mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-10-18 02:19:39 +00:00
Code Issues Releases Activity
a35564358a
freebsd/usr.sbin/bhyve
History
Chuck Tuffli 5374b9e146 bhyve/nvme: Fix Infinite loop in queue processing 
In the functions pci_nvme_handle_admin_cmd and pci_nvme_handle_io_cmd
infinite loops are possible in the bhyve process if the sq->tail value
is greater than sq->size.

An attacker could overload the host CPU.

Fix is to validate that doorbell values:
 - Are for a valid (i.e., created) queue
 - Are not the same as the previous value
 - Fit within the available capacity

The emulation will generate an Asynchronous Event Notification (Invalid
Doorbell or Invalid Doorbell Value) if enabled and ignore the doorbell
update.

While in the neighborhood, remove a redundant bounds check.

Reported by:	Synacktiv
MFC after:	1 week
Security:	HYP-14
Sponsored by:	Alpha-Omega Project
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D46064
2024-10-13 06:58:50 -07:00
..
aarch64 bhyve: Assert success in a couple of libvmmapi calls 2024-07-31 22:41:30 +00:00
amd64 bhyve: Make boot ROM handling more consistent 2024-08-19 13:55:47 +00:00
gdb bhyve: Add arm64 support to the gdb stub 2024-06-04 15:03:17 -04:00
kbdlayout Remove residual blank line at start of Makefile 2024-07-15 16:43:39 -06:00
acpi_device.c
acpi_device.h
acpi.c bhyve: return ENOMEM instead of EFAULT and call free() after being used 2024-01-16 09:39:25 -05:00
acpi.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
ahci.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
audio.c bhyve/audio.c: avoid re-calculating the length of dev_name 2023-12-26 09:36:31 -07:00
audio.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
basl.c bhyve: add config option to load ACPI tables into memory 2023-08-22 07:49:00 +02:00
basl.h bhyve: maintain RSDT and XSDT by basl 2023-06-20 10:56:23 +02:00
bhyve_config.5 bhyve: Add raw tcp to uart backend 2024-09-19 09:20:25 +00:00
bhyve.8 manuals: Fix "skipping end of block" .El errors 2024-10-07 15:37:47 -03:00
bhyvegc.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
bhyvegc.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
bhyverun.c bhyve: Make boot ROM handling more consistent 2024-08-19 13:55:47 +00:00
bhyverun.h bhyve: Fix handling of -r 2024-04-29 10:13:50 -04:00
block_if.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
block_if.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
bootrom.c bhyve: Make boot ROM handling more consistent 2024-08-19 13:55:47 +00:00
bootrom.h bhyve: Make boot ROM handling more consistent 2024-08-19 13:55:47 +00:00
config.c Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
config.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
console.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
console.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
debug.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
gdb.c bhyve: Optionally put vCPUs back in the debug state after resuming 2024-08-07 19:27:23 +00:00
gdb.h bhyve: refactor gdbstub to enable single-stepping on AMD CPUs 2023-12-12 15:28:59 -08:00
hda_codec.c bhyve: improve bounds checks in hda_codec 2024-10-03 17:14:11 -04:00
hda_reg.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
hdac_reg.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
iov.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
iov.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
ipc.h
libslirp.h bhyve: Add a slirp network backend 2023-11-22 15:18:46 -05:00
Makefile ctl: Support NVMe requests in debug trace functions 2024-05-02 16:31:34 -07:00
Makefile.depend Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.depend.options Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
mem.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
mem.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
mevent_test.c Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
mevent.c bhyve: Extend mevent to support updating timers 2024-04-10 11:17:56 -04:00
mevent.h bhyve: Extend mevent to support updating timers 2024-04-10 11:17:56 -04:00
net_backend_netgraph.c bhyve: Split backends into separate files 2023-11-22 15:18:46 -05:00
net_backend_netmap.c bhyve: Split backends into separate files 2023-11-22 15:18:46 -05:00
net_backend_slirp.c bhyve: correct slirp_recv_disable() 2024-01-17 09:12:44 -09:00
net_backends_priv.h bhyve: Split backends into separate files 2023-11-22 15:18:46 -05:00
net_backends.c bhyve: Split backends into separate files 2023-11-22 15:18:46 -05:00
net_backends.h bhyve: Split backends into separate files 2023-11-22 15:18:46 -05:00
