From nobody Tue Dec 27 04:21:27 2022 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nh1gs1Wtzz1Lkqv for ; Tue, 27 Dec 2022 04:21:45 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic315-8.consmr.mail.gq1.yahoo.com (sonic315-8.consmr.mail.gq1.yahoo.com [98.137.65.32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Nh1gr2pfDz3tbc for ; Tue, 27 Dec 2022 04:21:44 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yahoo.com header.s=s2048 header.b=PyflGyDQ; spf=pass (mx1.freebsd.org: domain of marklmi@yahoo.com designates 98.137.65.32 as permitted sender) smtp.mailfrom=marklmi@yahoo.com; dmarc=pass (policy=reject) header.from=yahoo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1672114902; bh=OO+RdfmwNO2UJG4xMFLyjjw5i+YqSt0w2siKzgQikbU=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject:Reply-To; b=PyflGyDQ+ahvQo02jGk0PQt3qK8jnm7zEeShiFuVnWcUStfk0ycteKGglKgLpp+FQv/Hfi7zw9btBzzoLqT74/xlGO33w6hyfUy/ODl0dY5q1IyUH5k3wiFVIVlSEB3JTLPF7vtqEb2CDmJN0On1ZJHBusQlszHAxyR5PCsOcwEL5VHqo7fiacSBkiKiY34Lqn/1W6FCEHrRDMepDYLJbhvrzzON9YQj84bg+TS10BV++dqhzDhkgbmYNGph0muIXpoo7geYIxYniAuyRdKdoXtMfVfOU0jZM8JD2r4Xlh1rUzUmXxk7ZFQDFepaSY27TDl8Ne2s5r7R8JXVgRE9Sg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1672114902; bh=6OBysDaPFPBYjrnorSerAOcMKScDU2BrWzoy/MPguoi=; h=X-Sonic-MF:Subject:From:Date:To:From:Subject; b=HeQ73Hev1kKsE3ndFbuLZf3cNRZzDNSxK1NIYTYtMLbQ28odYzfNso6OqeXb43nK7la8Ue8JsVf2PILGYGRos+u6Q3fEIPhp1/fyCkp2LfmLqQSuIs+u8Qgj2ePv1dLMuIhSFsj+HzGMHKnA4i6dxfkt5dQnbt9nfrEDjuhefqwdtgIrg0DSy8zWrqVWdXwx+6FGZNG8PPccyywa/9X9QXwt59d2kS3BMLpm8rUFHp/6Ae7WdthunaWEn/ZtfsFKmoLMXkTeGY23kF9WfD1sDu7Y7A4NQ19sK1P733b3RIPSdFTGjqxAh+3IA0vuMbTls9PvEfz3xa8Z1IPwx3JYGw== X-YMail-OSG: BT4c6fYVM1mmrJ4mMmrZwMTOiEDN1RBK.gDiDSF2lo5TfDR8RcHMkhr2mzfp148 xiyvFlFdYLQIPuUzNcOAU6wBGVJEOTJrS8K3LOeUJx5VqOu9DFjWy3fKKtgO8OtZMQFTaDdrvVEt gH0A3Rv5VbDRSfmxsQ9nv891xmwaglE96XxVAOSR7Fu1xOnXQGH68L05BCSxB_VrrakPhnDZ_.p6 r63l6TilNoIItsVw59ZuX4NZVa711dTN6oBvZiR7O55T8SzelS5alaLhOEwXk_3cBxJl2bLNwE.F 2XvPyI2PzNtJnbNWCaDzsf8Lt5xcX8qnNX850o7eO.cQgceHFhHYpH35QsCCxS3Ld_PoXaH39aUO YmdtA_dnmoKjfT6S1HmvoS4vx1xYf8Bt7wOOlPhWp7k9e.k3i0kuD3QA7C.rIdhknJDiGPqI.vT0 rAFldIADyu3UdaU8TXv6GnxaQA10xSw8NKNwiWOXz3SGgOIEen6WNPzYo8BG8AoQhRux4t4.C9n. 0v8Fb6X02HZW_5eWUjsUKWoqmS3fzrkEHaAfho72MAh0QUntk_rUfzrq.BIHMMIWnN8TlCcl1QDV nnBhXe2I55UGG8kUmVqzFGjYJS1R450t7wmFIJeH3pXiX1uOVlvtylkrLVe5osZXdFdLo2LNRBkf t.RnKHNMeruflYGx9Ds7EygeFhhu0EyDyZTVSejvD9b1LU7lcRMyMjaZB4wfLG2zoQP4m616VZtN