Created attachment 222945 [details]
Core Text Dump
The NTB driver panics the system when booting from the FreeBSD13-Beta4 USB image and after you have it installed unless you disable it.
FreeBSD xbox6 13.0-BETA4 FreeBSD 13.0-BETA4 #0 releng/13.0-n244592-e32bc253629: Fri Feb 26 06:17:34 UTC 2021
Add hint.ntb_hw.0.disabled="1" to /boot/loader.conf
Looks like the problem is that amd_ntb_init_isr() modifies ntb->hw_info->db_count, but ntb->hw_info is a pointer to read-only memory.
The bug seems to have come in with:
It probably went unnoticed since we did not enforce mapping protections for amd64 kernel modules until:
But since the hw_info table is global it seems incorrect for a driver attach routine to modify it.
I am definitely agree that ntb->hw_info->db_count assignment in amd_ntb_init_isr() is logically incorrect. May be it could be per-instance. I have documentation not hardware for the AMD NTB, but I guess the proper solution may instead be to implement multiple doorbells with single/few interrupt vectors instead of reducing their count. For example, PLX NTB driver uses single legacy IRQ to implement 16 doorbells. Changing number of doorbells depending on attach errors may cause a problem for upper layers, when they try to use expected number of doorbells and won't find them.