On Sep 2 22:47, Stefan Hajnoczi wrote: > On Mon, Sep 01, 2025 at 01:47:58PM +1000, Wilfred Mallawa wrote: > > From: Wilfred Mallawa <[email protected]> > > > > Adds the NVMe Admin Security Send/Receive command support with support > > for DMTFs SPDM. The transport binding for SPDM is defined in the > > DMTF DSP0286. > > > > Signed-off-by: Wilfred Mallawa <[email protected]> > > --- > > hw/nvme/ctrl.c | 188 ++++++++++++++++++++++++++++++++++++++++++- > > hw/nvme/nvme.h | 5 ++ > > include/block/nvme.h | 15 ++++ > > 3 files changed, 207 insertions(+), 1 deletion(-) > > > > diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c > > index f5ee6bf260..557f634016 100644 > > --- a/hw/nvme/ctrl.c > > +++ b/hw/nvme/ctrl.c > > @@ -282,6 +282,8 @@ static const uint32_t nvme_cse_acs_default[256] = { > > [NVME_ADM_CMD_FORMAT_NVM] = NVME_CMD_EFF_CSUPP | > > NVME_CMD_EFF_LBCC, > > [NVME_ADM_CMD_DIRECTIVE_RECV] = NVME_CMD_EFF_CSUPP, > > [NVME_ADM_CMD_DIRECTIVE_SEND] = NVME_CMD_EFF_CSUPP, > > + [NVME_ADM_CMD_SECURITY_SEND] = NVME_CMD_EFF_CSUPP, > > + [NVME_ADM_CMD_SECURITY_RECV] = NVME_CMD_EFF_CSUPP, > > }; > > > > static const uint32_t nvme_cse_iocs_nvm_default[256] = { > > @@ -7282,6 +7284,185 @@ static uint16_t nvme_dbbuf_config(NvmeCtrl *n, > > const NvmeRequest *req) > > return NVME_SUCCESS; > > } > > > > +static uint16_t nvme_sec_prot_spdm_send(NvmeCtrl *n, NvmeRequest *req) > > +{ > > + StorageSpdmTransportHeader hdr = {0}; > > + g_autofree uint8_t *sec_buf = NULL; > > + uint32_t transfer_len = le32_to_cpu(req->cmd.cdw11); > > + uint32_t transport_transfer_len = transfer_len; > > + uint32_t dw10 = le32_to_cpu(req->cmd.cdw10); > > + uint32_t recvd; > > + uint16_t nvme_cmd_status, ret; > > + uint8_t secp = extract32(dw10, 24, 8); > > + uint8_t spsp1 = extract32(dw10, 16, 8); > > + uint8_t spsp0 = extract32(dw10, 8, 8); > > + bool spdm_res; > > + > > + transport_transfer_len += sizeof(hdr); > > + if (transport_transfer_len > SPDM_SOCKET_MAX_MESSAGE_BUFFER_SIZE) { > > An integer overflow check is needed since transfer_len comes from the > untrusted guest. This will prevent the sec_buf buffer overflow below > when nvme_h2c() is called. >
And it should not be allowed to exceed MDTS (see nvme_check_mdts). MDTS may be configured as zero, so g_try_malloc should still be used.
signature.asc
Description: PGP signature