kKSWzSqjJGR3iNbYqXyqS.miFZiDfBy4cnTsXzbul8e3NdAAl.5IL_0PKPd6e3hrn7Hr42x1cD8R ipYgGpdX.iKSq9goe116EDsIXm643EfXbw8CN3.yjh0j9B_4kajWprVXZSMU1aoqOcqk5mtTI_Zm zv5LBDB_MMjuug1FY8Vqfblkd2BuU6FZSOkxfPhFLvzhOAjNmAX4OWkFIkHjhGMo923FwVJoOXDm ScVAZ0spv8UjkglIWKWW11te9Hx69xZ1Sc7kXKYIkfXYVidfWiBhDfwJX7vgbyDLO4vwEGnA1bkK Dp3KYdRXvfRbKXRyobPgdJHk4g6VVg_dA13a8fsLX46cIgrcXPXPNFnd2_Ag9DGeLcZ2uaOd1iLS pNBfBb67pbZrSu.4rY24f5zH6N0Fvwqh1SEkzTxV1MqZVCmN6GEQn0OTzc2PDLL4Erz7L.ge.zkT us.CUtaffIGQntkGdXIAAJcRHUn9eYT_j2_NCfpNiBvCR.uAchcv9hODMuHEXeV3UhhMwbF_2t57 wrgULBdcVMo4V3cVi56KdV3HraRiC3P9itIYL8YA0FtGfUeSAd8gYXQewhAyDJZPHS.A98_q3NuP dkPjTVgXVVL8t8Iqlm3Yjn2SF25e1C8RAFvXj3TOXIipfLMBCxjbIGxDcilWy98pIC8YJYY9Xh3n KDUvPe41KJ5Us9IBudBdP5EbNmZOTJ2MF0Gf56VG_RJVBoTCjDYp4tF_01BvmNxj9fIYaeCHLH4W LhXDTI9wXG8ejzTY2mt_Id9q8Q1ijp5Tm9lkyU3A02GHmSes4exCFtgNWXya1.OrM80WQquzYwaB Rc7lbn.NMk7NiccsAKD8dWeLG12vZIPrT2sXX7eKTAEpP6Spe4HFVd7kgfs7luopvL7t_Zpw9JGk .yAx1cKP.abIjxe_Xa9vrgto0LveHDe2CwlT.4igorG3S_3Xjw4IkrrxGHCQH1myut3nRDjmTk4Z KVVtsku4Q18z9AptehWaOcI.80sTn1_IQnfj79UxvcB66MnNeW5E0mhI6A.KH7cqI9nj5fIbhMBg IUSM2O9gY0C5tydQQMC_Klen5VQX33SqNfwEKVyAWW.v7hs5LcgRQ4t9nLiJgYr4s4Tm8cy8DiLC 7WcKnB9LQi2r88pv7nwGQQbEB6euBvmOoTrUYC0oCQ7EdOcxWvEPjlUiiPRlim5zO6sRkgRFWKCW BKid4fTrgEAbqYvHmgElFtp5W2zl7l1OHMqhiz.c.7lPiQOycOwiuDRC2gMqgvxPXGhpk8ZcC0mT nJybhbvoX7avhh0Mwf2Yk3nlkimkjVu0s._Epz_5iG7_aknzr9UC5iBYK_mn2rFqat6217GgKYrY QAAM7zCEgMME0tJoEn2c7AM8OM9Ysva.6UdxtHkwcPJqMY_YkpyOY7JZLgkhu7PkMXZH.zJOhuXi m.wb_3YDyFY6xQ.LB8haBNwpeepN4GE.U4u7ZzpWyTnLdkaTrwiFZ3QTZQbZOZIYttUi.Y_d3Ice _QNLwT30ts1YhAA0wgjybC.JTuTd5NHe5ImuKsHOL3n9s9JJK8IAWiM8ot606FFtkIRR32NBx7yA ZflIpFn8- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.gq1.yahoo.com with HTTP; Tue, 27 Dec 2022 04:21:42 +0000 Received: by hermes--production-bf1-5458f64d4-46wzk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 0a79607a9a26acb1091b4051c31df28a; Tue, 27 Dec 2022 04:21:39 +0000 (UTC) Content-Type: text/plain; charset=us-ascii List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\)) Subject: Re: ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads (Should it have been MFC'd?) From: Mark Millard In-Reply-To: Date: Mon, 26 Dec 2022 20:21:27 -0800 Cc: freebsd-arm Content-Transfer-Encoding: quoted-printable Message-Id: References: To: "jrtc27@freebsd.org" , freebsd-current , FreeBSD-STABLE Mailing List X-Mailer: Apple Mail (2.3731.300.101.1.3) X-Spamd-Result: default: False [-1.54 