From owner-freebsd-bugs@freebsd.org Mon Feb 8 22:27:06 2016 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B1B7AA19B5 for ; Mon, 8 Feb 2016 22:27:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3D6EA1F79 for ; Mon, 8 Feb 2016 22:27:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u18MR6x1042425 for ; Mon, 8 Feb 2016 22:27:06 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 207031] ixv driver accesses offsets beyond the VF's PCI BAR Date: Mon, 08 Feb 2016 22:27:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jlott@averesystems.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2016 22:27:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207031 Bug ID: 207031 Summary: ixv driver accesses offsets beyond the VF's PCI BAR Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: jlott@averesystems.com Created attachment 166757 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166757&action= =3Dedit Proposed patch The ixv driver incorrectly accesses the following non-VF registers: IXGBE_E= RRBC and IXGBE_RXCSUM. The offset of these registers is actually larger than the VF's bar size, so it ends up overflowing and accessing the next BAR instead. This could cause issues, but by happenstance it ends up writing to an unused portion of the MSI-X table BAR of the VF, which seems to have no ill effect. Could cause problems if the pci layout were changed/different and definitely appears to be incorrect. I attached a patch that removes these accesses. Removing the IXGBE_ERRBC ac= cess should be no problem. For IXGBE_RXCSUM I'm less sure, but I don't see any equivalent register to set in the VF register specification. --=20 You are receiving this mail because: You are the assignee for the bug.=