bhyve: Correct unmapping of the MSI-X table BAR

The starting address passed to mprotect was wrong, so in the case where the last page containing the table is not the last page of the BAR, the wrong region would be unmapped. Reported by: Andy Fiddaman <andy@omniosce.org> Reviewed by: jhb Fixes: 7fa2335347 ("bhyve: Map the MSI-X table unconditionally for passthrough") MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33739
2022-01-05 10:08:13 -05:00 · 2022-01-05 10:08:13 -05:00 · 4558c11f1b
commit 4558c11f1b
parent 76b45e688a
1 changed files with 3 additions and 2 deletions
--- a/usr.sbin/bhyve/pci_passthru.c
+++ b/usr.sbin/bhyve/pci_passthru.c
@ -462,7 +462,7 @@ init_msix_table(struct vmctx *ctx, struct passthru_softc *sc)
 	table_size = roundup2(table_size, 4096);

 	/*
-	 * Unmap any pages not covered by the table, we do not need to emulate
+	 * Unmap any pages not containing the table, we do not need to emulate
 	 * accesses to them.  Avoid releasing address space to help ensure that
 	 * a buggy out-of-bounds access causes a crash.
 	 */
@ -471,7 +471,8 @@ init_msix_table(struct vmctx *ctx, struct passthru_softc *sc)
 		    PROT_NONE) != 0)
 			warn("Failed to unmap MSI-X table BAR region");
 	if (table_offset + table_size != pi->pi_msix.mapped_size)
-		if (mprotect(pi->pi_msix.mapped_addr,
+		if (mprotect(
+		    pi->pi_msix.mapped_addr + table_offset + table_size,
 		    pi->pi_msix.mapped_size - (table_offset + table_size),
 		    PROT_NONE) != 0)
 			warn("Failed to unmap MSI-X table BAR region");