git: 0ea87a8fbc89 - stable/13 - bhyve: Correct unmapping of the MSI-X table BAR
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 08 Jan 2022 15:22:20 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=0ea87a8fbc892ea32e4fef2b31589a466fffe816
commit 0ea87a8fbc892ea32e4fef2b31589a466fffe816
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-01-05 15:08:13 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-01-08 15:21:58 +0000
bhyve: Correct unmapping of the MSI-X table BAR
The starting address passed to mprotect was wrong, so in the case where
the last page containing the table is not the last page of the BAR, the
wrong region would be unmapped.
Reported by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: jhb
Fixes: 7fa233534736 ("bhyve: Map the MSI-X table unconditionally for passthrough")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 4558c11f1b4dfd7fd505d70b79467eb7f1193f07)
---
usr.sbin/bhyve/pci_passthru.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/usr.sbin/bhyve/pci_passthru.c b/usr.sbin/bhyve/pci_passthru.c
index bf99c646c480..313f73dc4df1 100644
--- a/usr.sbin/bhyve/pci_passthru.c
+++ b/usr.sbin/bhyve/pci_passthru.c
@@ -462,7 +462,7 @@ init_msix_table(struct vmctx *ctx, struct passthru_softc *sc, uint64_t base)
table_size = roundup2(table_size, 4096);
/*
- * Unmap any pages not covered by the table, we do not need to emulate
+ * Unmap any pages not containing the table, we do not need to emulate
* accesses to them. Avoid releasing address space to help ensure that
* a buggy out-of-bounds access causes a crash.
*/
@@ -471,7 +471,8 @@ init_msix_table(struct vmctx *ctx, struct passthru_softc *sc, uint64_t base)
PROT_NONE) != 0)
warn("Failed to unmap MSI-X table BAR region");
if (table_offset + table_size != pi->pi_msix.mapped_size)
- if (mprotect(pi->pi_msix.mapped_addr,
+ if (mprotect(
+ pi->pi_msix.mapped_addr + table_offset + table_size,
pi->pi_msix.mapped_size - (table_offset + table_size),
PROT_NONE) != 0)
warn("Failed to unmap MSI-X table BAR region");