From patchwork Tue Oct 27 10:49:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Klaus Jensen X-Patchwork-Id: 311672 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C5E9C55179 for ; Tue, 27 Oct 2020 11:20:59 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6876822263 for ; Tue, 27 Oct 2020 11:20:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6876822263 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=irrelevant.dk Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:38086 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXN29-0002Rz-4J for qemu-devel@archiver.kernel.org; Tue, 27 Oct 2020 07:20:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38612) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXMYP-0000ED-RB; Tue, 27 Oct 2020 06:50:13 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:47801) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXMYK-00029t-Qa; Tue, 27 Oct 2020 06:50:13 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 62C985C0114; Tue, 27 Oct 2020 06:49:47 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 27 Oct 2020 06:49:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=o//1n+YIuj+Dy VMAB+zHlNElHxubd/CXxNEeoskQLBU=; b=Pn5gY40VuH8DZUGRZKzKbRvXjnRkQ 3t2tNbw+bRo/hxDX55d5i+5FVMWD3tBoWYPjdec8qoiNeAqIhUJP19qBLOyFzzZ6 ikqP2rWgMn/4QXjrHj3j0nsejKkT7GjR9iTTLdpNwc8a7o+kcXL6K3VV0+XbRytt 5zGUijKLkccytk57Bqy32PU2gJ3JqdOmtaE2XhxoMtRUgD1m4vKnLxk62EWNsulC fKcqRXpRzCugK8UNThENRPhrGWLy/DmpExF9ASwHN3gpfp68pGtKJ4KO4ofso6aa HXLs9ybqnWlqgS/R8XctyCoyAutYD6uRvCSU3t5sScytgidZNH2xbI9yw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=o//1n+YIuj+DyVMAB+zHlNElHxubd/CXxNEeoskQLBU=; b=FOItmqoW b8dAgnCKqiUX61sOgMTPKJNQX3fL9ePHskflrmlSxFpRRUyEgkW7E6yYaalskBS5 GM1JtZuqccj6OaBXJPmKXFTGYtJye8vaTo0t2MQm3SjnhaoCDrtDGXIZW/FFUNlV 3JfNy2Cj35vvJdeodQ3G13qmWZoFsg93Gbw3jjFxCYKIPeO2dYIJonre/29UOCi1 MYGE//M2E/p8b+FU6GAFeBPHea8ytAxlflhx033Kr7//+jTuWwqopEDw1XGeErrT 39gQxZ4knCoIYqqsQQq+O/ePO/YfwnI87qHRb4w/4w/r+jQUJ+km3LnxJQNNd5/v JRue+GksjeHspw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrkeelgddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghushcu lfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrthhtvg hrnhepueelteegieeuhffgkeefgfevjeeigfetkeeitdfgtdeifefhtdfhfeeuffevgfek necukfhppeektddrudeijedrleekrdduledtnecuvehluhhsthgvrhfuihiivgepgeenuc frrghrrghmpehmrghilhhfrhhomhepihhtshesihhrrhgvlhgvvhgrnhhtrdgukh X-ME-Proxy: Received: from apples.local (80-167-98-190-cable.dk.customer.tdc.net [80.167.98.190]) by mail.messagingengine.com (Postfix) with ESMTPA id 54FF93280060; Tue, 27 Oct 2020 06:49:46 -0400 (EDT) From: Klaus Jensen To: peter.maydell@linaro.org, qemu-devel@nongnu.org Subject: [PULL 11/30] hw/block/nvme: harden cmb access Date: Tue, 27 Oct 2020 11:49:13 +0100 Message-Id: <20201027104932.558087-12-its@irrelevant.dk> X-Mailer: git-send-email 2.29.1 In-Reply-To: <20201027104932.558087-1-its@irrelevant.dk> References: <20201027104932.558087-1-its@irrelevant.dk> MIME-Version: 1.0 Received-SPF: pass client-ip=66.111.4.26; envelope-from=its@irrelevant.dk; helo=out2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/27 06:49:36 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Klaus Jensen , Keith Busch , qemu-block@nongnu.org, Klaus Jensen Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Klaus Jensen Since the controller has only supported PRPs so far it has not been required to check the ending address (addr + len - 1) of the CMB access for validity since it has been guaranteed to be in range of the CMB. This changes when the controller adds support for SGLs (next patch), so add that check. Signed-off-by: Klaus Jensen Reviewed-by: Keith Busch --- hw/block/nvme.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 0e916d48d763..c0f1f8ccd473 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -142,7 +142,12 @@ static inline void *nvme_addr_to_cmb(NvmeCtrl *n, hwaddr addr) static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size) { - if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr)) { + hwaddr hi = addr + size - 1; + if (hi < addr) { + return 1; + } + + if (n->bar.cmbsz && nvme_addr_is_cmb(n, addr) && nvme_addr_is_cmb(n, hi)) { memcpy(buf, nvme_addr_to_cmb(n, addr), size); return 0; }