Chuck Tuffli 5374b9e146 bhyve/nvme: Fix Infinite loop in queue processing ... In the functions pci_nvme_handle_admin_cmd and pci_nvme_handle_io_cmd infinite loops are possible in the bhyve process if the sq->tail value is greater than sq->size. An attacker could overload the host CPU. Fix is to validate that doorbell values: - Are for a valid (i.e., created) queue - Are not the same as the previous value - Fit within the available capacity The emulation will generate an Asynchronous Event Notification (Invalid Doorbell or Invalid Doorbell Value) if enabled and ignore the doorbell update. While in the neighborhood, remove a redundant bounds check. Reported by: Synacktiv MFC after: 1 week Security: HYP-14 Sponsored by: Alpha-Omega Project Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46064		2024-10-13 06:58:50 -07:00
..
ac
accton
acpi
adduser
apm
apmd
arp
audit
auditd
auditdistd
auditreduce
authpf
autofs
bhyve
bhyvectl
bhyveload
binmiscctl
blacklistctl
blacklistd
bluetooth
boot0cfg
bootparamd
boottrace
bsdconfig
bsdinstall
bsnmpd
btxld
camdd
cdcontrol
certctl
chkgrp
chown
chroot
ckdist
clear_locks
config
cpucontrol
crashinfo
cron
crunch
ctladm
ctld
cxgbetool
daemon
dconschat
devctl
devinfo
diskinfo
dumpcis
editmap
edquota
efibootmgr
efidp
efitable
efivar
efiwake
etcupdate
extattr
extattrctl
fdcontrol
fdformat
fdread
fdwrite
fifolog
flowctl
freebsd-update
fstyp
ftp-proxy
fwcontrol
fwget
getfmac
getpmac
gpioctl
gssd
gstat
hyperv
i2c
ifmcstat
inetd
iostat
iovctl
ip6addrctl
ipfwpcap
iscsid
jail
jexec
jls
kbdcontrol
kbdmap
keyserv
kldxref
lastlogin
lpr
lptcontrol
mailstats
mailwrapper
makefs
makemap
manctl
memcontrol
mfiutil
mixer
mld6query
mlx5tool
mlxcontrol
mount_smbfs
mountd
moused
mpsutil
mptable
mptutil
mtest
ndp
newsyslog
nfscbd
nfsd
nfsdumpstate
nfsrevoke
nfsuserd
ngctl
nghook
nmtree
nologin
nscd
ntp
nvmfd
nvram
ofwdump
pciconf
periodic
pkg
pmc
pmcannotate
pmccontrol
pmcstat
pmcstudy
pnfsdscopymr
pnfsdsfile
pnfsdskill
pnpinfo
powerd
ppp
pppctl
praliases
praudit
prometheus_sysctl_exporter
pstat
pw
pwd_mkdb
pwm
quot
quotaon
rarpd
repquota
rip6query
rmt
route6d
rpc.lockd
rpc.statd
rpc.tlsclntd
rpc.tlsservd
rpc.umntall
rpc.yppasswdd
rpc.ypupdated
rpc.ypxfrd
rpcbind
rrenumd
rtadvctl
rtadvd
rtprio
rtsold
rwhod
sa
sendmail
service
services_mkdb
sesutil
setfib
setfmac
setpmac
smbmsg
snapinfo
spi
spkrtest
spray
syslogd
sysrc
tcpdchk
tcpdmatch
tcpdrop
tcpdump
tcpsso
tests
traceroute
traceroute6
trim
tzsetup
uathload
uefisign
ugidfw
uhsoctl
unbound
usbconfig
usbdump
utx
valectl
vidcontrol
vigr
vipw
wake
watch
watchdogd
wlandebug
wpa
yp_mkdb
ypbind
ypldap
yppoll
yppush
ypserv
ypset
zdump
zic
zonectl
zzz
Makefile
Makefile.aarch64
Makefile.amd64
Makefile.i386
Makefile.inc
Makefile.powerpc