diff options
author | Kevin Wolf <kwolf@redhat.com> | 2018-11-22 15:52:20 +0100 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2018-11-22 16:43:52 +0100 |
commit | 2067d39e5e53b053bece6fa15711640123c119ed (patch) | |
tree | 4df5f73bbfdd0b6d0b7f160fc6e3a8a52991788b /hw/block | |
parent | 87ad860c622cc8f8916b5232bd8728c08f938fce (diff) | |
download | qemu-2067d39e5e53b053bece6fa15711640123c119ed.zip qemu-2067d39e5e53b053bece6fa15711640123c119ed.tar.gz qemu-2067d39e5e53b053bece6fa15711640123c119ed.tar.bz2 |
Revert "nvme: fix oob access issue(CVE-2018-16847)"
This reverts commit 5e3c0220d7e4f0361c4d36c697a8842f2b583402.
We have a better fix commited for this now.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw/block')
-rw-r--r-- | hw/block/nvme.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 8c35cab..84062d3 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -1177,10 +1177,6 @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data, unsigned size) { NvmeCtrl *n = (NvmeCtrl *)opaque; - - if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) { - return; - } memcpy(&n->cmbuf[addr], &data, size); } @@ -1189,9 +1185,6 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size) uint64_t val; NvmeCtrl *n = (NvmeCtrl *)opaque; - if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) { - return 0; - } memcpy(&val, &n->cmbuf[addr], size); return val; } |