core dumps running in bhyve

[Chuck Tuffli]

On Fri, Dec 28, 2018 at 3:53 AM Fabian Freyer
<fabian.freyer at physik.tu-berlin.de> wrote:
>
> CCing freebsd-virtualization@, because they might know more about this.
>
> Am 25.12.2018 um 02:24 schrieb Chuck Tuffli:
> > Using the latest bhyve, I'm seeing core dumps in the guest when running:
> >      nvmecontrol identify nvme0
> > against the emulated NVMe drive. The location of the core dump changes
> > from run to run, but I suspect the root cause is a memory corruption
> > caused by the transfer of the Identify data (4KB) back to the guest.
> > This transfer of data is actually a memcpy to an address returned from
> > vm_map_gpa() based on the physical address provided by the guest.
> >
> > Based on the signature of one of the core dumps, I modified
> > nvmecontrol to always pass a 4KB aligned buffer to the driver instead
> > of the (typically) unaligned address of the structure on the stack.
> > With this change, nvmecontrol in the guest no longer core dumps. What
> > I don't understand is why this changes the behavior. Do the addresses
> > passed to vm_map_gpa() need to be page aligned?
>
> AFAIK vm_map_gpa maps a page, so yes, it needs to be 4k-aligned.
>
> > Or did moving the
> > memory location from the stack to the heap merely mitigate what is
> > corrupted?

Thanks Fabian for the redirect to a better list.

FWIW, the issue is with bhyve's NVMe emulation code and not anything
to do with vm_map_gpa() per se. See https://reviews.freebsd.org/D19695
for those who are curious.

--chuck