xen/intr: fix overflow of Xen interrupt range
The comparison was wrong. Hopefully this never occurred in the wild, but now ensure the error message will occur before damage is caused. This appears non-exploitable as exploitation would require a guest to force Domain 0 to allocate all event channels, which a guest shouldn't be able to do. Adjust the error message to better describe what has occurred. Reviewed by: royger MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30743
This commit is contained in:
parent
2d5e325303
commit
0ebf9bb42d
@ -314,10 +314,10 @@ xen_intr_alloc_isrc(enum evtchn_type type)
|
|||||||
|
|
||||||
KASSERT(mtx_owned(&xen_intr_isrc_lock), ("Evtchn alloc lock not held"));
|
KASSERT(mtx_owned(&xen_intr_isrc_lock), ("Evtchn alloc lock not held"));
|
||||||
|
|
||||||
if (xen_intr_auto_vector_count > NR_EVENT_CHANNELS) {
|
if (xen_intr_auto_vector_count >= NR_EVENT_CHANNELS) {
|
||||||
if (!warned) {
|
if (!warned) {
|
||||||
warned = 1;
|
warned = 1;
|
||||||
printf("%s: Event channels exhausted.\n", __func__);
|
printf("%s: Xen interrupts exhausted.\n", __func__);
|
||||||
}
|
}
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user