qemu-e2k/hw/block
Klaus Jensen 8eb5c8069a hw/block/nvme: fix ns attachment out-of-bounds read
nvme_ns_attachment() does not verify the contents of the host-supplied
16 bit "Number of Identifiers" field in the command payload.

Make sure the value is capped at 2047 and fix the out-of-bounds read.

Fixes: 645ce1a70c ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-07 10:48:32 +02:00
..
dataplane block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
block.c block: make BlockConf size props 32bit and accept size suffixes 2020-06-17 14:53:40 +02:00
cdrom.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
ecc.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
fdc.c hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
hd-geometry.c block: Remove blk_pread_unthrottled() 2019-08-16 10:25:16 +02:00
Kconfig hw/block: Introduce TC58128 eeprom Kconfig entry 2021-03-06 16:18:42 +01:00
m25p80.c hw/block: m25p80: Support fast read for SST flashes 2021-03-22 21:54:40 -04:00
meson.build hw/block/nvme: end-to-end data protection 2021-03-18 12:34:51 +01:00
nand.c block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
nvme-dif.c hw/block/nvme: add missing copyright headers 2021-04-07 10:48:32 +02:00
nvme-dif.h hw/block/nvme: add missing copyright headers 2021-04-07 10:48:32 +02:00
nvme-ns.c hw/block/nvme: fix handling of private namespaces 2021-04-07 10:48:31 +02:00
nvme-ns.h hw/block/nvme: fix handling of private namespaces 2021-04-07 10:48:31 +02:00
nvme-subsys.c hw/block/nvme: fix handling of private namespaces 2021-04-07 10:48:31 +02:00
nvme-subsys.h hw/block/nvme: fix handling of private namespaces 2021-04-07 10:48:31 +02:00
nvme.c hw/block/nvme: fix ns attachment out-of-bounds read 2021-04-07 10:48:32 +02:00
nvme.h hw/block/nvme: fix handling of private namespaces 2021-04-07 10:48:31 +02:00
onenand.c block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
pflash_cfi01.c hw/block/pflash_cfi: Replace DPRINTF with trace events 2021-03-18 11:16:31 +01:00
pflash_cfi02.c hw/block/pflash_cfi: Replace DPRINTF with trace events 2021-03-18 11:16:31 +01:00
swim.c block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
tc58128.c hw/sh4: Add missing license 2021-03-06 16:18:42 +01:00
trace-events hw/block/nvme: fix handling of private namespaces 2021-04-07 10:48:31 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-user-blk.c vhost-user-blk: add immediate cleanup on shutdown 2021-04-01 11:39:12 -04:00
virtio-blk.c virtio-blk: Respect discard granularity 2021-03-15 09:48:53 +00:00
xen_blkif.h xen: Import other xen/io/*.h 2019-06-24 10:42:30 +01:00
xen-block.c xen-block: Fix removal of backend instance via xenstore 2021-03-23 11:18:20 +00:00