From nobody Sun Dec 25 07:02:05 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NfsKp0rCyz20bNc; Sun, 25 Dec 2022 07:02:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NfsKp0JS9z4NlN; Sun, 25 Dec 2022 07:02:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671951726; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PaeWBqATE3tMP/kWwFU+VCjkVhgLgkc8b/p74JRUIz0=; b=mPGFYZvpXAF4r38zAWa3Or4ARXv+FH0csDN3XYIZtnR1u4fOpmowzdW2cauLjHsxDmK5Wn gnrJZT2ATRmUN9FG+sffkscT1lezGO8e+iscFksNyR5K/bMQFVbnf3XMNi5gx/gzOlJWYM AFFpauZW0tVMe5D79BPPKJZ3b2RXCkgq2iMYBOVXjP58tE7eKGiRYGjzyJPxwOJmQP+8lh H+dk7yCwXyD04fhir8IPLeSBMgkXPJUY8PPrBbCOS6YYFwmNAm/TZ8BvN0rawAjJZXY4hF xKWYAGPE1nzFhXLqXu7yLCV1dCFKVpoV9o6KjA2hy3Xtoeoz+gIkJWdwrhpw/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671951726; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PaeWBqATE3tMP/kWwFU+VCjkVhgLgkc8b/p74JRUIz0=; b=ZOhDk1VWpkOMSwSZHgF4am50ImZN3eGARNOXDceSa9TfVbzxkkYBCrN5k9BVscPCbHS+zi mP8maJqf1Qnh2kh8HcZfEKB8hV3gKWMd5oxYHph40Apdiajjpo4zlM7o9Vs9+TW+OPV2Q4 7mgGx/MRlu+1hS45WdMi+xKSGioFuwGgg8bxgmvCMGNRgCCOQ6BzXqk2OYr4KIcgXTGO04 F9NrfMx7ds8kXaiV+4uhmDwhD+HWxwMxZSNca6RBNEPvYO2BExaiPyIvMsHeWLF9hCBs9g P+QNrMgXbGu82TW0xdywwEdH0x2dUkVjc+LIDGp4mglrTJnMyui3762aEkuMrw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1671951726; a=rsa-sha256; cv=none; b=llP+LImI7ANyamJrAAs0zkTS8cLpSuNd1WvXIbd+J3jE0k8RN04w04wPpmIX9pn+TvTRDf A+BqbI5VHdBqbz++jluLKX7AJl5WJcNFCjrzg+FfBc2oMijFCuuRvgaG7pGJaQC0PkrU9J 4Um69m7MHr69rvK5OhBTnLsPXGSRAynEM7bD9sk/wMdzgdAIkUZRPfdR4QuEEffNA/HhaZ uXsFTcCjDmqdZtfXamERFLYg2dE9YCIKnGG6jPy2o+6aDBw/LyMHe3FrGrEjOc8hihYt0I Tm/aLpkShzxs0/46xP22ioLE4yLz4Pdw6YonqmdMX8t6lWJ1eaBwWfojYf+4FA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NfsKn6SyvzjpT; Sun, 25 Dec 2022 07:02:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2BP725HR014461; Sun, 25 Dec 2022 07:02:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2BP7255T014460; Sun, 25 Dec 2022 07:02:05 GMT (envelope-from git) Date: Sun, 25 Dec 2022 07:02:05 GMT Message-Id: <202212250702.2BP7255T014460@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Doug Moore Subject: git: 8765df60dc26 - stable/13 - iommu_gas: avoid overflow in bounds check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dougm X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 8765df60dc26bad9d363a57a88ecfdd3fdbaf603 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by dougm: URL: https://cgit.FreeBSD.org/src/commit/?id=8765df60dc26bad9d363a57a88ecfdd3fdbaf603 commit 8765df60dc26bad9d363a57a88ecfdd3fdbaf603 Author: Doug Moore AuthorDate: 2022-12-22 20:31:57 +0000 Commit: Doug Moore CommitDate: 2022-12-25 07:01:16 +0000 iommu_gas: avoid overflow in bounds check Change the range test in iommu_gas_match_one from '< ubound' to '<= ubound', and pass a smaller-by-one ubound parameter to it, to avoid overflow in ubound calculation. Reported by: andrew Reviewed by: andrew (previous version) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D37764 (cherry picked from commit 5b9b55fbc43261fc1467caaf7f2b70b8f752e479) --- sys/dev/iommu/iommu_gas.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/dev/iommu/iommu_gas.c b/sys/dev/iommu/iommu_gas.c index 5654bc7ed8de..86fc3bfa093c 100644 --- a/sys/dev/iommu/iommu_gas.c +++ b/sys/dev/iommu/iommu_gas.c @@ -309,7 +309,7 @@ struct iommu_gas_match_args { /* * The interval [beg, end) is a free interval between two iommu_map_entries. - * Addresses can be allocated only in the range [lbound, ubound). Try to + * Addresses can be allocated only in the range [lbound, ubound]. Try to * allocate space in the free interval, subject to the conditions expressed by * a, and return 'true' if and only if the allocation attempt succeeds. */ @@ -332,10 +332,10 @@ iommu_gas_match_one(struct iommu_gas_match_args *a, iommu_gaddr_t beg, start = roundup2(beg, a->common->alignment); if (start < beg) return (false); - end = MIN(end - IOMMU_PAGE_SIZE, ubound); + end = MIN(end - IOMMU_PAGE_SIZE - 1, ubound); offset = a->offset; size = a->size; - if (start + offset + size > end) + if (start + offset + size - 1 > end) return (false); /* Check for and try to skip past boundary crossing. */ @@ -349,7 +349,7 @@ iommu_gas_match_one(struct iommu_gas_match_args *a, iommu_gaddr_t beg, beg = roundup2(start + offset + 1, a->common->boundary); start = roundup2(beg, a->common->alignment); - if (start + offset + size > end || + if (start + offset + size - 1 > end || !vm_addr_bound_ok(start + offset, size, a->common->boundary)) { /* @@ -453,7 +453,7 @@ iommu_gas_find_space(struct iommu_domain *domain, * Walk the big-enough ranges tree until one satisfies alignment * requirements, or violates lowaddr address requirement. */ - addr = a->common->lowaddr + 1; + addr = a->common->lowaddr; for (curr = first; curr != NULL; curr = iommu_gas_next(curr, min_free)) { if ((first = RB_LEFT(curr, rb_entry)) != NULL && @@ -464,7 +464,7 @@ iommu_gas_find_space(struct iommu_domain *domain, return (0); } if (curr->end >= addr) { - /* All remaining ranges >= addr */ + /* All remaining ranges > addr */ break; } if ((first = RB_RIGHT(curr, rb_entry)) != NULL && @@ -502,14 +502,14 @@ iommu_gas_find_space(struct iommu_domain *domain, curr = iommu_gas_next(curr, min_free)) { if ((first = RB_LEFT(curr, rb_entry)) != NULL && iommu_gas_match_one(a, first->last, curr->start, - addr + 1, domain->end)) { + addr + 1, domain->end - 1)) { RB_INSERT_PREV(iommu_gas_entries_tree, &domain->rb_root, curr, a->entry); return (0); } if ((first = RB_RIGHT(curr, rb_entry)) != NULL && iommu_gas_match_one(a, curr->end, first->first, - addr + 1, domain->end)) { + addr + 1, domain->end - 1)) { RB_INSERT_NEXT(iommu_gas_entries_tree, &domain->rb_root, curr, a->entry); return (0);