[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847) |
|
Date: |
Tue, 13 Nov 2018 19:26:58 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
On 02/11/2018 16:40, Keith Busch wrote:
> Hey, so why is this memory region access even considered valid if the
> request is out of range from what NVMe had registered for its
> MemoryRegion? Wouldn't it be better to not call the mr->ops->read/write
> if it's out of bounds? Otherwise every MemoryRegion needs to duplicate
> the same check, right?
Because some crazy devices have misaligned registers.
But actually this is not a problem because NVMe doesn't set
ops->impl.unaligned to true, so indeed no change is needed.
Paolo
> Would something like the following work (minimally tested)?
- [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/01
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Keith Busch, 2018/11/02
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/12
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Kevin Wolf, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Paolo Bonzini, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Paolo Bonzini, 2018/11/14
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/14
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Paolo Bonzini, 2018/11/15