Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Date:	Tue, 9 Apr 2024 00:05:16 +0200
User-agent:	Mozilla Thunderbird

On 8/4/24 18:39, Richard Henderson wrote:

On 4/7/24 22:36, Philippe Mathieu-Daudé wrote:

nand_command() and nand_getio() don't check @offset points
into the block, nor the available data length (s->iolen) is
not negative.

In order to fix:

- check the offset is in range in nand_blk_load_NAND_PAGE_SIZE(),
- do not set @iolen if blk_load() failed.

Do not set, or do not set to non-zero? I had been wondering if the


Oh, "do not set to non-zero", thanks :)

final assignment to s->iolen should go into nand_load_block as well...


For the next tag I rather keep it this way which seems more
explicit to me.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>


Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Philippe Mathieu-Daudé, 2024/04/08
- [PATCH-for-9.0? 1/3] hw/block/nand: Factor nand_load_iolen() method out, Philippe Mathieu-Daudé, 2024/04/08
  - Re: [PATCH-for-9.0? 1/3] hw/block/nand: Factor nand_load_iolen() method out, Richard Henderson, 2024/04/08
  - Re: [PATCH-for-9.0? 1/3] hw/block/nand: Factor nand_load_iolen() method out, Kevin Wolf, 2024/04/09
- [PATCH-for-9.0? 2/3] hw/block/nand: Have blk_load() return boolean indicating success, Philippe Mathieu-Daudé, 2024/04/08
  - Re: [PATCH-for-9.0? 2/3] hw/block/nand: Have blk_load() return boolean indicating success, Richard Henderson, 2024/04/08
- [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Philippe Mathieu-Daudé, 2024/04/08
  - Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Philippe Mathieu-Daudé, 2024/04/08
  - Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Richard Henderson, 2024/04/08
    - Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Philippe Mathieu-Daudé <=
- Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Mauro Matteo Cascella, 2024/04/08
  - Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Philippe Mathieu-Daudé, 2024/04/09
- Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer, Kevin Wolf, 2024/04/09

Prev by Date: Re: [PATCH-for-9.0] hw/sd/sdhci: Discard excess of data written to Buffer Data Port register
Next by Date: Re: [PATCH v5 1/2] nbd/server: do not poll within a coroutine context
Previous by thread: Re: [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Next by thread: Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer
Index(es):
- Date
- Thread