Page MenuHomeFreeBSD
Differential D54661

bhyve: fix USB mouse requests
ClosedPublic
Actions

Authored by chuck on Jan 11 2026, 11:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 15, 10:29 PM
Unknown Object (File)
Sun, Feb 8, 10:17 AM
Unknown Object (File)
Sun, Feb 8, 2:39 AM
Unknown Object (File)
Sun, Feb 1, 4:58 PM
Unknown Object (File)
Sat, Jan 31, 12:25 PM
Unknown Object (File)
Fri, Jan 30, 4:24 PM
Unknown Object (File)
Jan 26 2026, 2:11 AM
Unknown Object (File)
Jan 18 2026, 6:24 PM
View All 16 Files
Subscribers
bcran
emaste
rgrimes

Details

Reviewers
imp
jhb
markj
corvink
Group Reviewers
bhyve
Commits
rG10d5404adb11: bhyve: fix USB mouse requests
Summary

USB HCI requests may not include HCI transfer block structures (i.e.,
xfer->data[] == NULL), but in several places, the USB mouse emulation
code assumes one will exist. This can lead to a NULL pointer dereference
and a SEGV in the bhyve process as observed via experiments with an
Ubuntu guest and PyUSB code. Note that many of the cases processing
other request types already checked for data == NULL.

While in the neighborhood, fix a typo in the loop iterating over the
usb_data_xfer_block array which used the wrong variable to check for
valid data (idx vs. i).

Reported by: danmcd@edgecast.io
Obtained from: SmartOS
MFC after: 1 week
Relnotes: yes

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

chuck created this revision.Jan 11 2026, 11:15 PM
Herald added subscribers: bcran, rgrimes. · View Herald TranscriptJan 11 2026, 11:15 PM
chuck requested review of this revision.Jan 11 2026, 11:15 PM
Harbormaster completed remote builds in B69812: Diff 169491.Jan 11 2026, 11:15 PM
chuck added a comment.Jan 11 2026, 11:22 PM

Note this fixes the issue reported in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282237 and with commit 7631790422464de1aec309018e2c444defe5f629 differently, but the fix mirrors what SmartOS/illumos did to minimize diff's between the various bhyve implementations.

imp accepted this revision.Jan 12 2026, 12:44 AM

This works for me too. Feel free to revert the thing I committed.
I gotta work on tagging people better on github reviews

This revision is now accepted and ready to land.Jan 12 2026, 12:44 AM
emaste added a subscriber: emaste.Jan 12 2026, 1:37 AM
emaste added inline comments.
usr.sbin/bhyve/usb_mouse.c
346
chuck marked an inline comment as done.Thu, Feb 19, 6:15 PM
chuck updated this revision to Diff 172290.EditedThu, Feb 19, 10:23 PM

Address review feedback

This revision now requires review to proceed.Thu, Feb 19, 10:23 PM
Harbormaster completed remote builds in B70805: Diff 172290.Thu, Feb 19, 10:23 PM
This revision was not accepted when it landed; it landed in state Needs Review.Thu, Feb 19, 10:43 PM
Closed by commit rG10d5404adb11: bhyve: fix USB mouse requests (authored by chuck). · Explain Why
This revision was automatically updated to reflect the committed changes.
chuck added a commit: rG10d5404adb11: bhyve: fix USB mouse requests.

Revision Contents
Changeset List

PathSize
usr.sbin/
bhyve/
26 lines

Diff 172291

View Options

usr.sbin/bhyve/usb_mouse.c

Loading...