Re: [PATCH v3 3/5] hw/nvme: fix out-of-bounds reads

From: Peter Maydell <peter.maydell@linaro.org>
To: Klaus Jensen <its@irrelevant.dk>
Cc: "Fam Zheng" <fam@euphon.net>, "Kevin Wolf" <kwolf@redhat.com>,
	"Thomas Huth" <thuth@redhat.com>,
	Qemu-block <qemu-block@nongnu.org>,
	"Laurent Vivier" <lvivier@redhat.com>,
	"Klaus Jensen" <k.jensen@samsung.com>,
	"Gollu Appalanaidu" <anaidu.gollu@samsung.com>,
	"QEMU Developers" <qemu-devel@nongnu.org>,
	"Max Reitz" <mreitz@redhat.com>,
	"Stefan Hajnoczi" <stefanha@redhat.com>,
	"Keith Busch" <kbusch@kernel.org>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: Re: [PATCH v3 3/5] hw/nvme: fix out-of-bounds reads
Date: Mon, 19 Jul 2021 10:15:13 +0100	[thread overview]
Message-ID: <CAFEAcA9Hqr-piQGs4yObva3Wvr=F63OweWqqGjZBDHTkypTybg@mail.gmail.com> (raw)
In-Reply-To: <20210714060125.994882-4-its@irrelevant.dk>

On Wed, 14 Jul 2021 at 07:01, Klaus Jensen <its@irrelevant.dk> wrote:
>
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Peter noticed that mmio access may read into the NvmeParams member in
> the NvmeCtrl struct.
>
> Fix the bounds check.
>
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
>  hw/nvme/ctrl.c | 27 +++++++++++++++------------
>  1 file changed, 15 insertions(+), 12 deletions(-)

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM