From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 11/13] Revert "nvme: fix oob access issue(CVE-2018-16847)"
Date: Thu, 22 Nov 2018 17:54:15 +0100 [thread overview]
Message-ID: <20181122165417.23894-12-kwolf@redhat.com> (raw)
In-Reply-To: <20181122165417.23894-1-kwolf@redhat.com>
This reverts commit 5e3c0220d7e4f0361c4d36c697a8842f2b583402.
We have a better fix commited for this now.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/block/nvme.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 8c35cab2b4..84062d388f 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1177,10 +1177,6 @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data,
unsigned size)
{
NvmeCtrl *n = (NvmeCtrl *)opaque;
-
- if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
- return;
- }
memcpy(&n->cmbuf[addr], &data, size);
}
@@ -1189,9 +1185,6 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size)
uint64_t val;
NvmeCtrl *n = (NvmeCtrl *)opaque;
- if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
- return 0;
- }
memcpy(&val, &n->cmbuf[addr], size);
return val;
}
--
2.19.1
next prev parent reply other threads:[~2018-11-22 16:54 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-22 16:54 [Qemu-devel] [PULL 00/13] Block layer patches Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 01/13] iotests: Replace time.clock() with Timeout Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 02/13] iotests: Replace assertEquals() with assertEqual() Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 03/13] iotests: Skip 233 if certtool not installed Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 04/13] qemu-img: Fix typo Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 05/13] qemu-img: Fix leak Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 06/13] scsi-disk: Fix crash if underlying host file or disk returns error Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 07/13] block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options() Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 08/13] iotests: fix nbd test 233 to work correctly with raw images Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 09/13] nvme: call blk_drain in NVMe reset code to avoid lockups Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 10/13] nvme: fix out-of-bounds access to the CMB Kevin Wolf
2018-11-22 16:54 ` Kevin Wolf [this message]
2018-11-22 16:54 ` [Qemu-devel] [PULL 12/13] nvme: fix bug with PCI IRQ pins on teardown Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 13/13] iotests: Enhance 223 to cover multiple bitmap granularities Kevin Wolf
2018-11-22 17:19 ` [Qemu-devel] [PULL 00/13] Block layer patches Peter Maydell
2018-11-23 10:52 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181122165417.23894-12-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.