d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
30e0d2a510
freebsd-nq/usr.sbin/bhyve
History
John Baldwin cf57f20edc bhyve: Fix a buffer overread in the PCI hda device model. 
The sc->codecs array contains HDA_CODEC_MAX (15) entries.  The
guest-supplied cad field in the verb provided to hda_send_command is a
4-bit field that was used as an index into sc->codecs without any
bounds checking.  The highest value (15) would overflow the array.

Other uses of sc->codecs in the device model used sc->codecs_no to
determine which array indices have been initialized, so use a similar
check to reject requests for uninitialized or invalid cad indices in
hda_send_command.

PR:		264582
Reported by:	Robert Morris <rtm@lcs.mit.edu>
Reviewed by:	corvink, markj, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D38128
2023-01-20 09:58:38 -08:00
..
kbdlayout bhyve/kdblayout: add some missing keys to german layout 2022-11-15 07:48:27 +01:00
acpi.c bhyve: build SPCR ACPI table 2022-12-06 12:58:27 +01:00
acpi.h bhyve(8): Add VM Generation Counter ACPI device 2020-04-15 02:00:17 +00:00
ahci.h
atkbdc.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
atkbdc.h Initial support for bhyve save and restore. 2020-05-05 00:02:04 +00:00
audio.c bhyve: Address compiler warnings in audio.c 2022-09-29 12:36:44 -04:00
audio.h bhyve: Address compiler warnings in audio.c 2022-09-29 12:36:44 -04:00
basl.c bhyve: use dynamic ACPI table offsets 2022-11-21 09:28:01 +01:00
basl.h bhyve: build SPCR ACPI table 2022-12-06 12:58:27 +01:00
bhyve_config.5 bhyve: Support other schemes for naming pass-through devices. 2022-08-19 14:58:55 -07:00
bhyve.8 bhyve: Support other schemes for naming pass-through devices. 2022-08-19 14:58:55 -07:00
bhyvegc.c
bhyvegc.h
bhyverun.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
bhyverun.h bhyve: Simplify setting vCPU capabilities. 2022-12-21 10:31:16 -08:00
block_if.c bhyve: Address some signed/unsigned comparison warnings 2022-10-25 11:16:57 -04:00
block_if.h bhyve: Snapshot impovements for 'blockif' backend 2022-06-23 11:46:06 -07:00
bootrom.c bhyve: Annotate unused function parameters 2022-10-08 11:33:21 -04:00
bootrom.h bhyve: add varfile option to nvlist of lpc device 2022-03-02 22:50:24 -09:00
config.c bhyve: Fix a typo in a comment 2022-11-14 09:01:00 -05:00
config.h bhyve(4): Remove a double word in a source code comment 2022-09-04 13:57:00 +02:00
console.c Append Keyboard Layout specified option for using VNC. 2021-04-21 12:40:44 +02:00
console.h Append Keyboard Layout specified option for using VNC. 2021-04-21 12:40:44 +02:00
debug.h
fwctl.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
fwctl.h
gdb.c bhyve: Address some signed/unsigned comparison warnings 2022-10-25 11:16:57 -04:00
gdb.h byhve: add option to specify IP address for gdb 2021-08-21 19:43:17 +02:00
hda_codec.c bhyve: Make hda_ops function tables const 2022-10-23 11:11:33 -04:00
hda_reg.h bhyve: clean up trailing whitespaces 2021-12-27 19:58:10 +02:00
hdac_reg.h
inout.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
inout.h bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
ioapic.c
ioapic.h
iov.c bhyve: Avoid arithmetic on void pointers 2022-10-23 11:11:33 -04:00
iov.h
ipc.h bhyve: Use the proper type for string literals 2022-10-23 11:11:33 -04:00
kernemu_dev.c vmm(4), bhyve(8): Expose kernel-emulated special devices to userspace 2020-05-15 15:54:22 +00:00
kernemu_dev.h vmm(4), bhyve(8): Expose kernel-emulated special devices to userspace 2020-05-15 15:54:22 +00:00
Makefile bhyve: Enable the default compiler warnings 2022-11-18 14:12:51 -05:00
Makefile.depend Initial support for bhyve save and restore. 2020-05-05 00:02:04 +00:00
Makefile.depend.options
mem.c bhyve: Mark variables and functions as static where appropriate 2022-08-16 14:21:44 -04:00
mem.h bhyve: Allocate mmio_hint array based on number of guest CPUs. 2022-03-09 15:38:49 -08:00
mevent_test.c bhyve: clean up trailing whitespaces 2021-12-27 19:58:10 +02:00
mevent.c bhyve: Annotate unused function parameters 2022-10-08 11:33:21 -04:00
mevent.h bhyve: clean up trailing whitespaces 2021-12-27 19:58:10 +02:00
mptbl.c bhyve: Annotate unused function parameters 2022-10-08 11:33:21 -04:00
mptbl.h
net_backends.c bhyve: Define an accessor for net backend private data 2022-11-11 10:01:40 -05:00
net_backends.h Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
net_utils.c Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
net_utils.h Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
pci_ahci.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_e82545.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_emul.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_emul.h bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_fbuf.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_hda.c bhyve: Fix a buffer overread in the PCI hda device model. 2023-01-20 09:58:38 -08:00
pci_hda.h bhyve: Make hda_ops function tables const 2022-10-23 11:11:33 -04:00
pci_hostbridge.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_irq.c bhyve: Address some signed/unsigned comparison warnings 2022-10-25 11:16:57 -04:00
pci_irq.h
pci_lpc.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_lpc.h bhyve: Use "void" instead of empty parameter lists 2022-08-16 14:21:44 -04:00
pci_nvme.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_passthru.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_passthru.h bhyve: export funcs for read/write pci config 2022-03-10 12:30:02 +01:00
pci_uart.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_9p.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_block.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_console.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_input.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_net.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_rnd.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_virtio_scsi.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_xhci.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
pci_xhci.h bhyve: Drop volatile qualifiers from xhci hw struct fields 2022-11-11 10:01:52 -05:00
pctestdev.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
pctestdev.h Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
pm.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
post.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
ps2kbd.c bhyve: Fix some warnings in the ps2 emulation code 2022-10-23 11:11:33 -04:00
ps2kbd.h Initial support for bhyve save and restore. 2020-05-05 00:02:04 +00:00
ps2mouse.c bhyve: Fix some warnings in the ps2 emulation code 2022-10-23 11:11:33 -04:00
ps2mouse.h bhyve: clean up trailing whitespaces 2021-12-27 19:58:10 +02:00
rfb.c bhyve: Make sure that the VNC version is initialized 2022-10-27 10:48:55 -04:00
rfb.h bhyve: Sprinkle const qualifiers where appropriate 2022-08-16 14:21:44 -04:00
rtc.c bhyve: Annotate unused function parameters 2022-10-08 11:33:21 -04:00
rtc.h Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
smbiostbl.c bhyve: Address an unused parameter warning in the smbios code 2022-11-18 14:11:48 -05:00
smbiostbl.h
snapshot.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
snapshot.h bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
sockstream.c
sockstream.h
spinup_ap.c bhyve: Simplify spinup_ap_realmode slightly. 2022-12-21 10:33:34 -08:00
spinup_ap.h bhyve: Remove unused return value from spinup_ap. 2022-12-21 10:31:02 -08:00
task_switch.c bhyve: Remove unused vm and vcpu arguments from vm_copy routines. 2022-11-18 10:25:36 -08:00
uart_emul.c bhyve: Address some signed/unsigned comparison warnings 2022-10-25 11:16:57 -04:00
uart_emul.h Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
usb_emul.c Refactor configuration management in bhyve. 2021-03-18 16:30:26 -07:00
usb_emul.h bhyve: Use the proper type for string literals 2022-10-23 11:11:33 -04:00
usb_mouse.c bhyve: USB device model structures can be qualified with "static" 2022-10-23 11:11:33 -04:00
vga.c bhyve: Remove the unused vcpu argument from all of the I/O port handlers. 2022-12-09 10:35:44 -08:00
vga.h bhyve: Put the prototype for vga_render() in a header 2022-10-23 11:11:33 -04:00
virtio.c bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
virtio.h bhyve: Remove vmctx argument from PCI device model methods. 2023-01-19 10:30:18 -08:00
vmgenc.c bhyve(8): Correct copyright boilerplate for r359950 2020-04-15 05:55:14 +00:00
vmgenc.h bhyve(8): Correct copyright boilerplate for r359950 2020-04-15 05:55:14 +00:00
xmsr.c bhyve: Implement MSR_MISC_FEATURES_ENABLES 2022-10-27 11:34:41 -06:00
xmsr.h