Page MenuHomeFreeBSD

generic_ehci_fdt: fix driver softc size
ClosedPublic

Authored by mhorne on Mon, Jun 29, 6:12 PM.
Tags
None
Referenced Files
F161380177: D57951.diff
Fri, Jul 3, 6:56 AM
F161369016: D57951.id180987.diff
Fri, Jul 3, 5:19 AM
Unknown Object (File)
Thu, Jul 2, 9:11 PM
Unknown Object (File)
Thu, Jul 2, 4:40 PM
Unknown Object (File)
Thu, Jul 2, 10:10 AM
Unknown Object (File)
Thu, Jul 2, 10:10 AM
Unknown Object (File)
Thu, Jul 2, 10:10 AM
Unknown Object (File)
Thu, Jul 2, 10:10 AM
Subscribers

Details

Summary

This subclass declares its own softc structure adding necessary members
after the embedded ehci_softc_t. The full size of the struct must be
included in the driver declaration, otherwise the allocation backing the
softc is not guaranteed to be large enough.

Reported by: KASAN

Test Plan

Testing the RISC-V KASAN implementation, I got this report:

ehci0: <Generic EHCI Controller> mem 0x4101000-0x41010ff irq 34 on simplebus0
panic: ASan: Invalid access, 8-byte write at 0xffffffc002ba7598, MallocRedZone(fb)
cpuid = 0
time = 1
KDB: stack backtrace:
db_trace_self() at db_trace_self
db_trace_self_wrapper() at db_trace_self_wrapper+0xd6
kdb_backtrace() at kdb_backtrace+0x118
vpanic() at vpanic+0x164
panic() at panic+0x8e
kasan_report() at kasan_report+0xd8
__asan_store8_noabort() at __asan_store8_noabort+0xee
generic_ehci_fdt_attach() at generic_ehci_fdt_attach+0xc2
device_attach() at device_attach+0x764
bus_generic_new_pass() at bus_generic_new_pass+0x1f2
bus_generic_new_pass() at bus_generic_new_pass+0x13e
bus_generic_new_pass() at bus_generic_new_pass+0x13e
bus_generic_new_pass() at bus_generic_new_pass+0x13e
root_bus_configure() at root_bus_configure+0x44
configure() at configure+0xc
mi_startup() at mi_startup+0x25a
va() at va+0x7c
KDB: enter: panic

With this change, accesses to e.g. sc->clk_list no longer trigger the KASAN failure.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jrtc27 added a subscriber: jrtc27.

Fixes: 7a58744fd0f1 ("Split out the attachment from the generic-ehci driver")

This revision is now accepted and ready to land.Mon, Jun 29, 6:24 PM
This revision was automatically updated to reflect the committed changes.