From nobody Thu Dec 22 20:34:17 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NdMVK6j5Vz1HXcS; Thu, 22 Dec 2022 20:34:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NdMVK6B6lz3F5b; Thu, 22 Dec 2022 20:34:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671741257; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jWOOrpdUGCIS4lG/ShyBug1k0bcXtZiLhHZmT2UnEm8=; b=LU8mk23IYarARYtfkCBFHD6oI9TTWpf7506Ckt0eBpgTGvaAUOCCUuf/61VEJsain6n9pl hIvE2zS8cvpXLy73pwaYJKEZgzj2gc/hG1XcDJZ0oDOX/Cfgj0c/TQEvRZPu2wB2H/2xgL 7SSFhjdUPARwq0c0noldIF9WXFqEKj5XAXabg2koaP4b5gO1uvy5KRqzrZdSEhPy/y2xCI 5swY6TGAnHXV7+YLyNS5Mab6I+PG7s0OVagWGAANCc4xDE6qc0uFZkv5W6z6jEJHoiTA+u 1LYB07Z+bXOU7lRS6XC52p1qWdky2eJXaJ6GdnxukZ6+rn2D+pBLILnDU9798w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671741257; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jWOOrpdUGCIS4lG/ShyBug1k0bcXtZiLhHZmT2UnEm8=; b=ni49C0jTrYvHnGNFNuUhlVAECk5Znebq4ceMp0TyePR2K3H7rFMlHL8PdztO+ZyN1bbQSt 86gbjOtJ4vQL6TJhz71BWZysVVfH+gQKfyt7Ho1fhsvpJwMCq75ZxFJCCBQQDsUlzol1kH X4Xq+GabJDv7qL3QBZyRU6xcSaT8u/95vb+Qzby3eHCMj+pI8JQARIFaAJMNt5Trv8KXrd 1JPWrBO0vCZvyD+QQjK5vNul4B2LA/QoOow8aE1rn+blQ6lqDnYfEjNn8rPLEAYfgNJans JJX9t8aZQu2rIN/kyHLblCHV9ba5rX/itmwrAnwTm2uKSf37nPMZCkSxjtAFqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1671741257; a=rsa-sha256; cv=none; b=dJIdtgMTSuv3Cb8opZrmtMPquOt291SiD348MhxKfx9r5gwYEHWT6LiqhfEtS/Dyq+5xI/ AN52d2pm1ZE8JxMg7EcnSzdHS7WLzovf36rMqbIpBqy0sCygtBDiX58nuN5PYvZQJ/IT5D 1dczaD20Hy+67epxesYlhcKi5TEF5fiSqFj/k3BHhVbnq7L+BSAD1So0I0C70wh6EHSTWf 9qRcspTxB2KRk7jgtfkBI7UmluDzLSfU8xFFnSXxo/6FlXzjZ3cK6HL6UAICsn97Sbur4v cr7qzXOvQZAkKEeyAEKpFIGZhpu2tAxEfzgf+xufF56kArOF9syik7cWuwRMWQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NdMVK5F3yz17VG; Thu, 22 Dec 2022 20:34:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2BMKYHQR097850; Thu, 22 Dec 2022 20:34:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2BMKYHlm097849; Thu, 22 Dec 2022 20:34:17 GMT (envelope-from git) Date: Thu, 22 Dec 2022 20:34:17 GMT Message-Id: <202212222034.2BMKYHlm097849@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Doug Moore Subject: git: 5b9b55fbc432 - main - iommu_gas: avoid overflow in bounds check List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dougm X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5b9b55fbc43261fc1467caaf7f2b70b8f752e479 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by dougm: URL: https://cgit.FreeBSD.org/src/commit/?id=5b9b55fbc43261fc1467caaf7f2b70b8f752e479 commit 5b9b55fbc43261fc1467caaf7f2b70b8f752e479 Author: Doug Moore AuthorDate: 2022-12-22 20:31:57 +0000 Commit: Doug Moore CommitDate: 2022-12-22 20:31:57 +0000 iommu_gas: avoid overflow in bounds check Change the range test in iommu_gas_match_one from '< ubound' to '<= ubound', and pass a smaller-by-one ubound parameter to it, to avoid overflow in ubound calculation. Reported by: andrew Reviewed by: andrew (previous version) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D37764 --- sys/dev/iommu/iommu_gas.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/dev/iommu/iommu_gas.c b/sys/dev/iommu/iommu_gas.c index 5654bc7ed8de..86fc3bfa093c 100644 --- a/sys/dev/iommu/iommu_gas.c +++ b/sys/dev/iommu/iommu_gas.c @@ -309,7 +309,7 @@ struct iommu_gas_match_args { /* * The interval [beg, end) is a free interval between two iommu_map_entries. - * Addresses can be allocated only in the range [lbound, ubound). Try to + * Addresses can be allocated only in the range [lbound, ubound]. Try to * allocate space in the free interval, subject to the conditions expressed by * a, and return 'true' if and only if the allocation attempt succeeds. */ @@ -332,10 +332,10 @@ iommu_gas_match_one(struct iommu_gas_match_args *a, iommu_gaddr_t beg, start = roundup2(beg, a->common->alignment); if (start < beg) return (false); - end = MIN(end - IOMMU_PAGE_SIZE, ubound); + end = MIN(end - IOMMU_PAGE_SIZE - 1, ubound); offset = a->offset; size = a->size; - if (start + offset + size > end) + if (start + offset + size - 1 > end) return (false); /* Check for and try to skip past boundary crossing. */ @@ -349,7 +349,7 @@ iommu_gas_match_one(struct iommu_gas_match_args *a, iommu_gaddr_t beg, beg = roundup2(start + offset + 1, a->common->boundary); start = roundup2(beg, a->common->alignment); - if (start + offset + size > end || + if (start + offset + size - 1 > end || !vm_addr_bound_ok(start + offset, size, a->common->boundary)) { /* @@ -453,7 +453,7 @@ iommu_gas_find_space(struct iommu_domain *domain, * Walk the big-enough ranges tree until one satisfies alignment * requirements, or violates lowaddr address requirement. */ - addr = a->common->lowaddr + 1; + addr = a->common->lowaddr; for (curr = first; curr != NULL; curr = iommu_gas_next(curr, min_free)) { if ((first = RB_LEFT(curr, rb_entry)) != NULL && @@ -464,7 +464,7 @@ iommu_gas_find_space(struct iommu_domain *domain, return (0); } if (curr->end >= addr) { - /* All remaining ranges >= addr */ + /* All remaining ranges > addr */ break; } if ((first = RB_RIGHT(curr, rb_entry)) != NULL && @@ -502,14 +502,14 @@ iommu_gas_find_space(struct iommu_domain *domain, curr = iommu_gas_next(curr, min_free)) { if ((first = RB_LEFT(curr, rb_entry)) != NULL && iommu_gas_match_one(a, first->last, curr->start, - addr + 1, domain->end)) { + addr + 1, domain->end - 1)) { RB_INSERT_PREV(iommu_gas_entries_tree, &domain->rb_root, curr, a->entry); return (0); } if ((first = RB_RIGHT(curr, rb_entry)) != NULL && iommu_gas_match_one(a, curr->end, first->first, - addr + 1, domain->end)) { + addr + 1, domain->end - 1)) { RB_INSERT_NEXT(iommu_gas_entries_tree, &domain->rb_root, curr, a->entry); return (0);