OS-6855: bhyve ppt should verify BAR mappings

Details

Issue Type:Bug
Priority:4 - Normal
Status:Resolved
Created at:2018-03-30T06:54:51.386Z
Updated at:2018-04-05T19:40:05.920Z

People

Created by:Patrick Mooney [X]
Reported by:Patrick Mooney [X]
Assigned to:Patrick Mooney [X]

Resolution

Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2018-04-05T19:40:05.908Z)

Fix Versions

2018-04-12 Promised Land (Release Date: 2018-04-12)

Related Links

Labels

bhyve

Description

When readying a ppt device for use in a guest instance, bhyve maps the memory-backed BARs into the guest address space. It does so using host-physical addresses of the BARs it queried from ppt. Presently there is nothing to verify that the desired guest mapping is backed by the PCI device in question. A rogue process could use this interface to map any physical memory into the guest. The ppt driver should restrict these mappings to the BARs it covers.

Comments

Comment by Patrick Mooney [X]
Created at 2018-04-05T14:48:19.567Z

I tested these bits locally, passing through an instance of a chelsio NIC into a guest. Hans also tested with a GPU, reporting that the nvidia tests still ran fine with the change.


Comment by Jira Bot
Created at 2018-04-05T19:36:40.084Z

illumos-joyent commit 2a4abd31bb5e23749133489fd773b65cc6cb2ff1 (branch master, by Patrick Mooney)

OS-6855 bhyve ppt should verify BAR mappings
Reviewed by: Hans Rosenfeld <hans.rosenfeld@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>
Approved by: John Levon <john.levon@joyent.com>