Page MenuHomeFreeBSD

Don't simulate PBA access if the PBA is in a separate BAR.
ClosedPublic

Authored by jhb on Jun 5 2019, 4:10 PM.

Details

Summary

bhyve has to virtualize the MSI-X table to trap reads and writes to
that table and map those to virtual interrupts that it maps real host
interrupts on to. For the pending-bit-array (PBA), bhyve passes
accesses from the guest directly to the hardware.

bhyve's virtualization of the MSI-X table is done by intercepting all
reads and writes to the BAR holding the MSI-X table. However, if the
PBA is stored in the same BAR as the MSI-X table, accesses to the PBA
portion of this BAR have to be forwarded to the real BAR.

However, in the case that the PBA was stored in a separate BAR and
it's offset in that separate BAR overlapped with the portion of the
MSI-X table BAR that the table used, the handlers for the table BAR
would incorrectly think that some accesses were PBA reads and writes.
This caused a crash in bhyve when it indirected a NULL pointer. Fix
this case by never trying to handle PBA access if the PBA lives in a
separate BAR.

Reported by: gallatin

Test Plan
  • drew is going to test this. :)

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 24699
Build 23466: arc lint + arc unit

Event Timeline

jhb created this revision.Jun 5 2019, 4:10 PM
This revision is now accepted and ready to land.Jun 5 2019, 4:46 PM
markj accepted this revision as: markj.Jun 5 2019, 5:28 PM

Just wanted to chime in that this, in combination with https://reviews.freebsd.org/D20525, allows me to pass through an add-in USB XHCI controller to a guest OS. Before this patch, bhyve would segv.

This revision was automatically updated to reflect the committed changes.