[PULL 0/1] ufs queue

[PULL 0/1] ufs queue

[Jeuk Kim]

From: Jeuk Kim <jeuk20.kim@samsung.com>

The following changes since commit c60be6e3e38cb36dc66129e757ec4b34152232be:

  Merge tag 'pull-sp-20231025' of https://gitlab.com/rth7680/qemu into staging (2023-10-27 09:43:53 +0900)

are available in the Git repository at:

  https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20231030

for you to fetch changes up to 096434fea13acd19f4ead00cdf9babea8dc7e61e:

  hw/ufs: Modify lu.c to share codes with SCSI subsystem (2023-10-30 10:28:04 +0900)

----------------------------------------------------------------
ufs queue:

* Modify lu.c to share codes with SCSI

----------------------------------------------------------------
Jeuk Kim (1):
      hw/ufs: Modify lu.c to share codes with SCSI subsystem

 hw/ufs/lu.c            | 1473 ++++++++----------------------------------------
 hw/ufs/trace-events    |   25 -
 hw/ufs/ufs.c           |  202 +------
 hw/ufs/ufs.h           |   36 +-
 include/block/ufs.h    |    2 +-
 tests/qtest/ufs-test.c |   37 +-
 6 files changed, 315 insertions(+), 1460 deletions(-)

Re: [PULL 0/1] ufs queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 115 bytes --]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for any user-visible changes.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[PULL 0/1] ufs queue

[Jeuk Kim]

From: Jeuk Kim <jeuk20.kim@samsung.com>

The following changes since commit fd87be1dada5672f877e03c2ca8504458292c479:

  Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging (2024-04-26 15:28:13 -0700)

are available in the Git repository at:

  https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20240429

for you to fetch changes up to f2c8aeb1afefcda92054c448b21fc59cdd99db30:

  hw/ufs: Fix buffer overflow bug (2024-04-29 12:13:35 +0900)

----------------------------------------------------------------
ufs queue

- Fix ufs sanitizer vulnerability

----------------------------------------------------------------
Jeuk Kim (1):
      hw/ufs: Fix buffer overflow bug

 hw/ufs/ufs.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Re: [PULL 0/1] ufs queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1241 bytes --]

On Mon, Apr 29, 2024 at 12:25:37PM +0900, Jeuk Kim wrote:
> From: Jeuk Kim <jeuk20.kim@samsung.com>
> 
> The following changes since commit fd87be1dada5672f877e03c2ca8504458292c479:
> 
>   Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging (2024-04-26 15:28:13 -0700)
> 
> are available in the Git repository at:
> 
>   https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20240429
> 
> for you to fetch changes up to f2c8aeb1afefcda92054c448b21fc59cdd99db30:
> 
>   hw/ufs: Fix buffer overflow bug (2024-04-29 12:13:35 +0900)
> 
> ----------------------------------------------------------------
> ufs queue
> 
> - Fix ufs sanitizer vulnerability
> 
> ----------------------------------------------------------------
> Jeuk Kim (1):
>       hw/ufs: Fix buffer overflow bug
> 
>  hw/ufs/ufs.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 

Thanks, applied to my block tree:
https://gitlab.com/stefanha/qemu/commits/block

It will be included in my next block pull request.

You are welcome to send pull requests directly to the qemu.git/master
maintainer (Richard Henderson is on duty for this release cycle). If you
do that, make sure to GPG sign your pull request.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PULL 0/1] ufs queue

[Richard Henderson]

On 4/29/24 06:41, Stefan Hajnoczi wrote:
> On Mon, Apr 29, 2024 at 12:25:37PM +0900, Jeuk Kim wrote:
>> From: Jeuk Kim <jeuk20.kim@samsung.com>
>>
>> The following changes since commit fd87be1dada5672f877e03c2ca8504458292c479:
>>
>>    Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging (2024-04-26 15:28:13 -0700)
>>
>> are available in the Git repository at:
>>
>>    https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20240429
>>
>> for you to fetch changes up to f2c8aeb1afefcda92054c448b21fc59cdd99db30:
>>
>>    hw/ufs: Fix buffer overflow bug (2024-04-29 12:13:35 +0900)
>>
>> ----------------------------------------------------------------
>> ufs queue
>>
>> - Fix ufs sanitizer vulnerability
>>
>> ----------------------------------------------------------------
>> Jeuk Kim (1):
>>        hw/ufs: Fix buffer overflow bug
>>
>>   hw/ufs/ufs.c | 8 ++++++++
>>   1 file changed, 8 insertions(+)
>>
> 
> Thanks, applied to my block tree:
> https://gitlab.com/stefanha/qemu/commits/block
> 
> It will be included in my next block pull request.
> 
> You are welcome to send pull requests directly to the qemu.git/master
> maintainer (Richard Henderson is on duty for this release cycle). If you
> do that, make sure to GPG sign your pull request.

