Re: [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-devel@nongnu.org, Qiang Liu <cyruscyliu@gmail.com>,
	qemu-block@nongnu.org, Alexander Bulekov <alxndr@bu.edu>,
	Hanna Reitz <hreitz@redhat.com>
Subject: Re: [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Date: Tue, 9 Apr 2024 16:04:19 +0200	[thread overview]
Message-ID: <2bf93771-5b70-4549-b7df-6021975f9008@linaro.org> (raw)
In-Reply-To: <20240409135944.24997-1-philmd@linaro.org>

On 9/4/24 15:59, Philippe Mathieu-Daudé wrote:
> Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446
> 
> Since v1:
> - Addressed Kevin trivial suggestions (unsigned offset)

$ git backport-diff
Key:
[----] : patches are identical
[####] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, 
respectively

001/       3:[0009] [FC] 'hw/block/nand: Factor nand_load_iolen() method 
out'
002/       3:[0004] [FC] 'hw/block/nand: Have blk_load() return boolean 
indicating success'
003/       3:[----] [-C] 'hw/block/nand: Fix out-of-bound access in NAND 
block buffer'

$ git diff
diff --git a/hw/block/nand.c b/hw/block/nand.c
index d90dc965a1..e2433c25bd 100644
--- a/hw/block/nand.c
+++ b/hw/block/nand.c
@@ -88,7 +88,7 @@ struct NANDFlashState {
       * Returns %true when block containing (@addr + @offset) is
       * successfully loaded, otherwise %false.
       */
-    bool (*blk_load)(NANDFlashState *s, uint64_t addr, int offset);
+    bool (*blk_load)(NANDFlashState *s, uint64_t addr, unsigned offset);

      uint32_t ioaddr_vmstate;
  };
@@ -251,18 +251,21 @@ static inline void nand_pushio_byte(NANDFlashState 
*s, uint8_t value)
   * nand_load_block: Load block containing (s->addr + @offset).
   * Returns length of data available at @offset in this block.
   */
-static int nand_load_block(NANDFlashState *s, int offset)
+static unsigned nand_load_block(NANDFlashState *s, unsigned offset)
  {
-    int iolen;
+    unsigned iolen;

      if (!s->blk_load(s, s->addr, offset)) {
          return 0;
      }

-    iolen = (1 << s->page_shift) - offset;
+    iolen = (1 << s->page_shift);
      if (s->gnd) {
          iolen += 1 << s->oob_shift;
      }
+    assert(offset <= iolen);
+    iolen -= offset;
+
      return iolen;
  }

@@ -776,7 +779,7 @@ static void glue(nand_blk_erase_, 
NAND_PAGE_SIZE)(NANDFlashState *s)
  }

  static bool glue(nand_blk_load_, NAND_PAGE_SIZE)(NANDFlashState *s,
-                uint64_t addr, int offset)
+                uint64_t addr, unsigned offset)
  {
      if (PAGE(addr) >= s->pages) {
          return false;
---

> 
> Philippe Mathieu-Daudé (3):
>    hw/block/nand: Factor nand_load_iolen() method out
>    hw/block/nand: Have blk_load() take unsigned offset and return boolean
>    hw/block/nand: Fix out-of-bound access in NAND block buffer
> 
>   hw/block/nand.c | 55 ++++++++++++++++++++++++++++++++++---------------
>   1 file changed, 38 insertions(+), 17 deletions(-)
>

next prev parent reply	other threads:[~2024-04-09 14:04 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-09 13:59 [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer Philippe Mathieu-Daudé
2024-04-09 13:59 ` [PATCH-for-9.0 v2 1/3] hw/block/nand: Factor nand_load_iolen() method out Philippe Mathieu-Daudé
2024-04-09 13:59 ` [PATCH-for-9.0 v2 2/3] hw/block/nand: Have blk_load() take unsigned offset and return boolean Philippe Mathieu-Daudé
2024-04-09 13:59 ` [PATCH-for-9.0 v2 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer Philippe Mathieu-Daudé
2024-04-09 14:04 ` Philippe Mathieu-Daudé [this message]
2024-04-09 14:18 ` [PATCH-for-9.0 v2 0/3] " Kevin Wolf
2024-04-09 14:31   ` Philippe Mathieu-Daudé

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d90dc965a dfblob:e2433c25b )
 OR (
bs:"Re: [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2bf93771-5b70-4549-b7df-6021975f9008@linaro.org \
    --to=philmd@linaro.org \
    --cc=alxndr@bu.edu \
    --cc=cyruscyliu@gmail.com \
    --cc=hreitz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).