On Jan 20 07:10, Keith Busch wrote:
> On Thu, Jan 20, 2022 at 09:01:55AM +0100, Klaus Jensen wrote:
> > +static inline bool nvme_addr_is_iomem(NvmeCtrl *n, hwaddr addr)
> > +{
> > +hwaddr hi, lo;
> > +
> > +lo = n->bar0.addr;
> > +hi = lo + int128_get64(n->bar0.size);
> > +
> > +ret
On Thu, Jan 20, 2022 at 09:01:55AM +0100, Klaus Jensen wrote:
> +static inline bool nvme_addr_is_iomem(NvmeCtrl *n, hwaddr addr)
> +{
> +hwaddr hi, lo;
> +
> +lo = n->bar0.addr;
> +hi = lo + int128_get64(n->bar0.size);
> +
> +return addr >= lo && addr < hi;
Looks fine considering t
From: Klaus Jensen
This fixes CVE-2021-3929 "locally" by denying DMA to the iomem of the
device itself. This still allows DMA to MMIO regions of other devices
(e.g. doing P2P DMA to the controller memory buffer of another NVMe
device).
Fixes: CVE-2021-3929
Reported-by: Qiuhao Li
Signed-off-by:
