[PATCH v7 41/48] nvme: harden cmb access

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v7 41/48] nvme: harden cmb access

From:	Klaus Jensen
Subject:	[PATCH v7 41/48] nvme: harden cmb access
Date:	Wed, 15 Apr 2020 07:51:33 +0200

From: Klaus Jensen <address@hidden>

Since the controller has only supported PRPs so far it has not been
required to check the ending address (addr + len - 1) of the CMB access
for validity since it has been guaranteed to be in range of the CMB.

This changes when the controller adds support for SGLs (next patch), so
add that check.

Signed-off-by: Klaus Jensen <address@hidden>
---
 hw/block/nvme.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 6dcd9c4b4cd0..5140bc32913d 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -76,7 +76,12 @@ static inline bool nvme_addr_is_cmb(NvmeCtrl *n, hwaddr addr)
 
 static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size)
 {
-    if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr)) {
+    hwaddr hi = addr + size - 1;
+    if (hi < addr) {
+        return 1;
+    }
+
+    if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr) && nvme_addr_is_cmb(n, hi)) {
         memcpy(buf, nvme_addr_to_cmb(n, addr), size);
         return 0;
     }
-- 
2.26.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v7 40/48] nvme: handle dma errors, (continued)
- [PATCH v7 40/48] nvme: handle dma errors, Klaus Jensen, 2020/04/15
  - Re: [PATCH v7 40/48] nvme: handle dma errors, Philippe Mathieu-Daudé, 2020/04/15
- [PATCH v7 26/48] nvme: remove redundant has_sg member, Klaus Jensen, 2020/04/15
- [PATCH v7 30/48] nvme: verify validity of prp lists in the cmb, Klaus Jensen, 2020/04/15
- [PATCH v7 35/48] nvme: remove NvmeCmd parameter, Klaus Jensen, 2020/04/15
- [PATCH v7 36/48] nvme: allow multiple aios per command, Klaus Jensen, 2020/04/15
- [PATCH v7 37/48] nvme: add nvme_check_rw helper, Klaus Jensen, 2020/04/15
- [PATCH v7 39/48] pci: pass along the return value of dma_memory_rw, Klaus Jensen, 2020/04/15
- [PATCH v7 28/48] nvme: pass request along for tracing, Klaus Jensen, 2020/04/15
- [PATCH v7 44/48] nvme: refactor identify active namespace id list, Klaus Jensen, 2020/04/15
- [PATCH v7 41/48] nvme: harden cmb access, Klaus Jensen <=
- [PATCH v7 43/48] nvme: add support for sgl bit bucket descriptor, Klaus Jensen, 2020/04/15
- [PATCH v7 47/48] nvme: change controller pci id, Klaus Jensen, 2020/04/15
- [PATCH v7 46/48] pci: allocate pci id for nvme, Klaus Jensen, 2020/04/15
  - Re: [PATCH v7 46/48] pci: allocate pci id for nvme, Gerd Hoffmann, 2020/04/21
- [PATCH v7 48/48] nvme: make lba data size configurable, Klaus Jensen, 2020/04/15
  - Re: [PATCH v7 48/48] nvme: make lba data size configurable, Philippe Mathieu-Daudé, 2020/04/15
- [PATCH v7 42/48] nvme: add support for scatter gather lists, Klaus Jensen, 2020/04/15
- [PATCH v7 45/48] nvme: support multiple namespaces, Klaus Jensen, 2020/04/15
  - Re: [PATCH v7 45/48] nvme: support multiple namespaces, Philippe Mathieu-Daudé, 2020/04/15
    - Re: [PATCH v7 45/48] nvme: support multiple namespaces, Klaus Birkelund Jensen, 2020/04/15

Prev by Date: [PATCH v7 44/48] nvme: refactor identify active namespace id list
Next by Date: [PATCH v7 43/48] nvme: add support for sgl bit bucket descriptor
Previous by thread: [PATCH v7 44/48] nvme: refactor identify active namespace id list
Next by thread: [PATCH v7 43/48] nvme: add support for sgl bit bucket descriptor
Index(es):
- Date
- Thread