From 60dc6bee1f4877ecd4de7fc2678ccc241eff2705 Mon Sep 17 00:00:00 2001 From: Ryan Moeller Date: Fri, 16 Oct 2020 20:27:20 +0000 Subject: [PATCH] bhyve: Update TX descriptor base address and host mapping on change bhyve sometimes segfaults when using an e1000 NIC with a Windows guest. We are only updating our tdba and cached host mapping when the low address register is written and when tx is set enabled, but not when the high address or length registers are written. It is observed that Windows 10 is occasionally enabling tx first then writing the registers in the order low, high, len. This leaves us with a bogus base address and mapping, which causes a segfault later when we try to copy from a descriptor that has unpredictable garbage in a pointer. Updating the address and mapping when any of those registers change seems to fix that particular issue. Reviewed by: mav, grehan (bhyve) MFC after: 1 week Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D26798 --- usr.sbin/bhyve/pci_e82545.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr.sbin/bhyve/pci_e82545.c b/usr.sbin/bhyve/pci_e82545.c index c24c7f88aad..2d09c024f25 100644 --- a/usr.sbin/bhyve/pci_e82545.c +++ b/usr.sbin/bhyve/pci_e82545.c @@ -1701,18 +1701,18 @@ e82545_write_register(struct e82545_softc *sc, uint32_t offset, uint32_t value) break; case E1000_TDBAL(0): sc->esc_TDBAL = value & ~0xF; - if (sc->esc_tx_enabled) { - /* Apparently legal */ + if (sc->esc_tx_enabled) e82545_tx_update_tdba(sc); - } break; case E1000_TDBAH(0): - //assert(!sc->esc_tx_enabled); sc->esc_TDBAH = value; + if (sc->esc_tx_enabled) + e82545_tx_update_tdba(sc); break; case E1000_TDLEN(0): - //assert(!sc->esc_tx_enabled); sc->esc_TDLEN = value & ~0xFFF0007F; + if (sc->esc_tx_enabled) + e82545_tx_update_tdba(sc); break; case E1000_TDH(0): //assert(!sc->esc_tx_enabled); -- 2.45.0