| Message ID | 20240111232422.2610495-1-sanastasio@raptorengineering.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] xen/arm: bootfdt: Harden handling of malformed mem reserve map | expand |
On 12/01/2024 00:24, Shawn Anastasio wrote: > > > The early_print_info routine in bootfdt.c incorrectly stores the result > of a call to fdt_num_mem_rsv() in an unsigned int, which results in the > negative error code being interpreted incorrectly in a subsequent loop > in the case where the device tree is malformed. Fix this by properly > checking the return code for an error and calling panic(). > > Signed-off-by: Shawn Anastasio <sanastasio@raptorengineering.com> Reviewed-by: Michal Orzel <michal.orzel@amd.com> ~Michal
Hi, On 12/01/2024 08:56, Michal Orzel wrote: > > > On 12/01/2024 00:24, Shawn Anastasio wrote: >> >> >> The early_print_info routine in bootfdt.c incorrectly stores the result >> of a call to fdt_num_mem_rsv() in an unsigned int, which results in the >> negative error code being interpreted incorrectly in a subsequent loop >> in the case where the device tree is malformed. Fix this by properly >> checking the return code for an error and calling panic(). >> >> Signed-off-by: Shawn Anastasio <sanastasio@raptorengineering.com> > Reviewed-by: Michal Orzel <michal.orzel@amd.com> Committed. Cheers,
diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index 1cbac3cb2a..35dbdf3384 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -463,7 +463,8 @@ static void __init early_print_info(void) struct meminfo *mem_resv = &bootinfo.reserved_mem; struct bootmodules *mods = &bootinfo.modules; struct bootcmdlines *cmds = &bootinfo.cmdlines; - unsigned int i, j, nr_rsvd; + unsigned int i, j; + int nr_rsvd; for ( i = 0; i < mi->nr_banks; i++ ) printk("RAM: %"PRIpaddr" - %"PRIpaddr"\n", @@ -478,6 +479,9 @@ static void __init early_print_info(void) boot_module_kind_as_string(mods->module[i].kind)); nr_rsvd = fdt_num_mem_rsv(device_tree_flattened); + if ( nr_rsvd < 0 ) + panic("Parsing FDT memory reserve map failed (%d)\n", nr_rsvd); + for ( i = 0; i < nr_rsvd; i++ ) { paddr_t s, e;
The early_print_info routine in bootfdt.c incorrectly stores the result of a call to fdt_num_mem_rsv() in an unsigned int, which results in the negative error code being interpreted incorrectly in a subsequent loop in the case where the device tree is malformed. Fix this by properly checking the return code for an error and calling panic(). Signed-off-by: Shawn Anastasio <sanastasio@raptorengineering.com> --- v2: - panic() if the fdt_num_mem_rsv() call fails - Reword commit message to clarify that the error condition can only be triggered by a malformed device tree - Rebase to standalone patch instead of a part of my patch series '[PATCH v2 0/7] Early Boot Allocation on Power' --- xen/arch/arm/bootfdt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.30.2