From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 11/13] Revert "nvme: fix oob access issue(CVE-2018-16847)"
Date: Thu, 22 Nov 2018 17:54:15 +0100 [thread overview]
Message-ID: <20181122165417.23894-12-kwolf@redhat.com> (raw)
In-Reply-To: <20181122165417.23894-1-kwolf@redhat.com>
This reverts commit 5e3c0220d7e4f0361c4d36c697a8842f2b583402.
We have a better fix commited for this now.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/block/nvme.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 8c35cab2b4..84062d388f 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1177,10 +1177,6 @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data,
unsigned size)
{
NvmeCtrl *n = (NvmeCtrl *)opaque;
-
- if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
- return;
- }
memcpy(&n->cmbuf[addr], &data, size);
}
@@ -1189,9 +1185,6 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size)
uint64_t val;
NvmeCtrl *n = (NvmeCtrl *)opaque;
- if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
- return 0;
- }
memcpy(&val, &n->cmbuf[addr], size);
return val;
}
--
2.19.1
next prev parent reply other threads:[~2018-11-22 16:54 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-22 16:54 [Qemu-devel] [PULL 00/13] Block layer patches Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 01/13] iotests: Replace time.clock() with Timeout Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 02/13] iotests: Replace assertEquals() with assertEqual() Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 03/13] iotests: Skip 233 if certtool not installed Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 04/13] qemu-img: Fix typo Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 05/13] qemu-img: Fix leak Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 06/13] scsi-disk: Fix crash if underlying host file or disk returns error Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 07/13] block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options() Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 08/13] iotests: fix nbd test 233 to work correctly with raw images Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 09/13] nvme: call blk_drain in NVMe reset code to avoid lockups Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 10/13] nvme: fix out-of-bounds access to the CMB Kevin Wolf
2018-11-22 16:54 ` Kevin Wolf [this message]
2018-11-22 16:54 ` [Qemu-devel] [PULL 12/13] nvme: fix bug with PCI IRQ pins on teardown Kevin Wolf
2018-11-22 16:54 ` [Qemu-devel] [PULL 13/13] iotests: Enhance 223 to cover multiple bitmap granularities Kevin Wolf
2018-11-22 17:19 ` [Qemu-devel] [PULL 00/13] Block layer patches Peter Maydell
2018-11-23 10:52 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181122165417.23894-12-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).