From patchwork Tue Sep 22 08:45:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Klaus Jensen X-Patchwork-Id: 304792 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 794C1C4727E for ; Tue, 22 Sep 2020 09:11:22 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C75B3239CF for ; Tue, 22 Sep 2020 09:11:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C75B3239CF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=irrelevant.dk Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:39752 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kKeKU-0006AP-U7 for qemu-devel@archiver.kernel.org; Tue, 22 Sep 2020 05:11:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55854) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kKdwH-0006OQ-Ez; Tue, 22 Sep 2020 04:46:17 -0400 Received: from new4-smtp.messagingengine.com ([66.111.4.230]:58755) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kKdwF-0000ud-MQ; Tue, 22 Sep 2020 04:46:17 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailnew.nyi.internal (Postfix) with ESMTP id 209EB5803E0; Tue, 22 Sep 2020 04:45:53 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Tue, 22 Sep 2020 04:45:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=qJeTGug5PQ2GC 84jvTPZNu+vyo6hsGM5cWlpsifuT6Q=; b=TltjP7vjuG8eHsFKDo2VD2UDzmUVH ydPEovuasAD0w2fNNmxgl7FGzYhayzAydLNojoYiNY9v45BW2Tw8VCCLdHjt1gtm aeuyTnfxQnSc5qSRSK1tOnXN2Ri5/LSXZoV3i/p1WDQf++zMwiEAMIaaty9DIrcl NpJWw6IdoTvDyf4WkOJmiUL3f7NAuvvjZ+HJSI9Z1fRSVsSZH589odX+yqHpBFcM q2044hOf0XolgYn64tyDtdurJwHOATt1TRM4yvjh6ZqtdmlwNpI88B2dC5AQIjL3 aFJhQvHAMf+uHqB/oXOdAqjhuX3s0TlUlPHc8ee1mLsrqr3CTzcP9Giaw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=qJeTGug5PQ2GC84jvTPZNu+vyo6hsGM5cWlpsifuT6Q=; b=FrHKndCN pkjtwqUntI5J4/t4NxB05bv7OHkgRD3oPJmG2Ry+QYb7NMwUgYFb4r+DuZpOzJsz QorKrhnhHMD/R+iSLaL5ypLv5oXH392XJn606hHnh9OjMFS8AQwqkDKZsafbvpoX G8ErBcW5xBnY0jOUzJmnZLZQ80wf9ankrGWbpXgKjwQ8vqUW930KSQT9nYy/7msE +FbwilOo0PioYVKES5+nTQQMcurYD3qg5mwVS3aNflVU2Xa3vItcI5I1pkG4Hs/i u2l0u/zjN/iMx+VCfBAOmVXMf472LHJPganMAtGKmxbi0TC12TfHBaiKv6HGMUI8 QuI1BGWOSJ3t3g== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeggddtkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghushcu lfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrthhtvg hrnhepueelteegieeuhffgkeefgfevjeeigfetkeeitdfgtdeifefhtdfhfeeuffevgfek necukfhppeektddrudeijedrleekrdduledtnecuvehluhhsthgvrhfuihiivgepgeenuc frrghrrghmpehmrghilhhfrhhomhepihhtshesihhrrhgvlhgvvhgrnhhtrdgukh X-ME-Proxy: Received: from apples.local (80-167-98-190-cable.dk.customer.tdc.net [80.167.98.190]) by mail.messagingengine.com (Postfix) with ESMTPA id 683F53064686; Tue, 22 Sep 2020 04:45:51 -0400 (EDT) From: Klaus Jensen To: qemu-devel@nongnu.org Subject: [PATCH v3 11/17] hw/block/nvme: harden cmb access Date: Tue, 22 Sep 2020 10:45:27 +0200 Message-Id: <20200922084533.1273962-12-its@irrelevant.dk> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200922084533.1273962-1-its@irrelevant.dk> References: <20200922084533.1273962-1-its@irrelevant.dk> MIME-Version: 1.0 Received-SPF: pass client-ip=66.111.4.230; envelope-from=its@irrelevant.dk; helo=new4-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/22 04:45:36 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Eduardo Habkost , qemu-block@nongnu.org, "Michael S. Tsirkin" , Klaus Jensen , Max Reitz , Keith Busch , Klaus Jensen Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Klaus Jensen Since the controller has only supported PRPs so far it has not been required to check the ending address (addr + len - 1) of the CMB access for validity since it has been guaranteed to be in range of the CMB. This changes when the controller adds support for SGLs (next patch), so add that check. Signed-off-by: Klaus Jensen Reviewed-by: Keith Busch --- hw/block/nvme.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 7c9ea792483c..3b901efd1ec0 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -142,7 +142,12 @@ static inline void *nvme_addr_to_cmb(NvmeCtrl *n, hwaddr addr) static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size) { - if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr)) { + hwaddr hi = addr + size - 1; + if (hi < addr) { + return 1; + } + + if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr) && nvme_addr_is_cmb(n, hi)) { memcpy(buf, nvme_addr_to_cmb(n, addr), size); return 0; }