From nobody Mon Nov 17 12:08:26 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1603797698; cv=none; d=zohomail.com; s=zohoarc; b=fY5BOGHlfvzcwmXeiRsvcDJIUT/FpPY/iYb0yuXxo2GmlINpAhBxuwR41vmSySuoQvpXoCpgShq7srRWvEmLDz5lyntM84+m/jIiDl6TrEa3L4cSWXxRt8CC5pQGmW6ZkjGSPUXejdg4iH9ql1PLywoVqr0Q7JXSuZkSetisu1g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603797698; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=o//1n+YIuj+DyVMAB+zHlNElHxubd/CXxNEeoskQLBU=; b=gmtisKcxIP1P9az4PdfW4mYyrp69k72BvgcMkKrSz3pbjdYwzgTj91kOkMiqxWT/+u2tbOgGcS+fDKrGeYz1thYUzt/OIg8/JeLVG2Yo/jkfKmT/qOWAeQtIGV+RFctiwg6K4qY3ZLjbTRSMKq22ntKpstgd0oeCnJ5KZ4dRLcs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1603797698328631.0350541850964; Tue, 27 Oct 2020 04:21:38 -0700 (PDT) Received: from localhost ([::1]:38086 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXN2n-0002Rz-0r for importer@patchew.org; Tue, 27 Oct 2020 07:21:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38612) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXMYP-0000ED-RB; Tue, 27 Oct 2020 06:50:13 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:47801) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXMYK-00029t-Qa; Tue, 27 Oct 2020 06:50:13 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 62C985C0114; Tue, 27 Oct 2020 06:49:47 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 27 Oct 2020 06:49:47 -0400 Received: from apples.local (80-167-98-190-cable.dk.customer.tdc.net [80.167.98.190]) by mail.messagingengine.com (Postfix) with ESMTPA id 54FF93280060; Tue, 27 Oct 2020 06:49:46 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=o//1n+YIuj+Dy VMAB+zHlNElHxubd/CXxNEeoskQLBU=; b=Pn5gY40VuH8DZUGRZKzKbRvXjnRkQ 3t2tNbw+bRo/hxDX55d5i+5FVMWD3tBoWYPjdec8qoiNeAqIhUJP19qBLOyFzzZ6 ikqP2rWgMn/4QXjrHj3j0nsejKkT7GjR9iTTLdpNwc8a7o+kcXL6K3VV0+XbRytt 5zGUijKLkccytk57Bqy32PU2gJ3JqdOmtaE2XhxoMtRUgD1m4vKnLxk62EWNsulC fKcqRXpRzCugK8UNThENRPhrGWLy/DmpExF9ASwHN3gpfp68pGtKJ4KO4ofso6aa HXLs9ybqnWlqgS/R8XctyCoyAutYD6uRvCSU3t5sScytgidZNH2xbI9yw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=o//1n+YIuj+DyVMAB+zHlNElHxubd/CXxNEeoskQLBU=; b=FOItmqoW b8dAgnCKqiUX61sOgMTPKJNQX3fL9ePHskflrmlSxFpRRUyEgkW7E6yYaalskBS5 GM1JtZuqccj6OaBXJPmKXFTGYtJye8vaTo0t2MQm3SjnhaoCDrtDGXIZW/FFUNlV 3JfNy2Cj35vvJdeodQ3G13qmWZoFsg93Gbw3jjFxCYKIPeO2dYIJonre/29UOCi1 MYGE//M2E/p8b+FU6GAFeBPHea8ytAxlflhx033Kr7//+jTuWwqopEDw1XGeErrT 39gQxZ4knCoIYqqsQQq+O/ePO/YfwnI87qHRb4w/4w/r+jQUJ+km3LnxJQNNd5/v JRue+GksjeHspw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrkeelgddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghushcu lfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrthhtvg hrnhepueelteegieeuhffgkeefgfevjeeigfetkeeitdfgtdeifefhtdfhfeeuffevgfek necukfhppeektddrudeijedrleekrdduledtnecuvehluhhsthgvrhfuihiivgepgeenuc frrghrrghmpehmrghilhhfrhhomhepihhtshesihhrrhgvlhgvvhgrnhhtrdgukh X-ME-Proxy: From: Klaus Jensen To: peter.maydell@linaro.org, qemu-devel@nongnu.org Subject: [PULL 11/30] hw/block/nvme: harden cmb access Date: Tue, 27 Oct 2020 11:49:13 +0100 Message-Id: <20201027104932.558087-12-its@irrelevant.dk> X-Mailer: git-send-email 2.29.1 In-Reply-To: <20201027104932.558087-1-its@irrelevant.dk> References: <20201027104932.558087-1-its@irrelevant.dk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=66.111.4.26; envelope-from=its@irrelevant.dk; helo=out2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/27 06:49:36 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Klaus Jensen , Keith Busch , qemu-block@nongnu.org, Klaus Jensen Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @irrelevant.dk) Content-Type: text/plain; charset="utf-8" From: Klaus Jensen Since the controller has only supported PRPs so far it has not been required to check the ending address (addr + len - 1) of the CMB access for validity since it has been guaranteed to be in range of the CMB. This changes when the controller adds support for SGLs (next patch), so add that check. Signed-off-by: Klaus Jensen Reviewed-by: Keith Busch --- hw/block/nvme.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 0e916d48d763..c0f1f8ccd473 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -142,7 +142,12 @@ static inline void *nvme_addr_to_cmb(NvmeCtrl *n, hwad= dr addr) =20 static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size) { - if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr)) { + hwaddr hi =3D addr + size - 1; + if (hi < addr) { + return 1; + } + + if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr) && nvme_addr_is_cmb(n, h= i)) { memcpy(buf, nvme_addr_to_cmb(n, addr), size); return 0; } --=20 2.29.1