net_utils.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
net_utils.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
pci_ahci.c bhyve: Initialize stack buffer in pci_ahci 2024-09-26 14:06:10 -04:00
pci_e82545.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_emul.c bhyve: Fix an inverted check when enabling PCI busmastering 2024-09-21 13:42:15 +00:00
pci_emul.h bhyve: Support legacy PCI interrupts on arm64 2024-04-10 11:17:56 -04:00
pci_fbuf.c bhyve: avoid updating fbaddr when vm_mmap_memseg fails 2024-08-26 16:23:52 -04:00
pci_hda.c bhyve: validate corb->wp to avoid infinite loop 2024-09-22 07:25:02 -04:00
pci_hda.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
pci_hostbridge.c Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
pci_irq.h bhyve: Support legacy PCI interrupts on arm64 2024-04-10 11:17:56 -04:00
pci_nvme.c bhyve/nvme: Fix Infinite loop in queue processing 2024-10-13 06:58:50 -07:00
pci_passthru.c bhyve: Treat the COMMAND register for PCI passthru devices as emulated 2024-07-31 10:50:33 -04:00
pci_passthru.h bhyve: Improve pcifd function naming 2023-10-04 12:53:16 -04:00
pci_uart.c bhyve: Move device model-independent UART code into a separate file 2024-03-21 01:04:48 -04:00
pci_virtio_9p.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_virtio_block.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_virtio_console.c bhyve: avoid buffer overflow in pci_vtcon_control_send 2024-09-30 08:01:28 -04:00
pci_virtio_input.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_virtio_net.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_virtio_rnd.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_virtio_scsi.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pci_xhci.c bhyve: simplify slot validation in xHCI emulation 2024-09-21 13:36:10 -04:00
pci_xhci.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
pctestdev.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
pctestdev.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
qemu_fwcfg.c bhyve: fix buffer overflow in QemuFwCfg 2023-10-17 15:57:28 +02:00
qemu_fwcfg.h
qemu_loader.c
qemu_loader.h
rfb.c bhyve: support noVNC SetPixelFormat request 2024-09-09 10:21:17 -07:00
rfb.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
rtc_pl031.c bhyve: Implement a PL031 RTC on arm64 2024-04-10 11:17:56 -04:00
rtc_pl031.h bhyve: Implement a PL031 RTC on arm64 2024-04-10 11:17:56 -04:00
smbiostbl.c bhyve: Use vm_get_highmem_base() instead of hard-coding the value 2024-04-10 11:17:55 -04:00
smbiostbl.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
snapshot.c bhyve: Use vm_get_highmem_base() instead of hard-coding the value 2024-04-10 11:17:55 -04:00
snapshot.h bhyve: Remove init_snapshot() and initialize static vars 2023-10-17 14:26:51 -04:00
sockstream.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
sockstream.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
tpm_device.c bhyve: add cmdline option for TPM emulation 2023-08-17 08:17:59 +02:00
tpm_device.h bhyve: add cmdline option for TPM emulation 2023-08-17 08:17:59 +02:00
tpm_emul_passthru.c bhyve: emulate TPM passthru by accessing /dev/tpmX 2023-08-10 09:23:42 +02:00
tpm_emul.h bhyve/tpm: create crb thread for sending tpm commands 2023-06-20 10:59:00 +02:00
tpm_intf_crb.c bhyve: avoid a potential deadlock 2024-08-05 09:48:22 +02:00
tpm_intf.h bhyve: add emulation for CRB register of TPM devices 2023-08-10 09:23:33 +02:00
tpm_ppi_qemu.c bhyve: fix Out-Of-Bounds read/write heap in tpm_ppi_mem_handler 2024-09-04 14:38:11 +00:00
tpm_ppi.h bhyve: add Qemu PPI emulation for TPM devices 2023-08-14 10:17:36 +02:00
uart_backend.c bhyve uart: Fix errors from GCC 2024-10-02 17:31:59 -04:00
uart_backend.h bhyve: Move lock of uart frontend to uart backend 2024-05-01 11:09:31 -04:00
uart_emul.c bhyve: Move lock of uart frontend to uart backend 2024-05-01 11:09:31 -04:00
uart_emul.h bhyve: Add PL011 UART emulation 2024-04-10 11:17:55 -04:00
uart_pl011.c bhyve: Move lock of uart frontend to uart backend 2024-05-01 11:09:31 -04:00
usb_emul.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
usb_emul.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
usb_mouse.c Fix issue with Linux guest XHCI tablet probing. 2024-01-14 21:38:55 +10:00
virtio.c bhyve: avoid TOCTOU on iov_len in virtio_vq_recordon() 2024-09-27 10:20:53 -04:00
virtio.h usr.sbin: Remove repeated words 2024-04-11 11:53:37 -06:00
vmexit.h bhyve: Split vmexit handling into a separate file 2023-10-04 12:53:16 -04:00
vmgenc.c usr.sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:01 -07:00
vmgenc.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00