Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch')
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch50
1 files changed, 0 insertions, 50 deletions
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
deleted file mode 100644
index bfde2e9d4b78..000000000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-In the SDHCI protocol, the transfer mode register value
-is used during multi block transfer to check if block count
-register is enabled and should be updated. Transfer mode
-register could be set such that, block count register would
-not be updated, thus leading to an infinite loop. Add check
-to avoid it.
-
-Reported-by: Wjjzhang <address@hidden>
-Reported-by: Jiang Xin <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/sd/sdhci.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-Update: use qemu_log_mask(LOG_UNIMP, ...)
- -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
-
-diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
-index 5bd5ab6..a9c744b 100644
---- a/hw/sd/sdhci.c
-+++ b/hw/sd/sdhci.c
-@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
- uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
- uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
-
-+ if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
-+ qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
-+ return;
-+ }
-+
- /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
- * possible stop at page boundary if initial address is not page aligned,
- * allow them to work properly */
-@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
- if (s->trnmod & SDHC_TRNS_DMA) {
- switch (SDHC_DMA_TYPE(s->hostctl)) {
- case SDHC_CTRL_SDMA:
-- if ((s->trnmod & SDHC_TRNS_MULTI) &&
-- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
-- break;
-- }
--
- if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
- sdhci_sdma_transfer_single_block(s);
- } else {
---
-2.9.3
-