143 lines
5.4 KiB
Text
143 lines
5.4 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-20:13.bhyve Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Host crash in bhyve with PCI device passthrough
|
|
|
|
Category: core
|
|
Module: bhyve
|
|
Announced: 2020-07-08
|
|
Credits: Peter Grehan
|
|
Affects: FreeBSD 12.1
|
|
Corrected: 2020-06-01 05:14:01 UTC (stable/12, 12.1-STABLE)
|
|
2020-07-08 19:56:34 UTC (releng/12.1, 12.1-RELEASE-p7)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
bhyve(8) is a hypervisor that supports running a variety of guest operating
|
|
systems in virtual machines. bhyve(8) includes support for PCI devices
|
|
passthrough (a technique to pass host PCI devices to a virtual machine for its
|
|
exclusive control and use).
|
|
|
|
II. Problem Description
|
|
|
|
When an attempt is made to pass through a PCI device to a bhyve(8) VM (causing
|
|
initialization of IOMMU) on certain Intel chipsets using VT-d the PCI bus
|
|
stops working entirely resulting in a host crash. This issue occurs at least
|
|
on the Intel Skylake series processors and those released later.
|
|
|
|
A device passed through to a guest VM running OpenBSD at least since version
|
|
6.4 on both AMD and Intel processors may not fully work in the guest. OpenBSD
|
|
issues 4-byte PCI configuration-space register reads and writes to consecutive
|
|
2-byte fields, which were not handled correctly by bhyve(8).
|
|
|
|
III. Impact
|
|
|
|
These issues prevent using bhyve in production with some combinations of host
|
|
hardware and/or guest operating system.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available. Systems not using bhyve(8) for virtualization
|
|
with PCI passthrough are not affected.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date and reboot.
|
|
|
|
Perform one of the following:
|
|
|
|
1) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
# shutdown -r +10min "Rebooting for errata update"
|
|
|
|
The first problem requires a reboot as the affected part is the kernel.
|
|
|
|
The second problem does not require a reboot as the affected part is the
|
|
bhyve userland executable.
|
|
|
|
2) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:13/bhyve.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:13/bhyve.patch.asc
|
|
# gpg --verify bhyve.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
d) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r361686
|
|
releng/12.1/ r363022
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229852>
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245392>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:13.bhyve.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8GLjVfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cKMwQ/9HxrcUNvL8myn512t+drnCnDg/lNL2cqlc53VyDsvwesgXbGA3k1pQsyV
|
|
VLB2jn56+EWcq0b1eieLavK77YtdrbEfa72YOlTd576586VRroUC3d4o6eaAHKHS
|
|
Hzm/Qh5cQM46065Eoshz8T+N1/RNmU0ANS19ogBmogqhbJwwQUSr402a/BGrTES+
|
|
+rx4ywmTOrmXxVQwAlRHp1/7pQ5PL3cK2ByYzuFjKjzNX3scHoMxOul2TC1bYwj6
|
|
IhBT7NNxQuY/g7gxGM/ndifOiJtAlsxJdccWxZAMdYv3mzhnM2vqCmdz8KjB7UKH
|
|
2XOKB1RwSq0b1FBsur8Z0Pg6AlIRcNW952mAn2UJxx9mh/oCSj0sqtdmAKu0EO1e
|
|
Vn6+psOffB28ITvdBsf7D/3ixM8+jdAogFzW00iGPppF02QwM6FVxa3+mogOVtsv
|
|
R+Fu381qwQmqvMtAEXOxQ6NiAk3fTan+VuEDB8FnYPEs5JkWef/fn4SPRUrr04hY
|
|
yTkX8F3XID2XdSMTgJllQzhf1uCK3QT77Y0BcPJH+NPZIZiyKkROxqnpS7LGFlEs
|
|
v8dLXTOFnaHfdrjefB/QCwLMTcX1AfN1n0OxQigtwKC1rvKHweaqZBEujtDmyMOm
|
|
uFXhQjoT3o29i1O139Q/3yINEbVYn6U5INrW5ZUGt1nm/wL9PuA=
|
|
=mH7Y
|
|
-----END PGP SIGNATURE-----
|