Date: Fri, 23 Oct 2020 15:27:26 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Ryan Moeller <freqlabs@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: Re: svn commit: r366965 - stable/12/usr.sbin/bhyve Message-ID: <20201023122726.GZ2643@kib.kiev.ua> In-Reply-To: <202010231048.09NAmEW8090391@repo.freebsd.org> References: <202010231048.09NAmEW8090391@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 23, 2020 at 10:48:14AM +0000, Ryan Moeller wrote: > Author: freqlabs > Date: Fri Oct 23 10:48:14 2020 > New Revision: 366965 > URL: https://svnweb.freebsd.org/changeset/base/366965 > > Log: > MFC r366771: > > bhyve: Update TX descriptor base address and host mapping on change > > bhyve sometimes segfaults when using an e1000 NIC with a Windows guest. > > We are only updating our tdba and cached host mapping when the low address > register is written and when tx is set enabled, but not when the high address > or length registers are written. It is observed that Windows 10 is occasionally > enabling tx first then writing the registers in the order low, high, len. This > leaves us with a bogus base address and mapping, which causes a segfault later > when we try to copy from a descriptor that has unpredictable garbage in a > pointer. > > Updating the address and mapping when any of those registers change seems to fix > that particular issue. Does this description mean that if guest writes garbage into base, it can crash monitor ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201023122726.GZ2643>