Re: [PATCH v3 3/5] hw/nvme: add NVMe Admin Security SPDM support

[Wilfred Mallawa]

On Wed, 2025-09-03 at 11:42 +0200, Klaus Jensen wrote:
> On Sep  2 22:47, Stefan Hajnoczi wrote:
> > On Mon, Sep 01, 2025 at 01:47:58PM +1000, Wilfred Mallawa wrote:
> > > From: Wilfred Mallawa <wilfred.mall...@wdc.com>
> > > 
[snip]
> > > +static uint16_t nvme_sec_prot_spdm_send(NvmeCtrl *n, NvmeRequest
> > > *req)
> > > +{
> > > +    StorageSpdmTransportHeader hdr = {0};
> > > +    g_autofree uint8_t *sec_buf = NULL;
> > > +    uint32_t transfer_len = le32_to_cpu(req->cmd.cdw11);
> > > +    uint32_t transport_transfer_len = transfer_len;
> > > +    uint32_t dw10 = le32_to_cpu(req->cmd.cdw10);
> > > +    uint32_t recvd;
> > > +    uint16_t nvme_cmd_status, ret;
> > > +    uint8_t secp = extract32(dw10, 24, 8);
> > > +    uint8_t spsp1 = extract32(dw10, 16, 8);
> > > +    uint8_t spsp0 = extract32(dw10, 8, 8);
> > > +    bool spdm_res;
> > > +
> > > +    transport_transfer_len += sizeof(hdr);
> > > +    if (transport_transfer_len >
> > > SPDM_SOCKET_MAX_MESSAGE_BUFFER_SIZE) {
> > 
> > An integer overflow check is needed since transfer_len comes from
> > the
> > untrusted guest. This will prevent the sec_buf buffer overflow
> > below
> > when nvme_h2c() is called.
> > 
> 
> And it should not be allowed to exceed MDTS (see nvme_check_mdts).
> MDTS
> may be configured as zero, so g_try_malloc should still be used.
Okay that makes sense, I will fix this in V4. Thanks for the pointer!

Cheers,
Wilfred