diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch deleted file mode 100644 index 7199056838..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c2298884cf6bcf2b047b4bae5f78432b052b5729 Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Wed, 3 Mar 2021 20:26:38 +0800 -Subject: [PATCH 5/6] hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE - register is writable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The codes to limit the maximum block size is only necessary when -SDHC_BLKSIZE register is writable. - -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Message-Id: <20210303122639.20004-5-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 7de03c6dd..6c780126e 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1142,15 +1142,15 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - if (!TRANSFERRING_DATA(s->prnsts)) { - MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); - MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); -- } - -- /* Limit block size to the maximum buffer size */ -- if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { -- qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " -- "the maximum buffer 0x%x\n", __func__, s->blksize, -- s->buf_maxsz); -+ /* Limit block size to the maximum buffer size */ -+ if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { -+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " -+ "the maximum buffer 0x%x\n", __func__, s->blksize, -+ s->buf_maxsz); - -- s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); -+ s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); -+ } - } - - break; --- -2.29.2 - |