1 files changed, 86 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch
new file mode 100644
index 0000000000..b512b2bd7f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch
@@ -0,0 +1,86 @@
+From 794d68de2f021a6d3874df41d6bbe8590ec05207 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
+Date: Mon, 13 Jul 2020 09:27:35 +0200
+Subject: [PATCH] hw/sd/sdcard: Update coding style to make checkpatch.pl happy
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+To make the next commit easier to review, clean this code first.
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Philippe Mathieu-DaudÃ© <f4bug@amsat.org>
+Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
+Message-Id: <20200630133912.9428-3-f4bug@amsat.org>
+Upstram-Status: Backport:
+https://git.qemu.org/?p=qemu.git;a=commit;f=hw/sd/sd.c;h=794d68de2f021a6d3874df41d6bbe8590ec05207
+CVE: CVE-2020-13253
+Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
+---
+diff --git a/hw/sd/sd.c b/hw/sd/sd.c
+--- a/hw/sd/sd.c        (revision b0ca999a43a22b38158a222233d3f5881648bb4f)
+++ b/hw/sd/sd.c        (date 1647514442924)
+@@ -1154,8 +1154,9 @@
+             sd->data_start = addr;
+             sd->data_offset = 0;
+ 
+-            if (sd->data_start + sd->blk_len > sd->size)
+            if (sd->data_start + sd->blk_len > sd->size) {
+                 sd->card_status |= ADDRESS_ERROR;
+            }
+             return sd_r1;
+ 
+         default:
+@@ -1170,8 +1171,9 @@
+             sd->data_start = addr;
+             sd->data_offset = 0;
+ 
+-            if (sd->data_start + sd->blk_len > sd->size)
+            if (sd->data_start + sd->blk_len > sd->size) {
+                 sd->card_status |= ADDRESS_ERROR;
+            }
+             return sd_r1;
+ 
+         default:
+@@ -1216,12 +1218,15 @@
+             sd->data_offset = 0;
+             sd->blk_written = 0;
+ 
+-            if (sd->data_start + sd->blk_len > sd->size)
+            if (sd->data_start + sd->blk_len > sd->size) {
+                 sd->card_status |= ADDRESS_ERROR;
+-            if (sd_wp_addr(sd, sd->data_start))
+            }
+            if (sd_wp_addr(sd, sd->data_start)) {
+                 sd->card_status |= WP_VIOLATION;
+-            if (sd->csd[14] & 0x30)
+            }
+            if (sd->csd[14] & 0x30) {
+                 sd->card_status |= WP_VIOLATION;
+            }
+             return sd_r1;
+ 
+         default:
+@@ -1240,12 +1245,15 @@
+             sd->data_offset = 0;
+             sd->blk_written = 0;
+ 
+-            if (sd->data_start + sd->blk_len > sd->size)
+            if (sd->data_start + sd->blk_len > sd->size) {
+                 sd->card_status |= ADDRESS_ERROR;
+-            if (sd_wp_addr(sd, sd->data_start))
+            }
+            if (sd_wp_addr(sd, sd->data_start)) {
+                 sd->card_status |= WP_VIOLATION;
+-            if (sd->csd[14] & 0x30)
+            }
+            if (sd->csd[14] & 0x30) {
+                 sd->card_status |= WP_VIOLATION;
+            }
+             return sd_r1;
+ 
+         default:

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch new file mode 100644 index 0000000000..b512b2bd7f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch
@@ -0,0 +1,86 @@
	1	From 794d68de2f021a6d3874df41d6bbe8590ec05207 Mon Sep 17 00:00:00 2001
	2	From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
	3	Date: Mon, 13 Jul 2020 09:27:35 +0200
	4	Subject: [PATCH] hw/sd/sdcard: Update coding style to make checkpatch.pl happy
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=utf8
	7	Content-Transfer-Encoding: 8bit
	8
	9	To make the next commit easier to review, clean this code first.
	10
	11	Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
	12	Signed-off-by: Philippe Mathieu-DaudÃ© <f4bug@amsat.org>
	13	Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
	14	Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
	15	Message-Id: <20200630133912.9428-3-f4bug@amsat.org>
	16
	17	Upstram-Status: Backport:
	18	https://git.qemu.org/?p=qemu.git;a=commit;f=hw/sd/sd.c;h=794d68de2f021a6d3874df41d6bbe8590ec05207
	19
	20	CVE: CVE-2020-13253
	21
	22	Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
	23	---
	24	diff --git a/hw/sd/sd.c b/hw/sd/sd.c
	25	--- a/hw/sd/sd.c (revision b0ca999a43a22b38158a222233d3f5881648bb4f)
	26	+++ b/hw/sd/sd.c (date 1647514442924)
	27	@@ -1154,8 +1154,9 @@
	28	sd->data_start = addr;
	29	sd->data_offset = 0;
	30
	31	- if (sd->data_start + sd->blk_len > sd->size)
	32	+ if (sd->data_start + sd->blk_len > sd->size) {
	33	sd->card_status \|= ADDRESS_ERROR;
	34	+ }
	35	return sd_r1;
	36
	37	default:
	38	@@ -1170,8 +1171,9 @@
	39	sd->data_start = addr;
	40	sd->data_offset = 0;
	41
	42	- if (sd->data_start + sd->blk_len > sd->size)
	43	+ if (sd->data_start + sd->blk_len > sd->size) {
	44	sd->card_status \|= ADDRESS_ERROR;
	45	+ }
	46	return sd_r1;
	47
	48	default:
	49	@@ -1216,12 +1218,15 @@
	50	sd->data_offset = 0;
	51	sd->blk_written = 0;
	52
	53	- if (sd->data_start + sd->blk_len > sd->size)
	54	+ if (sd->data_start + sd->blk_len > sd->size) {
	55	sd->card_status \|= ADDRESS_ERROR;
	56	- if (sd_wp_addr(sd, sd->data_start))
	57	+ }
	58	+ if (sd_wp_addr(sd, sd->data_start)) {
	59	sd->card_status \|= WP_VIOLATION;
	60	- if (sd->csd[14] & 0x30)
	61	+ }
	62	+ if (sd->csd[14] & 0x30) {
	63	sd->card_status \|= WP_VIOLATION;
	64	+ }
	65	return sd_r1;
	66
	67	default:
	68	@@ -1240,12 +1245,15 @@
	69	sd->data_offset = 0;
	70	sd->blk_written = 0;
	71
	72	- if (sd->data_start + sd->blk_len > sd->size)
	73	+ if (sd->data_start + sd->blk_len > sd->size) {
	74	sd->card_status \|= ADDRESS_ERROR;
	75	- if (sd_wp_addr(sd, sd->data_start))
	76	+ }
	77	+ if (sd_wp_addr(sd, sd->data_start)) {
	78	sd->card_status \|= WP_VIOLATION;
	79	- if (sd->csd[14] & 0x30)
	80	+ }
	81	+ if (sd->csd[14] & 0x30) {
	82	sd->card_status \|= WP_VIOLATION;
	83	+ }
	84	return sd_r1;
	85
	86	default: