CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/22 06:20:52
Modified files:
sys/arch/arm64/dev: mainbus.c
Log message:
The main bus_dma_tag is passed all over the device tree to provide
operation function pointers. A bug in a driver could be exploited to
overwrite these function pointers, causing a later operation to call
wrong code. Many mitigations (KARL, bti/pac cfi, various mechanisms
for placing new code) increase the difficulty of exploit success,
however there is no reason for this bus_dma_tag structure to be
writeable, except history: the API does not pass things as const and
such a change to the tree would be a massive painful diff.
We know writes are not occuring, so we can force the structure
into .rodata, without using const.
This is for arm64 -- the some should be done to all other architectures.
ok kettenis
