207031 – ixv driver accesses offsets beyond the VF's PCI BAR

Bug 207031 - ixv driver accesses offsets beyond the VF's PCI BAR

Summary: ixv driver accesses offsets beyond the VF's PCI BAR

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-net (Nobody)

URL:
Keywords:	IntelNetworking, patch

Depends on:
Blocks:

Reported:	2016-02-08 22:27 UTC by Jeremiah
Modified:	2023-02-03 13:36 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Proposed patch (1.32 KB, patch) 2016-02-08 22:27 UTC, Jeremiah	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremiah 2016-02-08 22:27:06 UTC

Created attachment 166757 [details]
Proposed patch

The ixv driver incorrectly accesses the following non-VF registers: IXGBE_ERRBC and IXGBE_RXCSUM. The offset of these registers is actually larger than the VF's bar size, so it ends up overflowing and accessing the next BAR instead. This could cause issues, but by happenstance it ends up writing to an unused portion of the MSI-X table BAR of the VF, which seems to have no ill effect. Could cause problems if the pci layout were changed/different and definitely appears to be incorrect.

I attached a patch that removes these accesses. Removing the IXGBE_ERRBC access should be no problem. For IXGBE_RXCSUM I'm less sure, but I don't see any equivalent register to set in the VF register specification.

Comment 1 Piotr Kubaj freebsd_committer

2023-02-03 13:36:35 UTC

It looks like your patch is now mostly committed. The only part that is left is printing Error Byte Count, but that doesn't do any harm. Closing.