Date: Thu, 25 Aug 2022 17:32:03 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 10affcbdac73 - stable/12 - bhyve: Validate host PAs used to map passthrough BARs. Message-ID: <202208251732.27PHW3PB046447@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=10affcbdac737429d8b14697a126ddb2b405917c commit 10affcbdac737429d8b14697a126ddb2b405917c Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2022-08-19 21:59:44 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-08-25 16:40:15 +0000 bhyve: Validate host PAs used to map passthrough BARs. Reject attempts to map host physical address ranges that are not subsets of a passthrough device's BAR into a guest. Reviewed by: markj, emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36238 (cherry picked from commit c94f30ea85b745a5137471876013f79689e0af03) --- sys/amd64/vmm/io/ppt.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/sys/amd64/vmm/io/ppt.c b/sys/amd64/vmm/io/ppt.c index 4de45ff6d6f9..ee60646db0e7 100644 --- a/sys/amd64/vmm/io/ppt.c +++ b/sys/amd64/vmm/io/ppt.c @@ -439,6 +439,23 @@ ppt_unassign_all(struct vm *vm) return (0); } +static bool +ppt_valid_bar_mapping(struct pptdev *ppt, vm_paddr_t hpa, size_t len) +{ + struct pci_map *pm; + pci_addr_t base, size; + + for (pm = pci_first_bar(ppt->dev); pm != NULL; pm = pci_next_bar(pm)) { + if (!PCI_BAR_MEM(pm->pm_value)) + continue; + base = pm->pm_value & PCIM_BAR_MEM_BASE; + size = (pci_addr_t)1 << pm->pm_size; + if (hpa >= base && hpa + len <= base + size) + return (true); + } + return (false); +} + int ppt_map_mmio(struct vm *vm, int bus, int slot, int func, vm_paddr_t gpa, size_t len, vm_paddr_t hpa) @@ -447,10 +464,17 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func, struct pptseg *seg; struct pptdev *ppt; + if (len % PAGE_SIZE != 0 || len == 0 || gpa % PAGE_SIZE != 0 || + hpa % PAGE_SIZE != 0 || gpa + len < gpa || hpa + len < hpa) + return (EINVAL); + error = ppt_find(vm, bus, slot, func, &ppt); if (error) return (error); + if (!ppt_valid_bar_mapping(ppt, hpa, len)) + return (EINVAL); + for (i = 0; i < MAX_MMIOSEGS; i++) { seg = &ppt->mmio[i]; if (seg->len == 0) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202208251732.27PHW3PB046447>