Page MenuHomeFreeBSD

rsu: Don't modify read-only firmware block.
ClosedPublic

Authored by jhb on Dec 30 2020, 6:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 18, 9:55 PM
Unknown Object (File)
Fri, Jan 17, 3:37 PM
Unknown Object (File)
Dec 10 2024, 6:13 PM
Unknown Object (File)
Nov 27 2024, 10:33 AM
Unknown Object (File)
Nov 25 2024, 2:47 AM
Unknown Object (File)
Nov 16 2024, 11:04 AM
Unknown Object (File)
Nov 16 2024, 8:41 AM
Unknown Object (File)
Nov 14 2024, 2:59 PM

Details

Summary

The firmware header loaded into an rsu(4) device has to be customized
to reflect device settings. The driver was overwriting the header
from the shared firmware image before sending it to the device. If
two devices attached at the same time with different settings, one
device could potentially get a corrupted header. The recent changes
in a095390344fb1795c1b118a2f84da8f6a7f254ab exposed this bug in the
form of a panic as the firmware blobs are now marked read-only in
object files and mapped read-only by the kernel.

To avoid the bug, change the driver to allocate a copy of the firmware
header on the stack that is initialized before writing it to the
device.

PR: 252163
Reported by: vidwer+fbsdbugs@gmail.com
Tested by: vidwer+fbsdbugs@gmail.com
Sponsored by: DARPA

Test Plan
  • OP in PR tested patch and device works instead of panics with patch applied

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 35795
Build 32684: arc lint + arc unit