|Priority:||4 - Normal|
|Created by:||Patrick Mooney [X]|
|Reported by:||Patrick Mooney [X]|
|Assigned to:||Patrick Mooney [X]|
Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2018-04-05T19:40:05.908Z)
2018-04-12 Promised Land (Release Date: 2018-04-12)
When readying a ppt device for use in a guest instance, bhyve maps the memory-backed BARs into the guest address space. It does so using host-physical addresses of the BARs it queried from ppt. Presently there is nothing to verify that the desired guest mapping is backed by the PCI device in question. A rogue process could use this interface to map any physical memory into the guest. The ppt driver should restrict these mappings to the BARs it covers.
I tested these bits locally, passing through an instance of a chelsio NIC into a guest. Hans also tested with a GPU, reporting that the nvidia tests still ran fine with the change.
illumos-joyent commit 2a4abd31bb5e23749133489fd773b65cc6cb2ff1 (branch master, by Patrick Mooney)
OS-6855 bhyve ppt should verify BAR mappings
Reviewed by: Hans Rosenfeld <email@example.com>
Reviewed by: Jerry Jelinek <firstname.lastname@example.org>
Reviewed by: John Levon <email@example.com>
Approved by: John Levon <firstname.lastname@example.org>