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_SPAM_SHORT(0.96)[0.955]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; DWL_DNSWL_NONE(0.00)[yahoo.com:dkim]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[98.137.65.32:from]; FREEMAIL_FROM(0.00)[yahoo.com]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[]; DKIM_TRACE(0.00)[yahoo.com:+]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org] X-Rspamd-Queue-Id: 4Nh1gr2pfDz3tbc X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N On Dec 26, 2022, at 19:54, Mark Millard wrote: > Should the following have been MFC'd? (I ran into this while > looking to see why I see a boot message oddity on 13.* that > I do not see on main [so: 14]. There was a time when main > also produced the odd messages. But I'm not claiming that > this is what makes the difference. The oddity was observed > on aarch64 RPi4B's.) >=20 Never mind. I got myself confused over the history. 13.* does not have the file at all. > author Jessica Clarke 2022-01-15 19:03:53 +0000 > committer Jessica Clarke 2022-01-15 19:03:53 +0000 > commit 4e3a43905e3ff7b9fcf228022f05d636f79c4b42 (patch) > tree b6be66e54604bb2c1fbdfde27bf8a6644e04fd05 > parent 3266a0c5d5abe8dd14de8478edec3e878e4a1c0b (diff) > download src-4e3a43905e3ff7b9fcf228022f05d636f79c4b42.tar.gz > src-4e3a43905e3ff7b9fcf228022f05d636f79c4b42.zip >=20 > ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds = reads >=20 > We do not include sys/rman.h and so machine/resource.h ends up not = being included by the time pci_private.h is included. This means = PCI_RES_BUS is never defined, and so the sc_bus member of pci_softc is = not present when compiling ofw_pci, resulting in the wrong softc size = being passed to DEFINE_CLASS_1 and thus any attempts by pci(4) to access = that member are out-of-bounds reads or writes. >=20 > This is pretty fragile; arguably pci_private.h should be including = sys/rman.h, but this is the minimal needed change to fix the bug whilst = maintaining the status quo. >=20 > Found by: CHERI > Reported by: andrew=20 >=20 >=20 > Diffstat > -rw-r--r-- sys/dev/ofw/ofw_pci.c 1 > 1 files changed, 1 insertions, 0 deletions >=20 > diff --git a/sys/dev/ofw/ofw_pci.c b/sys/dev/ofw/ofw_pci.c > index 7f7aad379ddc..4bd6ccd64420 100644 > --- a/sys/dev/ofw/ofw_pci.c > +++ b/sys/dev/ofw/ofw_pci.c > @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$"); > #include > #include > #include > +#include >=20 > #include > #include >=20 >=20 >=20 >=20 > (Note: leading whitespace might not be preserved.) =3D=3D=3D Mark Millard marklmi at yahoo.com