Currently, the nvme_cmb_ops mr doesn't check the addr and size.
This can lead an oob access issue. This is triggerable in the guest.
Add check to avoid this issue.

Fixes CVE-2018-16847.
Reported-by: NLi Qiang <liq3ea@gmail.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NLi Qiang <liq3ea@gmail.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>