Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-15 Thread Paolo Bonzini
On 15/11/2018 04:14, Li Qiang wrote: > > > Paolo Bonzini mailto:pbonz...@redhat.com>> 于2018 > 年11月14日周三 下午11:44写道: > > On 14/11/2018 02:38, Li Qiang wrote: > > > > > > Paolo Bonzini mailto:pbonz...@redhat.com> > >> 于2018

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-14 Thread Li Qiang
Paolo Bonzini 于2018年11月14日周三 下午11:44写道: > On 14/11/2018 02:38, Li Qiang wrote: > > > > > > Paolo Bonzini mailto:pbonz...@redhat.com>> 于2018 > > 年11月14日周三 上午2:27写道: > > > > On 13/11/2018 11:17, Kevin Wolf wrote: > > > Am 13.11.2018 um 02:45 hat Li Qiang geschrieben: > > >> Ping wha

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-14 Thread Paolo Bonzini
On 14/11/2018 02:38, Li Qiang wrote: > > > Paolo Bonzini mailto:pbonz...@redhat.com>> 于2018 > 年11月14日周三 上午2:27写道: > > On 13/11/2018 11:17, Kevin Wolf wrote: > > Am 13.11.2018 um 02:45 hat Li Qiang geschrieben: > >> Ping what't the status of this patch. > >> > >> I see Kev

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-13 Thread Li Qiang
Paolo Bonzini 于2018年11月14日周三 上午2:27写道: > On 13/11/2018 11:17, Kevin Wolf wrote: > > Am 13.11.2018 um 02:45 hat Li Qiang geschrieben: > >> Ping what't the status of this patch. > >> > >> I see Kevin's new pr doesn't contain this patch. > > > > Oh, I thought you said that you wanted to fix this

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-13 Thread Paolo Bonzini
On 02/11/2018 16:40, Keith Busch wrote: > Hey, so why is this memory region access even considered valid if the > request is out of range from what NVMe had registered for its > MemoryRegion? Wouldn't it be better to not call the mr->ops->read/write > if it's out of bounds? Otherwise every MemoryRe

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-13 Thread Paolo Bonzini
On 13/11/2018 11:17, Kevin Wolf wrote: > Am 13.11.2018 um 02:45 hat Li Qiang geschrieben: >> Ping what't the status of this patch. >> >> I see Kevin's new pr doesn't contain this patch. > > Oh, I thought you said that you wanted to fix this at a higher level so > that the problem is caught bef

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-13 Thread Li Qiang
Kevin Wolf 于2018年11月13日周二 下午6:17写道: > Am 13.11.2018 um 02:45 hat Li Qiang geschrieben: > > Ping what't the status of this patch. > > > > I see Kevin's new pr doesn't contain this patch. > > Oh, I thought you said that you wanted to fix this at a higher level so > that the problem is caught be

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-13 Thread Kevin Wolf
Am 13.11.2018 um 02:45 hat Li Qiang geschrieben: > Ping what't the status of this patch. > > I see Kevin's new pr doesn't contain this patch. Oh, I thought you said that you wanted to fix this at a higher level so that the problem is caught before even getting into nvme code? If you don't, I

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-12 Thread Li Qiang
Ping what't the status of this patch. I see Kevin's new pr doesn't contain this patch. Thanks, Li Qiang Li Qiang 于2018年11月2日周五 上午9:22写道: > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > This can lead an oob access issue. This is triggerable in the guest. > Add check to a

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-04 Thread Li Qiang
Kevin Wolf 于2018年11月2日周五 下午11:42写道: > Am 02.11.2018 um 16:22 hat Li Qiang geschrieben: > > Hello Kevin, > > > > Kevin Wolf 于2018年11月2日周五 下午6:54写道: > > > > > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben: > > > > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > > > > This can l

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-04 Thread Li Qiang
Keith Busch 于2018年11月2日周五 下午11:42写道: > On Thu, Nov 01, 2018 at 06:22:43PM -0700, Li Qiang wrote: > > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > > This can lead an oob access issue. This is triggerable in the guest. > > Add check to avoid this issue. > > > > Fixes CVE-2018-1

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-02 Thread Keith Busch
On Thu, Nov 01, 2018 at 06:22:43PM -0700, Li Qiang wrote: > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > This can lead an oob access issue. This is triggerable in the guest. > Add check to avoid this issue. > > Fixes CVE-2018-16847. > > Reported-by: Li Qiang > Reviewed-by: P

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-02 Thread Kevin Wolf
Am 02.11.2018 um 16:22 hat Li Qiang geschrieben: > Hello Kevin, > > Kevin Wolf 于2018年11月2日周五 下午6:54写道: > > > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben: > > > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > > > This can lead an oob access issue. This is triggerable in the

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-02 Thread Li Qiang
Hello Kevin, Kevin Wolf 于2018年11月2日周五 下午6:54写道: > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben: > > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > > This can lead an oob access issue. This is triggerable in the guest. > > Add check to avoid this issue. > > > > Fixes CVE-201

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-02 Thread Keith Busch
On Fri, Nov 02, 2018 at 11:54:21AM +0100, Kevin Wolf wrote: > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben: > > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > > This can lead an oob access issue. This is triggerable in the guest. > > Add check to avoid this issue. > > > > Fix

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-02 Thread Kevin Wolf
Am 02.11.2018 um 02:22 hat Li Qiang geschrieben: > Currently, the nvme_cmb_ops mr doesn't check the addr and size. > This can lead an oob access issue. This is triggerable in the guest. > Add check to avoid this issue. > > Fixes CVE-2018-16847. > > Reported-by: Li Qiang > Reviewed-by: Paolo Bonz

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-02 Thread Philippe Mathieu-Daudé
On 2/11/18 2:22, Li Qiang wrote: Currently, the nvme_cmb_ops mr doesn't check the addr and size. This can lead an oob access issue. This is triggerable in the guest. Add check to avoid this issue. Fixes CVE-2018-16847. Reported-by: Li Qiang Reviewed-by: Paolo Bonzini Signed-off-by: Li Qiang

[Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

2018-11-01 Thread Li Qiang
Currently, the nvme_cmb_ops mr doesn't check the addr and size. This can lead an oob access issue. This is triggerable in the guest. Add check to avoid this issue. Fixes CVE-2018-16847. Reported-by: Li Qiang Reviewed-by: Paolo Bonzini Signed-off-by: Li Qiang --- hw/block/nvme.c | 7 +++ 1