He did. I have

     Merge tag 'pull-ufs-20240429' of https://gitlab.com/jeuk20.kim/qemu into staging

     ufs queue

     # -----BEGIN PGP SIGNATURE-----
     #
     # iQIzBAABCgAdFiEEUBfYMVl8eKPZB+73EuIgTA5dtgIFAmYvEScACgkQEuIgTA5d
     # tgL3Qg//R3IcISQqqDaJ/ySzKGmkyohJSc6ySLYvla4Aki7PV+um2Dx/XNS7uG2b
     # d3Qz4m6QaOKsocLfldRTn2FxVK238Rp5HNny5vc0kGRdwpR514B7aU0FhpT7qObS
     # wbbgRdDddIBIiCFLhtXtg5/TK2h32VxGrVI6llX4gmd2VzqM0e4xeG1Oj8rZseOY
     # SAgvDv68s1YwlO1p1vPvst/H+mUKYkqtPN1mjfCIn5tM6ss8kCLUnKjqGAg1BnSN
     # xwaGrqqOlzQK2+aV02eiItiow8evU/h+c9eiTnBo/EvBwjoBn6flNXABWXFENnmP
     # JjVIFeiNzSFhBPDzO23GXviuEt96j5lrcGYR48HYMZfEbJNpblXzWvEGMZWnXNgx
     # Q3cpcarZ4vSWIflR9OnCSQaGLA0Ny6YqLbmrM/oD+v67EITafKKc+flmiF7DBASB
     # fUoEsdffdA37LDtygJb7hfUhvPQWWAujmGzZ1cDP8Oa0MhT7aiD0Z/WqhhjVQbM0
     # iLiCDDD0cc0pmT3vw3EnEjKjnSkY3H62Q7pnYHiQgij4Ls/Rdd/P7OkSd0aI82t0
     # TooWGZJnyf8rjAzY2cEB1Twrhmhuyt9NnGxip9W8JsQBZMLabD2CahOm83zsk7jZ
     # 3fOONz6XrW2ttFkLZcRd4x4YjKONjEXsSX2ZrXTZ5t3USz/VNvY=
     # =Vwyi
     # -----END PGP SIGNATURE-----
     # gpg: Signature made Sun 28 Apr 2024 08:16:55 PM PDT
     # gpg:                using RSA key 5017D831597C78A3D907EEF712E2204C0E5DB602
     # gpg: Good signature from "Jeuk Kim <jeuk20.kim@samsung.com>" [unknown]
     # gpg:                 aka "Jeuk Kim <jeuk20.kim@gmail.com>" [unknown]
     # gpg: WARNING: This key is not certified with a trusted signature!
     # gpg:          There is no indication that the signature belongs to the owner.
     # Primary key fingerprint: 5017 D831 597C 78A3 D907  EEF7 12E2 204C 0E5D B602

queued for the next merge.


r~

Re: [PULL 0/1] ufs queue

[Richard Henderson]

On 4/28/24 20:25, Jeuk Kim wrote:
> From: Jeuk Kim<jeuk20.kim@samsung.com>
> 
> The following changes since commit fd87be1dada5672f877e03c2ca8504458292c479:
> 
>    Merge tag 'accel-20240426' ofhttps://github.com/philmd/qemu  into staging (2024-04-26 15:28:13 -0700)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/jeuk20.kim/qemu.git  tags/pull-ufs-20240429
> 
> for you to fetch changes up to f2c8aeb1afefcda92054c448b21fc59cdd99db30:
> 
>    hw/ufs: Fix buffer overflow bug (2024-04-29 12:13:35 +0900)
> 
> ----------------------------------------------------------------
> ufs queue
> 
> - Fix ufs sanitizer vulnerability

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.


r~

[PULL 0/1] ufs queue

[Jeuk Kim]

From: Jeuk Kim <jeuk20.kim@samsung.com>

The following changes since commit 3665dd6bb9043bef181c91e2dce9e1efff47ed51:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2024-06-28 16:09:38 -0700)

are available in the Git repository at:

  https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20240630

for you to fetch changes up to e12b11f6f29272ee31ccde6b0db1a10139e87083:

  hw/ufs: Fix potential bugs in MMIO read|write (2024-06-30 12:44:32 +0900)

----------------------------------------------------------------
hw/ufs: fix coverity issue

----------------------------------------------------------------
Minwoo Im (1):
      hw/ufs: Fix potential bugs in MMIO read|write

 hw/ufs/ufs.c | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

Re: [PULL 0/1] ufs queue

[Richard Henderson]

On 6/29/24 20:52, Jeuk Kim wrote:
> From: Jeuk Kim<jeuk20.kim@samsung.com>
> 
> The following changes since commit 3665dd6bb9043bef181c91e2dce9e1efff47ed51:
> 
>    Merge tag 'for-upstream' ofhttps://gitlab.com/bonzini/qemu  into staging (2024-06-28 16:09:38 -0700)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/jeuk20.kim/qemu.git  tags/pull-ufs-20240630
> 
> for you to fetch changes up to e12b11f6f29272ee31ccde6b0db1a10139e87083:
> 
>    hw/ufs: Fix potential bugs in MMIO read|write (2024-06-30 12:44:32 +0900)
> 
> ----------------------------------------------------------------
> hw/ufs: fix coverity issue

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.


r~

[PULL 0/1] ufs queue

[Jeuk Kim]

From: Jeuk Kim <jeuk20.kim@samsung.com>

The following changes since commit b9ee1387e0cf0fba5a73a610d31cb9cead457dc0:

  Merge tag 'sdmmc-20240706' of https://github.com/philmd/qemu into staging (2024-07-07 10:34:52 -0700)

are available in the Git repository at:

  https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20240708

for you to fetch changes up to 6db492596dd9204e8fe341b2396472271cf15023:

  hw/ufs: Fix mcq register range determination logic (2024-07-08 10:25:20 +0900)

----------------------------------------------------------------
hw/ufs:
- Fix invalid address access in ufs_is_mcq_reg()

----------------------------------------------------------------
Jeuk Kim (1):
      hw/ufs: Fix mcq register range determination logic

 hw/ufs/ufs.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

[PULL 1/1] hw/ufs: Fix mcq register range determination logic

[Jeuk Kim]

From: Jeuk Kim <jeuk20.kim@samsung.com>

The function ufs_is_mcq_reg() only evaluated the range of the
mcq_op_reg offset, which is defined as a constant.
Therefore, it was possible for ufs_is_mcq_reg() to return true
despite ufs device is configured to not support the mcq.
This could cause ufs_mmio_read()/ufs_mmio_write() to result in
a segmentation fault due to accessing an invalid address.
So fix it.

Fixes: 5c079578d2e4 ("hw/ufs: Add support MCQ of UFSHCI 4.0")
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
Message-Id: <6dcb63036f3b35c833de752d1472d08bf4a9c289.1719996804.git.jeuk20.kim@samsung.com>
---
 hw/ufs/ufs.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c
index 683fff5840..cf0edd281c 100644
--- a/hw/ufs/ufs.c
+++ b/hw/ufs/ufs.c
@@ -57,7 +57,13 @@ static inline uint64_t ufs_reg_size(UfsHc *u)
 
 static inline bool ufs_is_mcq_reg(UfsHc *u, uint64_t addr, unsigned size)
 {
-    uint64_t mcq_reg_addr = ufs_mcq_reg_addr(u, 0);
+    uint64_t mcq_reg_addr;
+
+    if (!u->params.mcq) {
+        return false;
+    }
+
+    mcq_reg_addr = ufs_mcq_reg_addr(u, 0);
     return (addr >= mcq_reg_addr &&
             addr + size <= mcq_reg_addr + sizeof(u->mcq_reg));
 }
-- 
2.34.1

Re: [PULL 0/1] ufs queue

[Jeuk Kim]

I'm so sorry. I forgot to add something to the patch, I'll add it and 
resend it to you.
Sorry again.


On 7/8/2024 10:31 AM, Jeuk Kim wrote:
> From: Jeuk Kim <jeuk20.kim@samsung.com>
>
> The following changes since commit b9ee1387e0cf0fba5a73a610d31cb9cead457dc0:
>
>    Merge tag 'sdmmc-20240706' of https://github.com/philmd/qemu into staging (2024-07-07 10:34:52 -0700)
>
> are available in the Git repository at:
>
>    https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20240708
>
> for you to fetch changes up to 6db492596dd9204e8fe341b2396472271cf15023:
>
>    hw/ufs: Fix mcq register range determination logic (2024-07-08 10:25:20 +0900)
>
> ----------------------------------------------------------------
> hw/ufs:
> - Fix invalid address access in ufs_is_mcq_reg()
>
> ----------------------------------------------------------------
> Jeuk Kim (1):
>        hw/ufs: Fix mcq register range determination logic
>
>   hw/ufs/ufs.c | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)