On 05/19/2015 11:35 AM, Kevin Wolf wrote: > This series fixes the real bug that caused CVE-2015-3456, and does some > cleanup in the FIFO access functions to make the command processing more > obvious. > > Kevin Wolf (8): > fdc: Rename fdctrl_reset_fifo() to fdctrl_to_command_phase() > fdc: Rename fdctrl_set_fifo() to fdctrl_to_result_phase() > fdc: Introduce fdctrl->phase > fdc: Use phase in fdctrl_write_data() > fdc: Code cleanup in fdctrl_write_data() > fdc: Disentangle phases in fdctrl_read_data() > fdc: Fix MSR.RQM flag > fdc-test: Test state for existing cases more thoroughly > > hw/block/fdc.c | 235 > +++++++++++++++++++++++++++++++++++++------------------ > tests/fdc-test.c | 34 ++++++++ > 2 files changed, 192 insertions(+), 77 deletions(-) >
This is just the cover letter, but I might not leave the implication dangling that the CVE-2015-3456 bug remains to be patched, or that the vulnerability still exists in the current codebase. So for posterity: This patch series is a thorough cleanup of the code that was patched to prevent the CVE-2015-3456 vulnerability. Thanks! --js
