Revert "nvme: fix oob access issue(CVE-2018-16847)"

This reverts commit 5e3c0220d7e4f0361c4d36c697a8842f2b583402. We have a better fix commited for this now. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
author: Kevin Wolf 2018-11-22 15:52:20 +0100
committer: Kevin Wolf 2018-11-22 16:43:52 +0100
commit: 2067d39e5e53b053bece6fa15711640123c119ed (patch)
tree: 4df5f73bbfdd0b6d0b7f160fc6e3a8a52991788b /hw/block
parent: nvme: fix out-of-bounds access to the CMB (diff)
download: qemu-2067d39e5e53b053bece6fa15711640123c119ed.tar.gz
qemu-2067d39e5e53b053bece6fa15711640123c119ed.tar.xz
qemu-2067d39e5e53b053bece6fa15711640123c119ed.zip
1 files changed, 0 insertions, 7 deletions
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 8c35cab2b4..84062d388f 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1177,10 +1177,6 @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data,
     unsigned size)
 {
     NvmeCtrl *n = (NvmeCtrl *)opaque;
-
-    if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
-        return;
-    }
     memcpy(&n->cmbuf[addr], &data, size);
 }
 
@@ -1189,9 +1185,6 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size)
     uint64_t val;
     NvmeCtrl *n = (NvmeCtrl *)opaque;
 
-    if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
-        return 0;
-    }
     memcpy(&val, &n->cmbuf[addr], size);
     return val;
 }
author	Kevin Wolf	2018-11-22 15:52:20 +0100
committer	Kevin Wolf	2018-11-22 16:43:52 +0100
commit	2067d39e5e53b053bece6fa15711640123c119ed (patch)
tree	4df5f73bbfdd0b6d0b7f160fc6e3a8a52991788b /hw/block
parent	nvme: fix out-of-bounds access to the CMB (diff)
download	qemu-2067d39e5e53b053bece6fa15711640123c119ed.tar.gz qemu-2067d39e5e53b053bece6fa15711640123c119ed.tar.xz qemu-2067d39e5e53b053bece6fa15711640123c119ed.zip