Diffusion FreeBSD src repository 798030a4e8d0

bhyve: validate corb->wp to avoid infinite loop
798030a4e8d0
Actions

Description

bhyve: validate corb->wp to avoid infinite loop

Guests must set HDAC_CORBWP less than corb->size. Treat invalid values
as an error rather than entering an infinite loop.

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-12
Security: FreeBSD-SA-24:17.bhyve
Approved by: so
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46134

(cherry picked from commit a305f44d1404fbf386bb2b50ab7233ce9eabe0bb)
(cherry picked from commit 6a645bb3535cb73b1f20db652c9e3893f26a986e)
(cherry picked from commit 867aaad5c2bfdd8326fc805964e711ccfbb18d1e)

Details

Provenance

emaste

Authored on Sep 19 2024, 6:57 PM

Reviewer

markj

Differential Revision

Restricted Differential Revision

Parents

rG1c48a9b47821: bhyve: avoid TOCTOU on iov_len in virtio_vq_recordon()

Branches

Unknown

Tags

Unknown

Event Timeline

emaste committed rG798030a4e8d0: bhyve: validate corb->wp to avoid infinite loop (authored by emaste).Tue, Oct 29, 6:46 PM

emaste added an edge: Restricted Differential Revision.Tue, Oct 29, 6:54 PM

Changes (1)

Path

Size

usr.sbin/

bhyve/

pci_hda.c

rG798030a4e8d0

View Options