1. Patchew
  2. QEMU
  3. [PATCH v2 00/17] hw/block/nvme: multiple namespaces support
  4. View patch

[PATCH v2 11/17] hw/block/nvme: harden cmb access

Klaus Jensen posted 17 patches 5 years, 4 months ago
Maintainers: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Eduardo Habkost <ehabkost@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Klaus Jensen <its@irrelevant.dk>, Max Reitz <mreitz@redhat.com>, Keith Busch <kbusch@kernel.org>, Kevin Wolf <kwolf@redhat.com>
There is a newer version of this series
[PATCH v2 11/17] hw/block/nvme: harden cmb access
Posted by Klaus Jensen 5 years, 4 months ago 
From: Klaus Jensen <k.jensen@samsung.com>

Since the controller has only supported PRPs so far it has not been
required to check the ending address (addr + len - 1) of the CMB access
for validity since it has been guaranteed to be in range of the CMB.

This changes when the controller adds support for SGLs (next patch), so
add that check.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
 hw/block/nvme.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 7e6cbd3f1058..a440f6617f70 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -142,7 +142,12 @@ static inline void *nvme_addr_to_cmb(NvmeCtrl *n, hwaddr addr)
 
 static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size)
 {
-    if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr)) {
+    hwaddr hi = addr + size - 1;
+    if (hi < addr) {
+        return 1;
+    }
+
+    if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr) && nvme_addr_is_cmb(n, hi)) {
         memcpy(buf, nvme_addr_to_cmb(n, addr), size);
         return 0;
     }
-- 
2.28.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.