Date: Tue, 25 Nov 2025 09:22:00 +0000 From: Ruslan Bukin <br@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 64ee9c166ce5 - main - em(4): fix capability bounds needed to access checksum context. Message-ID: <69257538.2f1ed.5e0428f9@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by br: URL: https://cgit.FreeBSD.org/src/commit/?id=64ee9c166ce5e807e575d205ac2e15cc5cf6581b commit 64ee9c166ce5e807e575d205ac2e15cc5cf6581b Author: Ruslan Bukin <br@FreeBSD.org> AuthorDate: 2025-11-25 09:16:39 +0000 Commit: Ruslan Bukin <br@FreeBSD.org> CommitDate: 2025-11-25 09:20:03 +0000 em(4): fix capability bounds needed to access checksum context. Ensure the offp capability bounds cover entire struct with checksum fields. This is needed for CHERI systems to avoid bounds violation trap, as otherwise offp allowed to dereference 4 bytes of csum_flags field only so bzero failed. Tested on ARM Morello. Reviewed by: kbowling Discussed with: jrtc27 Sponsored by: CHERI Research Centre Differential Revision: https://reviews.freebsd.org/D53903 --- sys/dev/e1000/if_em.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/e1000/if_em.c b/sys/dev/e1000/if_em.c index bc841ba87ceb..7d7655a7ae6f 100644 --- a/sys/dev/e1000/if_em.c +++ b/sys/dev/e1000/if_em.c @@ -3638,7 +3638,7 @@ em_initialize_transmit_unit(if_ctx_t ctx) bus_addr = txr->tx_paddr; /* Clear checksum offload context. */ - offp = (caddr_t)&txr->csum_flags; + offp = (caddr_t)txr + offsetof(struct tx_ring, csum_flags); endp = (caddr_t)(txr + 1); bzero(offp, endp - offp);help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69257538.2f1ed.5e0428f9>