Date: Mon, 26 Dec 2022 19:54:57 -0800 From: Mark Millard <marklmi@yahoo.com> To: "jrtc27@freebsd.org" <jrtc27@FreeBSD.org>, freebsd-current <freebsd-current@freebsd.org>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Cc: freebsd-arm <freebsd-arm@freebsd.org> Subject: RE: ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads (Should it have been MFC'd?) Message-ID: <C66820FD-6BEB-4A7A-8D98-0C6F2DDC9519@yahoo.com> References: <C66820FD-6BEB-4A7A-8D98-0C6F2DDC9519.ref@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Should the following have been MFC'd? (I ran into this while
looking to see why I see a boot message oddity on 13.* that
I do not see on main [so: 14]. There was a time when main
also produced the odd messages. But I'm not claiming that
this is what makes the difference. The oddity was observed
on aarch64 RPi4B's.)
author Jessica Clarke <jrtc27@FreeBSD.org>2022-01-15 19:03:53 +0000
committer Jessica Clarke <jrtc27@FreeBSD.org>2022-01-15 19:03:53 +0000
commit 4e3a43905e3ff7b9fcf228022f05d636f79c4b42 (patch)
tree b6be66e54604bb2c1fbdfde27bf8a6644e04fd05
parent 3266a0c5d5abe8dd14de8478edec3e878e4a1c0b (diff)
download src-4e3a43905e3ff7b9fcf228022f05d636f79c4b42.tar.gz
src-4e3a43905e3ff7b9fcf228022f05d636f79c4b42.zip
ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads
We do not include sys/rman.h and so machine/resource.h ends up not being =
included by the time pci_private.h is included. This means PCI_RES_BUS =
is never defined, and so the sc_bus member of pci_softc is not present =
when compiling ofw_pci, resulting in the wrong softc size being passed =
to DEFINE_CLASS_1 and thus any attempts by pci(4) to access that member =
are out-of-bounds reads or writes.
This is pretty fragile; arguably pci_private.h should be including =
sys/rman.h, but this is the minimal needed change to fix the bug whilst =
maintaining the status quo.
Found by: CHERI
Reported by: andrew=20
Diffstat
-rw-r--r-- sys/dev/ofw/ofw_pci.c 1
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/dev/ofw/ofw_pci.c b/sys/dev/ofw/ofw_pci.c
index 7f7aad379ddc..4bd6ccd64420 100644
--- a/sys/dev/ofw/ofw_pci.c
+++ b/sys/dev/ofw/ofw_pci.c
@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
#include <sys/bus.h>
#include <sys/kernel.h>
#include <sys/module.h>
+#include <sys/rman.h>
=20
#include <dev/pci/pcireg.h>
#include <dev/pci/pcivar.h>
(Note: leading whitespace might not be preserved.)
=3D=3D=3D
Mark Millard
marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C66820FD-6BEB-4A7A-8D98-0C6F2DDC9519>