sd: Fix SD cards in SPI mode Philippe Mathieu-Daudé
2025-07-31 21:27 ` [PATCH-for-10.1 01/11] hw/sd/sdcard: Do not ignore errors in sd_cmd_to_sendingdata() Philippe Mathieu-Daudé
2025-08-01  6:40   ` Richard Henderson
2025-07-31 21:27 ` [PATCH-for-10.1 02/11] hw/sd/sdbus: Provide buffer size to sdbus_do_command() Philippe Mathieu-Daudé
2025-08-01  7:08   ` Richard Henderson
2025-07-31 21:27 ` Philippe Mathieu-Daudé [this message]
2025-08-01  7:17   ` [PATCH-for-10.1 03/11] hw/sd/sdcard: Propagate response size to sd_response_r*_make() Richard Henderson
2025-07-31 21:27 ` [PATCH-for-10.1 04/11] hw/sd/sdcard: Fill SPI response bits in card code Philippe Mathieu-Daudé
2025-08-01  7:19   ` Richard Henderson
2025-08-04  9:11     ` Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 05/11] hw/sd/sdcard: Implement SPI R2 return value Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 06/11] hw/sd/sdcard: Use complete SEND_OP_COND implementation in SPI mode Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 07/11] hw/sd/sdcard: Allow using SWITCH_FUNCTION in more SPI states Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 08/11] hw/sd/sdcard: Factor spi_cmd_SEND_CxD() out Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 09/11] hw/sd/sdcard: Disable checking STBY mode in SPI SEND_CSD/CID Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 10/11] hw/sd/sdcard: Remove SDState::mode field Philippe Mathieu-Daudé
2025-07-31 21:28 ` [PATCH-for-10.1 11/11] tests/functional: Test SD cards in SPI mode (using sifive_u machine) Philippe Mathieu-Daudé
2025-07-31 21:34 ` [PATCH-for-10.1 00/11] hw/sd: Fix SD cards in SPI mode Philippe Mathieu-Daudé

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1d88aee38d dfblob:22bdb4ca3a )
 OR (
bs:"[PATCH-for-10.1 03/11] hw/sd/sdcard: Propagate response size to sd_response_r*_make()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250731212807.2706-4-philmd@linaro.org \
    --to=philmd@linaro.org \
    --cc=alistair.francis@wdc.com \
    --cc=b.galvani@gmail.com \
    --cc=ben.dooks@codethink.co.uk \
    --cc=bmeng.cn@gmail.com \
    --cc=dbarboza@ventanamicro.com \
    --cc=linux@roeck-us.net \
    --cc=liwei1518@gmail.com \
    --cc=palmer@dabbelt.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-riscv@nongnu.org \
    --cc=strahinja.p.jankovic@gmail.com \
    --cc=zhiwei_liu@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).