From: Shawn Anastasio <sanastasio@raptorengineering.com>
To: xen-devel@lists.xenproject.org
Cc: Timothy Pearson <tpearson@raptorengineering.com>,
Shawn Anastasio <sanastasio@raptorengineering.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Julien Grall <julien@xen.org>,
Bertrand Marquis <bertrand.marquis@arm.com>,
Michal Orzel <michal.orzel@amd.com>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: [PATCH v2] xen/arm: bootfdt: Harden handling of malformed mem reserve map
Date: Thu, 11 Jan 2024 17:24:22 -0600 [thread overview]
Message-ID: <20240111232422.2610495-1-sanastasio@raptorengineering.com> (raw)
The early_print_info routine in bootfdt.c incorrectly stores the result
of a call to fdt_num_mem_rsv() in an unsigned int, which results in the
negative error code being interpreted incorrectly in a subsequent loop
in the case where the device tree is malformed. Fix this by properly
checking the return code for an error and calling panic().
Signed-off-by: Shawn Anastasio <sanastasio@raptorengineering.com>
---
v2:
- panic() if the fdt_num_mem_rsv() call fails
- Reword commit message to clarify that the error condition can only
be triggered by a malformed device tree
- Rebase to standalone patch instead of a part of my patch series
'[PATCH v2 0/7] Early Boot Allocation on Power'
---
xen/arch/arm/bootfdt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c
index 1cbac3cb2a..35dbdf3384 100644
--- a/xen/arch/arm/bootfdt.c
+++ b/xen/arch/arm/bootfdt.c
@@ -463,7 +463,8 @@ static void __init early_print_info(void)
struct meminfo *mem_resv = &bootinfo.reserved_mem;
struct bootmodules *mods = &bootinfo.modules;
struct bootcmdlines *cmds = &bootinfo.cmdlines;
- unsigned int i, j, nr_rsvd;
+ unsigned int i, j;
+ int nr_rsvd;
for ( i = 0; i < mi->nr_banks; i++ )
printk("RAM: %"PRIpaddr" - %"PRIpaddr"\n",
@@ -478,6 +479,9 @@ static void __init early_print_info(void)
boot_module_kind_as_string(mods->module[i].kind));
nr_rsvd = fdt_num_mem_rsv(device_tree_flattened);
+ if ( nr_rsvd < 0 )
+ panic("Parsing FDT memory reserve map failed (%d)\n", nr_rsvd);
+
for ( i = 0; i < nr_rsvd; i++ )
{
paddr_t s, e;
--
2.30.2
next reply other threads:[~2024-01-11 23:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-11 23:24 Shawn Anastasio [this message]
2024-01-12 8:56 ` [PATCH v2] xen/arm: bootfdt: Harden handling of malformed mem reserve map Michal Orzel
2024-01-12 11:05 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240111232422.2610495-1-sanastasio@raptorengineering.com \
--to=sanastasio@raptorengineering.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=bertrand.marquis@arm.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=sstabellini@kernel.org \
--cc=tpearson@raptorengineering.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.