-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-25:20.vmm Errata Notice
The FreeBSD Project
Topic: bhyve(8) PCI passthru regression
Category: core
Module: vmm
Announced: 2025-12-16
Affects: FreeBSD 15.0
Corrected: 2025-12-15 15:47:23 UTC (stable/15, 15.0-STABLE)
2025-12-16 23:43:00 UTC (releng/15.0, 15.0-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
vmm(4) is a kernel module which provides an interface to hardware
virtualization capabilities. It is the kernel-side counterpart to bhyve(8).
PCI passthru is a feature of bhyve(8) on amd64 which allows a PCIe device, such
as a network interface or GPU, to be effectively detached from the host system
and passed directly into a guest virtual machine, allowing the guest to control
the physical hardware.
II. Problem Description
Some refactoring of the vmm(4) code introduced a regression in the portion
of the module which creates IOMMU mappings of guest memory.
III. Impact
The bug could cause PCI passthrough to not work as expected.
IV. Workaround
No workaround is available. Users not using bhyve(8) with PCI passthrough are
unaffected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r now
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-25:20/vmm.patch
# fetch https://security.FreeBSD.org/patches/EN-25:20/vmm.patch.asc
# gpg --verify vmm.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/15/ 4f7436bf297b stable/15-n281529
releng/15.0/ 04e9f1aab83a releng/15.0-n280997
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290920>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:20.vmm.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+b0ACgkQbljekB8A
Gu94Og//V+/8PQJEF9OxtyaDRsgoC2NmHDDdYW4RnwG6uxSCHhSLO8LUH1XjmWWb
c54Miuk6Xqh1D54D3Ppmr62nFKEhhqihDIZ28JTp67pvrJIFFUC5DXGTVcAUKzOG
O/6jNJST82SFmfUHu6ntHWwRkaOW7LjUdBnH8pj3JetlseRtYghiWX6Y2Ql5XDfB
AQF18mnxicXAg/PkI00iLqqkXaolAM29G2Io/KsdwMZZtL9RrFHKOlekX5iIyIBz
TOm+7hpLznKbNEpybdknphc3VpjG9aaJyoDMqjkuZ/wJSUusFDMNpO3vpggnTS5D
Yiu9yOGZb1nFEorfRco25Lh06FURaMb6t2lQFdmBg2ade1tiqR8E0CNdEBJIgjU+
v6qZw7ayLTnfExvHyeHYxgVWpHp9eUpxMITiO7wt03BiEQvmmsnAMFSx2f5+Cvcy
Q3eddVsJ0S4pS9mhUBAfrUxvDikXj2sQ2fKs3niB5xzk3z6XzC1Ukf6XlGtOyH0J
PnMwZXRBChgaFwCzMwTdZpw2pZiVcWdsuLy24ecUWp9OUDGlfUG3heIbZBfSrdjz
VeUo8Mv+gmwVAeOcYZxJLbNftNwjtKIVvjbs/Dx30g8hiGck7QpdBLTOmLQouUx+
1GcguiXe6fhsf15aywvEM/Okt+g2X4jDArhYM3xF4dZGSoX7RpY=
=8iiC
-----END PGP SIGNATURE-----
No comments:
Post a Comment