HomeFreeBSD

ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads

Description

ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads

We do not include sys/rman.h and so machine/resource.h ends up not being
included by the time pci_private.h is included. This means PCI_RES_BUS
is never defined, and so the sc_bus member of pci_softc is not present
when compiling ofw_pci, resulting in the wrong softc size being passed
to DEFINE_CLASS_1 and thus any attempts by pci(4) to access that member
are out-of-bounds reads or writes.

This is pretty fragile; arguably pci_private.h should be including
sys/rman.h, but this is the minimal needed change to fix the bug whilst
maintaining the status quo.

Found by: CHERI
Reported by: andrew

Details

Provenance
jrtc27Authored on Jan 15 2022, 7:03 PM
Parents
rG3266a0c5d5ab: stress2: Added a new unionfs test scenario
Branches
Unknown
Tags
Unknown