From df8406543fab98a6706bb41f3093863b93d92b91 Mon Sep 17 00:00:00 2001 From: Eric van Gyzen Date: Sat, 22 Jun 2019 01:20:45 +0000 Subject: [PATCH] VirtIO SCSI: validate seg_max on attach Until r349278, bhyve presented a seg_max to the guest that was too large. Detect this case and clamp it to the virtqueue size. Otherwise, we would fail the "too many segments to enqueue" assertion in virtqueue_enqueue(). I hit this by running a guest with a MAXPHYS of 256 KB. Reviewed by: bryanv cem MFC after: 1 week Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D20703 --- sys/dev/virtio/scsi/virtio_scsi.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/sys/dev/virtio/scsi/virtio_scsi.c b/sys/dev/virtio/scsi/virtio_scsi.c index ec98178d5697..6f2dfbcac5a4 100644 --- a/sys/dev/virtio/scsi/virtio_scsi.c +++ b/sys/dev/virtio/scsi/virtio_scsi.c @@ -81,6 +81,7 @@ static void vtscsi_read_config(struct vtscsi_softc *, struct virtio_scsi_config *); static int vtscsi_maximum_segments(struct vtscsi_softc *, int); static int vtscsi_alloc_virtqueues(struct vtscsi_softc *); +static void vtscsi_check_sizes(struct vtscsi_softc *); static void vtscsi_write_device_config(struct vtscsi_softc *); static int vtscsi_reinit(struct vtscsi_softc *); @@ -311,6 +312,8 @@ vtscsi_attach(device_t dev) goto fail; } + vtscsi_check_sizes(sc); + error = vtscsi_init_event_vq(sc); if (error) { device_printf(dev, "cannot populate the eventvq\n"); @@ -477,6 +480,26 @@ vtscsi_alloc_virtqueues(struct vtscsi_softc *sc) return (virtio_alloc_virtqueues(dev, 0, nvqs, vq_info)); } +static void +vtscsi_check_sizes(struct vtscsi_softc *sc) +{ + int rqsize; + + if ((sc->vtscsi_flags & VTSCSI_FLAG_INDIRECT) == 0) { + /* + * Ensure the assertions in virtqueue_enqueue(), + * even if the hypervisor reports a bad seg_max. + */ + rqsize = virtqueue_size(sc->vtscsi_request_vq); + if (sc->vtscsi_max_nsegs > rqsize) { + device_printf(sc->vtscsi_dev, + "clamping seg_max (%d %d)\n", sc->vtscsi_max_nsegs, + rqsize); + sc->vtscsi_max_nsegs = rqsize; + } + } +} + static void vtscsi_write_device_config(struct vtscsi_softc *sc) {