[Bug 207031] ixv driver accesses offsets beyond the VF's PCI BAR
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Feb 8 22:27:06 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207031
Bug ID: 207031
Summary: ixv driver accesses offsets beyond the VF's PCI BAR
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: jlott at averesystems.com
Created attachment 166757
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=166757&action=edit
Proposed patch
The ixv driver incorrectly accesses the following non-VF registers: IXGBE_ERRBC
and IXGBE_RXCSUM. The offset of these registers is actually larger than the
VF's bar size, so it ends up overflowing and accessing the next BAR instead.
This could cause issues, but by happenstance it ends up writing to an unused
portion of the MSI-X table BAR of the VF, which seems to have no ill effect.
Could cause problems if the pci layout were changed/different and definitely
appears to be incorrect.
I attached a patch that removes these accesses. Removing the IXGBE_ERRBC access
should be no problem. For IXGBE_RXCSUM I'm less sure, but I don't see any
equivalent register to set in the VF register specification.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list