[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)
From: |
Li Qiang |
Subject: |
Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847) |
Date: |
Tue, 13 Nov 2018 09:45:40 +0800 |
Ping.... what't the status of this patch.
I see Kevin's new pr doesn't contain this patch.
Thanks,
Li Qiang
Li Qiang <address@hidden> 于2018年11月2日周五 上午9:22写道:
> Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> This can lead an oob access issue. This is triggerable in the guest.
> Add check to avoid this issue.
>
> Fixes CVE-2018-16847.
>
> Reported-by: Li Qiang <address@hidden>
> Reviewed-by: Paolo Bonzini <address@hidden>
> Signed-off-by: Li Qiang <address@hidden>
> ---
> hw/block/nvme.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index fc7dacb..d097add 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -1175,6 +1175,10 @@ static void nvme_cmb_write(void *opaque, hwaddr
> addr, uint64_t data,
> unsigned size)
> {
> NvmeCtrl *n = (NvmeCtrl *)opaque;
> +
> + if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
> + return;
> + }
> memcpy(&n->cmbuf[addr], &data, size);
> }
>
> @@ -1183,6 +1187,9 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr
> addr, unsigned size)
> uint64_t val;
> NvmeCtrl *n = (NvmeCtrl *)opaque;
>
> + if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
> + return 0;
> + }
> memcpy(&val, &n->cmbuf[addr], size);
> return val;
> }
> --
> 1.8.3.1
>
>
- [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/01
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Keith Busch, 2018/11/02
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847),
Li Qiang <=
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Kevin Wolf, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Paolo Bonzini, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/13
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Paolo Bonzini, 2018/11/14
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Li Qiang, 2018/11/14
- Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847), Paolo Bonzini, 2018/11/15