Message ID | 20200605102230.21493-5-philmd@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | hw/sd/sdcard: Fix CVE-2020-13253 & cleanups | expand |
On Fri, 5 Jun 2020 at 11:23, Philippe Mathieu-Daudé <philmd@redhat.com> wrote: > > From: Philippe Mathieu-Daudé <f4bug@amsat.org> > > Only SCSD cards support Class 6 (Block Oriented Write Protection) > commands. > > "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" > > 4.3.14 Command Functional Difference in Card Capacity Types > > * Write Protected Group > > SDHC and SDXC do not support write-protected groups. Issuing > CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error. > > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- Reviewed-by: Peter Maydell <peter.maydell@linaro.org> thanks -- PMM
diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 90d5ff6209..4cc1ecf9f9 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -905,6 +905,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) sd->multi_blk_cnt = 0; } + if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { + /* Only Standard Capacity cards support class 6 commands */ + return sd_illegal; + } + switch (req.cmd) { /* Basic commands (Class 0 and Class 1) */ case 0: /* CMD0: GO_IDLE_STATE */