From nobody Wed Mar 29 07:52:27 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pmf0W5Hlvz429Sf; Wed, 29 Mar 2023 07:52:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pmf0W4VYkz3Pkn; Wed, 29 Mar 2023 07:52:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680076347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jkw7/d4OacDp40JwM9YLyWq0MhJroM82SjbF0zKNSQw=; b=nON50mHMUPMx6GS3J1QRmGeHPlDS0rRKIS2ZDGm7bON2bra+RVSOaqY+v2kgfpGE3+bP5G jFFTBBpORfJ/VaPP1dN6NK1FGSyA0zDo88mt2Za9sJHWfqhB2BWHnfu2BFg6HYWfzvGlzM arS+y/9gtXCghhKl6Ft8yuPdDuukW994c6c16Dyf4FITj961fI42EeLvqiOVlZJ/bixHwL tgfUZX+iqNH+YFtbHJAtbP8p5EryIV7UqYpfddfaWDeCGbFgNqRB5u1uVMxZQjdYiF5Fh/ rmPOUqo0L0wWj6nicQULOX926C7jk/8cdzaX22yrBBYpxqaTEixC8Yvjov/AwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680076347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jkw7/d4OacDp40JwM9YLyWq0MhJroM82SjbF0zKNSQw=; b=HVMpnguYolmA2EFCPzFpqVRqBbTRmkWbp1bUAij4WP3i93bHIhb/r7RNqBlekNoBv2uA8s CCzp5Y9AZaGGEfBBCMOpRJxVT6PDbjOw/1Vzckj5uCXf1W4F7+d4OZqwx/qGBTfsqTDS3p RoG8BZk0xP/es3bxgpubdeCkIy9yqbI2TA3QxXf9d7k6X93J3eUyM8lAlYEscWfCUqTDEF +dic9OPO6JxrmhXa+yZiUC42BHAEftV8AyZL+Vd5Sup6c2WCiovAMWWshWk4ikOH1CyU18 09j0yJDkqMWGgVfZxblM3MMl5fGWcbrHQvcRo9gJyBWUslt+QCYSd9eT+EF5aQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1680076347; a=rsa-sha256; cv=none; b=rLnf5m3nkz7uveRFUBsiyVzYodZMLBJo0Yi2ZbvcOnuTt3HUxa390h2haOpnuOT6yKiBOb YcpA42PlvQQNUish0xB7MnrqU6ZUv8Csauyu4n5Ks9uaD/mFHhwT7K0NAslvUYahBMFunt abKiSXA0lLfa+pWustmN6Eh+ti3ERy/oVtPnjEfTgf0DKNYxZstR+WZ/tznJjAfD6s4eWY DlYcDcAnzVSK4HCLa7nakqI7DpRHazsFFZIuU/kBGqRztm9cwgWynq5umk0oRpUQNOded5 zsyD9M6SNvmjL+CSZM3Ok7apmNwDZpBqvWLDByJD8lRj3F8DO12eCXxM59N2UA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Pmf0W3bS1zN6v; Wed, 29 Mar 2023 07:52:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32T7qRjS050815; Wed, 29 Mar 2023 07:52:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32T7qR7t050811; Wed, 29 Mar 2023 07:52:27 GMT (envelope-from git) Date: Wed, 29 Mar 2023 07:52:27 GMT Message-Id: <202303290752.32T7qR7t050811@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: =?utf-8?Q?Roger=20Pau=20Monn=C3=A9?= Subject: git: 0ebf9bb42d7c - main - xen/intr: fix overflow of Xen interrupt range List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: royger X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0ebf9bb42d7cb94e28a69cfc8efeb17dc9468955 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by royger: URL: https://cgit.FreeBSD.org/src/commit/?id=0ebf9bb42d7cb94e28a69cfc8efeb17dc9468955 commit 0ebf9bb42d7cb94e28a69cfc8efeb17dc9468955 Author: Elliott Mitchell AuthorDate: 2021-05-11 22:11:06 +0000 Commit: Roger Pau Monné CommitDate: 2023-03-29 07:51:39 +0000 xen/intr: fix overflow of Xen interrupt range The comparison was wrong. Hopefully this never occurred in the wild, but now ensure the error message will occur before damage is caused. This appears non-exploitable as exploitation would require a guest to force Domain 0 to allocate all event channels, which a guest shouldn't be able to do. Adjust the error message to better describe what has occurred. Reviewed by: royger MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30743 --- sys/x86/xen/xen_intr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/x86/xen/xen_intr.c b/sys/x86/xen/xen_intr.c index 37b18c05b8a6..ca0f56a8546a 100644 --- a/sys/x86/xen/xen_intr.c +++ b/sys/x86/xen/xen_intr.c @@ -314,10 +314,10 @@ xen_intr_alloc_isrc(enum evtchn_type type) KASSERT(mtx_owned(&xen_intr_isrc_lock), ("Evtchn alloc lock not held")); - if (xen_intr_auto_vector_count > NR_EVENT_CHANNELS) { + if (xen_intr_auto_vector_count >= NR_EVENT_CHANNELS) { if (!warned) { warned = 1; - printf("%s: Event channels exhausted.\n", __func__); + printf("%s: Xen interrupts exhausted.\n", __func__); } return (NULL); }