[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 11/30] hw/block/nvme: harden cmb access
From: |
Klaus Jensen |
Subject: |
[PULL 11/30] hw/block/nvme: harden cmb access |
Date: |
Tue, 27 Oct 2020 11:49:13 +0100 |
From: Klaus Jensen <k.jensen@samsung.com>
Since the controller has only supported PRPs so far it has not been
required to check the ending address (addr + len - 1) of the CMB access
for validity since it has been guaranteed to be in range of the CMB.
This changes when the controller adds support for SGLs (next patch), so
add that check.
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
---
hw/block/nvme.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 0e916d48d763..c0f1f8ccd473 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -142,7 +142,12 @@ static inline void *nvme_addr_to_cmb(NvmeCtrl *n, hwaddr
addr)
static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size)
{
- if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr)) {
+ hwaddr hi = addr + size - 1;
+ if (hi < addr) {
+ return 1;
+ }
+
+ if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr) && nvme_addr_is_cmb(n, hi)) {
memcpy(buf, nvme_addr_to_cmb(n, addr), size);
return 0;
}
--
2.29.1
- [PULL 01/30] hw/block/nvme: fix typo in trace event, (continued)
- [PULL 01/30] hw/block/nvme: fix typo in trace event, Klaus Jensen, 2020/10/27
- [PULL 04/30] hw/block/nvme: commonize nvme_rw error handling, Klaus Jensen, 2020/10/27
- [PULL 02/30] pci: pass along the return value of dma_memory_rw, Klaus Jensen, 2020/10/27
- [PULL 06/30] hw/block/nvme: add a lba to bytes helper, Klaus Jensen, 2020/10/27
- [PULL 08/30] hw/block/nvme: add symbolic command name to trace events, Klaus Jensen, 2020/10/27
- [PULL 05/30] hw/block/nvme: alignment style fixes, Klaus Jensen, 2020/10/27
- [PULL 07/30] hw/block/nvme: fix endian conversion, Klaus Jensen, 2020/10/27
- [PULL 09/30] hw/block/nvme: refactor aio submission, Klaus Jensen, 2020/10/27
- [PULL 10/30] hw/block/nvme: default request status to success, Klaus Jensen, 2020/10/27
- [PULL 11/30] hw/block/nvme: harden cmb access,
Klaus Jensen <=
- [PULL 14/30] hw/block/nvme: refactor identify active namespace id list, Klaus Jensen, 2020/10/27
- [PULL 13/30] hw/block/nvme: add support for sgl bit bucket descriptor, Klaus Jensen, 2020/10/27
- [PULL 12/30] hw/block/nvme: add support for scatter gather lists, Klaus Jensen, 2020/10/27
- [PULL 16/30] pci: allocate pci id for nvme, Klaus Jensen, 2020/10/27
- [PULL 15/30] hw/block/nvme: support multiple namespaces, Klaus Jensen, 2020/10/27
- [PULL 18/30] hw/block/nvme: update nsid when registered, Klaus Jensen, 2020/10/27
- [PULL 19/30] hw/block/nvme: remove pointless rw indirection, Klaus Jensen, 2020/10/27
- [PULL 17/30] hw/block/nvme: change controller pci id, Klaus Jensen, 2020/10/27
- [PULL 21/30] hw/block/nvme: support per-namespace smart log, Klaus Jensen, 2020/10/27
- [PULL 23/30] hw/block/nvme: support for admin-only command set, Klaus Jensen, 2020/10/27