Page MenuHomeFreeBSD

Rework pass through changes in r305485 to be safer.

Authored by jhb on Oct 13 2017, 4:46 PM.



Specifically, devices that do not support PCI-e FLR and were not
gracefully shutdown by the guest OS could continue to issue DMA
requests after the VM was terminated. The changes in r305485 meant
that those DMA requests were completed against the host's memory which
could result in random memory corruption. Instead, leave ppt devices
that are not attached to a VM disabled in the IOMMU and only restore
the devices to the host domain if the ppt(4) driver is detached from a

As an added safety belt, disable busmastering for a pass-through device
when before adding it to the host domain during ppt(4) detach.

Tested by: Harry Schmalzbauer <>

Perhaps the busmaster disable should be done when detaching a ppt
device from a VM in case the reset fails to disable busmastering?

Test Plan
  • Harry was able to reliably reproduce corruption when shutting down a VM with a non-FLR capable device when r307485 was applied. This change removed the corruption.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb created this revision.Oct 13 2017, 4:46 PM

Looking at this...

grehan accepted this revision.Oct 27 2017, 2:04 PM

Matt Macy has some additional reset code for non-FLR devices (in his case GPGPUs).

This revision is now accepted and ready to land.Oct 27 2017, 2:04 PM
This revision was automatically updated to reflect the committed changes.