9f678cfc chuck Aug. 14, 2022, 4:59 p.m.
Code was using the mask value without the shift.

Test Plan: Within FreeBSD/Linux guest, Identify NVMe controller to check the result.

Reviewed by:	chuck, imp
MFC after:	2 weeks
Signed-off-by:	Wanpeng Qian <wanpengqian@gmail.com>
Differential Revision: https://reviews.freebsd.org/D32659
3cae1004 chuck Aug. 14, 2022, 4:59 p.m.
Currently Active Firmware Info is not initialized.

Fix is to initialize the Active Firmware Info to Slot 1.

Test Plan: Within FreeBSD/Linux guests, show the Firmware Logpage to confirm.

Reviewed By:	chuck
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D32658
eae0210c chuck Aug. 14, 2022, 4:59 p.m.
Set Number of Power States Supported to indicate 1 power state. Keep the
Power State Descriptor data structures as zero to indicate "Not

Test Plan:
Within FreeBSD/Linux guests, list the number of power states and check
the Max Power value.

Reviewed By:	markj, chuck
MFC after:	2 weeks
Signed-off-by:	Wanpeng Qian <wanpengqian@gmail.com>
Differential Revision: https://reviews.freebsd.org/D32657
2889cbe2 adrian Aug. 14, 2022, 4:48 p.m.
Summary: This returns whether the given 802.11 frame has the protected bit set.

Test Plan:
* tested in AP/STA mode
* STA mode - local athp/ath10k driver
* AP mode - in tree ath driver

Subscribers: imp, melifaro, glebius
Reviewed by: bz
Approved by: bz

Differential Revision: https://reviews.freebsd.org/D36183
016aeb7c schweikh Aug. 14, 2022, 4:14 p.m.
b6ecef28 markj Aug. 14, 2022, 3:59 p.m.
The debug print in nvme_opc_get_log_page() would print an uninitialized
local variable.

In nvme_opc_write_read(), a failed LBA bounds check would cause
pci_nvme_stats_write_read_update() to be called with an uninitialized
variable as a parameter.  Although the parameter is unused when the
check fails (and so status != 0), LLVM 14 emits some bogus machine code
in this path, which happens to result in a segfault when it gets

PR:		265749
Reviewed by:	chuck, emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36119
af86d12c markj Aug. 14, 2022, 3:56 p.m.
Currently these are not reported because bhyve is compiled with WARNS=2.
Let's start taking small steps towards enabling more warnings.

No functional change intended.

Reviewed by:	chuck, imp, emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36118
008475d3 kib Aug. 14, 2022, 3:11 p.m.
Commit 24d0c9c1f565bab6e introduced the following regression:
% ldd /bin/ls
        libutil.so.9 => /lib/libutil.so.9 (0x1021000)
        libncursesw.so.9 => /lib/libncursesw.so.9 (0x1021000)
        libc.so.7 => /lib/libc.so.7 (0x1021000)
Note that the base address is the same for all displayed libraries.

Fix it by passing correct object to trace_print_obj().

Fixes:	24d0c9c1f565bab6e
Reviewed by:	jrtc27
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D36198
7376c08c chuck Aug. 14, 2022, 2:53 p.m.
The Dataset Management code could free an uninitialized pointer if the
device doesn't support the Dataset Management command.

PR:		264548
Reported by:	Robert Morris <rtm@lcs.mit.edu>
d7d1beca chuck Aug. 14, 2022, 2:47 p.m.
Fuzzing of bhyve uncovered an assertion failure in the NVMe emulation.
Investigation uncovered several corner cases the code did not handle.
This change handles several Controller initialization errors, including
 - bad AQ sizes
 - bad AQ vm_map_gpa
 - doorbell writes prior to RDY
 - doorbell writes to uninitialized queue
 - CSTS.RDY if CFS set

PR:		256317,256319,256320,256322
Reported by:	Cheolwoo Myung <cwmyung@snu.ac.kr>
Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D35453
3d367862 chuck Aug. 14, 2022, 2:45 p.m.
Fuzzing of bhyve using hyfuzz discovered a way to cause a segmentation
fault in the NVMe emulation. If a guest specifies a physical address in
either the PRP1 or PRP2 field of a command that cannot be mapped from
guest to host, the function paddr_guest2host() returns a NULL pointer.
The NVMe emulation did not check for this error case, which allowed for
the segmentation fault to occur.

Fix is to check for a return value of NULL and indicate an error back to
the guest (Data Transfer error). While in the area, slightly refactor
the write/read blockif function to use a common error exit path.

PR:		256321
Reported by:	Cheolwoo Myung <cwmyung@snu.ac.kr>
Reviewed by:	imp, jhb
Differential Revision:	https://reviews.freebsd.org/D35452
8b55a471 schweikh Aug. 14, 2022, 1:55 p.m.
e67af79c schweikh Aug. 14, 2022, 1:43 p.m.
4ee44ffc schweikh Aug. 14, 2022, 1:17 p.m.
825225e5 schweikh Aug. 14, 2022, 1:02 p.m.