[Bug 265749] bhyve NVMe emulation after LLVM 14 import to CURRENT

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265749] bhyve NVMe emulation after LLVM 14 import to CURRENT"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265749] bhyve NVMe emulation panic after LLVM 14 import to CURRENT"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265749] bhyve NVMe emulation panic after LLVM 14 import to CURRENT"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265749] bhyve NVMe emulation panic after LLVM 14 import to CURRENT"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265749] bhyve NVMe emulation panic after LLVM 14 import to CURRENT"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 10 Aug 2022 04:18:41 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265749

            Bug ID: 265749
           Summary: bhyve NVMe emulation after LLVM 14 import to CURRENT
           Product: Base System
           Version: CURRENT
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bhyve
          Assignee: virtualization@FreeBSD.org
          Reporter: editor@callfortesting.org

The bhyve NVMe emulation has long passed the NVMe compliance test suite but
that is no longer the case as of the import of LLVM 14 into FreeBSD CURRENT.

To reproduce:

13.0R and 13.1 behavior:

Attach a 1GB disk image with backing store type "nvme" which should appear as
"nvd0/nvme0", run this command:

nvmecontrol io-passthru -o 0x2 -l 4096 -4 0x2ffff0 -r nvme0ns1

Result:

nvme_opc_write_read command would exceed LBA range(slba=0x2ffff0 nblocks=0x1)
nvme0: READ sqid:2 cid:127 nsid:1 lba:3145712 len:1
nvme0: LBA OUT OF RANGE (00/80) sqid:2 cid:127 cdw0:0

On 14-CURRENT after the LLVM 14 import, the bhyve process panics without a core
dump, and attaching lldb results in (bhyve PID 9800):

Process 9800 stopped
* thread #52, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid address
(fault address: 0xb8)
    frame #0: 0x0000396779935c8b bhyve`pci_nvme_read(ctx=0x000039710c91a500,
vcpu=0, pi=0x0000000000000000, baridx=-1985581039, offset=0, size=0) at
pci_nvme.c:3035:34
   3032 pci_nvme_read(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, int
baridx,
   3033     uint64_t offset, int size)
   3034 {
-> 3035         struct pci_nvme_softc* sc = pi->pi_arg;
   3036
   3037         if (baridx == pci_msix_table_bar(pi) ||
   3038             baridx == pci_msix_pba_bar(pi)) {
(lldb) bt
* thread #52, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid address
(fault address: 0xb8)
  * frame #0: 0x0000396779935c8b bhyve`pci_nvme_read(ctx=0x000039710c91a500,
vcpu=0, pi=0x0000000000000000, baridx=-1985581039, offset=0, size=0) at
pci_nvme.c:3035:34
    frame #1: 0x5ae6c31489a67011
    frame #2: 0x000039677992eaca bhyve`pci_emul_mem_handler(ctx=<unavailable>,
vcpu=<unavailable>, dir=<unavailable>, addr=<unavailable>, size=<unavailable>,
val=<unavailable>, arg1=0x0000396fa69aa800, arg2=0) at pci_emul.c:498:4
    frame #3: 0x000039677991f8a9 bhyve`mem_write(ctx=0x0000396fa6978800,
vcpu=<unavailable>, gpa=3221229576, wval=1, size=4, arg=<unavailable>) at
mem.c:165:10
    frame #4: 0x000039677994d30f bhyve`vmm_emulate_instruction [inlined]
emulate_mov(vm=0x0000396fa6978800, vcpuid=0, gpa=3221229576, vie=<unavailable>,
memread=<unavailable>, memwrite=(bhyve`mem_write at mem.c:161),
arg=<unavailable>) at vmm_instruction_emul.c:0:10
    frame #5: 0x000039677994d1e5
bhyve`vmm_emulate_instruction(vm=0x0000396fa6978800, vcpuid=0, gpa=3221229576,
vie=<unavailable>, paging=<unavailable>, memread=<unavailable>,
memwrite=(bhyve`mem_write at mem.c:161), memarg=0x0000396fa696f878) at
vmm_instruction_emul.c:1790:11
    frame #6: 0x000039677991f364 bhyve`emulate_mem_cb(ctx=<unavailable>,
vcpu=<unavailable>, paddr=<unavailable>, mr=<unavailable>, arg=<unavailable>)
at mem.c:241:10
    frame #7: 0x000039677991f264 bhyve`access_memory(ctx=0x0000396fa6978800,
vcpu=0, paddr=3221229576, cb=(bhyve`emulate_mem_cb at mem.c:237),
arg=0x000039712d3f0eb0) at mem.c:218:8
    frame #8: 0x000039677991f17f bhyve`emulate_mem(ctx=0x0000396fa6978800,
vcpu=<unavailable>, paddr=<unavailable>, vie=0x000039710c935188,
paging=0x000039710c935170) at mem.c:254:10
    frame #9: 0x0000396779912fd3 bhyve`vmexit_inst_emul(ctx=0x0000396fa6978800,
vmexit=0x000039710c935140, pvcpu=0x000039712d3f0f2c) at bhyverun.c:852:8
    frame #10: 0x00003967799129b3 bhyve`vm_loop(ctx=0x0000396fa6978800, vcpu=0,
startrip=<unavailable>) at bhyverun.c:987:8
    frame #11: 0x0000396779911374
bhyve`fbsdrun_start_thread(param=0x0000396fa69841b0) at bhyverun.c:542:2
    frame #12: 0x0000396fa3db296a
libthr.so.3`thread_start(curthread=0x000039710c91a500) at thr_create.c:292:16

-- 
You are receiving this mail because:
You are the assignee for the bug.