NickLewisL3H
commented
1 year ago There appear to be a couple of bugs/vulnerabilities in sys/dev/usb/net/if_ure.c that CHERI chokes-on/prevents:
--- a/sys/dev/usb/net/if_ure.c
+++ b/sys/dev/usb/net/if_ure.c
@@ -969,10 +969,10 @@ ure_attach_post(struct usb_ether *ue)
if ((sc->sc_chip & URE_CHIP_VER_4C00) ||
(sc->sc_chip & URE_CHIP_VER_4C10))
ure_read_mem(sc, URE_PLA_IDR, URE_MCU_TYPE_PLA,
- ue->ue_eaddr, 8);
+ ue->ue_eaddr, ETHER_ADDR_LEN);
else
ure_read_mem(sc, URE_PLA_BACKUP, URE_MCU_TYPE_PLA,
- ue->ue_eaddr, 8);
+ ue->ue_eaddr, ETHER_ADDR_LEN);
if (ETHER_IS_ZERO(sc->sc_ue.ue_eaddr)) {
device_printf(sc->sc_ue.ue_dev, "MAC assigned randomly\n");
@@ -1267,7 +1267,7 @@ ure_reset(struct ure_softc *sc)
static int
ure_ifmedia_upd(if_t ifp)
{
- struct ure_softc *sc = if_getsoftc(ifp);
+ struct ure_softc *sc = uether_getsc(if_getsoftc(ifp));
struct ifmedia *ifm;
struct mii_data *mii;
struct mii_softc *miisc;
@@ -1351,7 +1351,7 @@ ure_ifmedia_sts(if_t ifp, struct ifmediareq *ifmr)
struct mii_data *mii;
uint16_t status;
- sc = if_getsoftc(ifp);
+ sc = uether_getsc(if_getsoftc(ifp));
if (sc->sc_flags & (URE_FLAG_8156 | URE_FLAG_8156B)) {
URE_LOCK(sc);
ifmr->ifm_status = IFM_AVALID;
Using a Realtek based Dell usb ethernet adaptor on a morello board to provide an additional ethernet port causes the CheriBSD operating system to panic on boot. A similar effect is experienced if the board is booted without the adaptor and it is added later