Commit 4e3a4390 authored by Jessica Clarke's avatar Jessica Clarke
Browse files

ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads

We do not include sys/rman.h and so machine/resource.h ends up not being
included by the time pci_private.h is included. This means PCI_RES_BUS
is never defined, and so the sc_bus member of pci_softc is not present
when compiling ofw_pci, resulting in the wrong softc size being passed
to DEFINE_CLASS_1 and thus any attempts by pci(4) to access that member
are out-of-bounds reads or writes.

This is pretty fragile; arguably pci_private.h should be including
sys/rman.h, but this is the minimal needed change to fix the bug whilst
maintaining the status quo.

Found by:	CHERI
Reported by:	andrew
parent 3266a0c5
......@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
#include <sys/bus.h>
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/rman.h>
#include <dev/pci/pcireg.h>
#include <dev/pci/pcivar.h>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment