git: 0ebf9bb42d7c - main - xen/intr: fix overflow of Xen interrupt range
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Mar 2023 07:52:27 UTC
The branch main has been updated by royger: URL: https://cgit.FreeBSD.org/src/commit/?id=0ebf9bb42d7cb94e28a69cfc8efeb17dc9468955 commit 0ebf9bb42d7cb94e28a69cfc8efeb17dc9468955 Author: Elliott Mitchell <ehem+freebsd@m5p.com> AuthorDate: 2021-05-11 22:11:06 +0000 Commit: Roger Pau Monné <royger@FreeBSD.org> CommitDate: 2023-03-29 07:51:39 +0000 xen/intr: fix overflow of Xen interrupt range The comparison was wrong. Hopefully this never occurred in the wild, but now ensure the error message will occur before damage is caused. This appears non-exploitable as exploitation would require a guest to force Domain 0 to allocate all event channels, which a guest shouldn't be able to do. Adjust the error message to better describe what has occurred. Reviewed by: royger MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30743 --- sys/x86/xen/xen_intr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/x86/xen/xen_intr.c b/sys/x86/xen/xen_intr.c index 37b18c05b8a6..ca0f56a8546a 100644 --- a/sys/x86/xen/xen_intr.c +++ b/sys/x86/xen/xen_intr.c @@ -314,10 +314,10 @@ xen_intr_alloc_isrc(enum evtchn_type type) KASSERT(mtx_owned(&xen_intr_isrc_lock), ("Evtchn alloc lock not held")); - if (xen_intr_auto_vector_count > NR_EVENT_CHANNELS) { + if (xen_intr_auto_vector_count >= NR_EVENT_CHANNELS) { if (!warned) { warned = 1; - printf("%s: Event channels exhausted.\n", __func__); + printf("%s: Xen interrupts exhausted.\n", __func__); } return (NULL); }