diff options
| author | Ruslan Bukin <br@FreeBSD.org> | 2025-11-25 09:16:39 +0000 |
|---|---|---|
| committer | Ruslan Bukin <br@FreeBSD.org> | 2025-11-25 09:20:03 +0000 |
| commit | 64ee9c166ce5e807e575d205ac2e15cc5cf6581b (patch) | |
| tree | 9a486fe9ffa9108f566a8c1072b8164a6fc6c025 | |
| parent | b87f6330013f2d04ef83c453f95db5cd3247e6e1 (diff) | |
em(4): fix capability bounds needed to access checksum context.
Ensure the offp capability bounds cover entire struct with checksum fields.
This is needed for CHERI systems to avoid bounds violation trap, as
otherwise offp allowed to dereference 4 bytes of csum_flags field only
so bzero failed.
Tested on ARM Morello.
Reviewed by: kbowling
Discussed with: jrtc27
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53903
| -rw-r--r-- | sys/dev/e1000/if_em.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/e1000/if_em.c b/sys/dev/e1000/if_em.c index bc841ba87ceb..7d7655a7ae6f 100644 --- a/sys/dev/e1000/if_em.c +++ b/sys/dev/e1000/if_em.c @@ -3638,7 +3638,7 @@ em_initialize_transmit_unit(if_ctx_t ctx) bus_addr = txr->tx_paddr; /* Clear checksum offload context. */ - offp = (caddr_t)&txr->csum_flags; + offp = (caddr_t)txr + offsetof(struct tx_ring, csum_flags); endp = (caddr_t)(txr + 1); bzero(offp, endp - offp); |