Date: Mon, 24 Dec 2018 17:24:39 -0800 From: Chuck Tuffli <chuck@tuffli.net> To: freebsd-emulation@freebsd.org, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: core dumps running in bhyve Message-ID: <CAM0tzX1SzErUO1eXuhiX8Swc7zrwDQz30bO3HfPAbyF3OM5RUQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Using the latest bhyve, I'm seeing core dumps in the guest when running:
nvmecontrol identify nvme0
against the emulated NVMe drive. The location of the core dump changes
from run to run, but I suspect the root cause is a memory corruption
caused by the transfer of the Identify data (4KB) back to the guest.
This transfer of data is actually a memcpy to an address returned from
vm_map_gpa() based on the physical address provided by the guest.
Based on the signature of one of the core dumps, I modified
nvmecontrol to always pass a 4KB aligned buffer to the driver instead
of the (typically) unaligned address of the structure on the stack.
With this change, nvmecontrol in the guest no longer core dumps. What
I don't understand is why this changes the behavior. Do the addresses
passed to vm_map_gpa() need to be page aligned? Or did moving the
memory location from the stack to the heap merely mitigate what is
corrupted?
Thoughts?
--chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM0tzX1SzErUO1eXuhiX8Swc7zrwDQz30bO3HfPAbyF3OM5RUQ>