[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] hvmloader: Fix parsing Etherboot roms to avoid an infinite loop.

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1207745554 -3600
# Node ID 13cc6b2b8b61769cbeea4f0d10975f5d8bb5676a
# Parent  a8ce3e934abd5d9979566186c7618d4c9f8d7db3
hvmloader: Fix parsing Etherboot roms to avoid an infinite loop.

Signed-off-by: Yosuke Iwamatsu <y-iwamatsu@xxxxxxxxxxxxx>
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
---
 tools/firmware/hvmloader/hvmloader.c |   37 +++++++++++++++++------------------
 1 files changed, 19 insertions(+), 18 deletions(-)

diff -r a8ce3e934abd -r 13cc6b2b8b61 tools/firmware/hvmloader/hvmloader.c
--- a/tools/firmware/hvmloader/hvmloader.c      Wed Apr 09 13:35:44 2008 +0100
+++ b/tools/firmware/hvmloader/hvmloader.c      Wed Apr 09 13:52:34 2008 +0100
@@ -374,30 +374,31 @@ static int scan_etherboot_nic(void *copy
             /* Check the PCI PnP header (if any) for a match. */
             pcih = (struct option_rom_pci_header *)
                 ((char *)rom + rom->pci_header_offset);
-            if ( (rom->pci_header_offset == 0) ||
-                 strncmp(pcih->signature, "PCIR", 4) ||
-                 (pcih->vendor_id != vendor_id) ||
-                 (pcih->device_id != device_id) )
-                continue;
-
-            /* Find the PnP expansion header (if any). */
-            pnph = ((rom->expansion_header_offset != 0)
-                    ? ((struct option_rom_pnp_header *)
-                       ((char *)rom + rom->expansion_header_offset))
-                    : ((struct option_rom_pnp_header *)NULL));
-            while ( (pnph != NULL) && strncmp(pnph->signature, "$PnP", 4) )
-                pnph = ((pnph->next_header_offset != 0)
-                        ? ((struct option_rom_pnp_header *)
-                           ((char *)rom + pnph->next_header_offset))
-                        : ((struct option_rom_pnp_header *)NULL));
-
-            goto found;
+            if ( (rom->pci_header_offset != 0) &&
+                 !strncmp(pcih->signature, "PCIR", 4) &&
+                 (pcih->vendor_id == vendor_id) &&
+                 (pcih->device_id == device_id) )
+                goto found;
+
+            rom = (struct option_rom_header *)
+                ((char *)rom + rom->rom_size * 512);
         }
     }
 
     return 0;
 
  found:
+    /* Find the PnP expansion header (if any). */
+    pnph = ((rom->expansion_header_offset != 0)
+            ? ((struct option_rom_pnp_header *)
+               ((char *)rom + rom->expansion_header_offset))
+            : ((struct option_rom_pnp_header *)NULL));
+    while ( (pnph != NULL) && strncmp(pnph->signature, "$PnP", 4) )
+        pnph = ((pnph->next_header_offset != 0)
+                ? ((struct option_rom_pnp_header *)
+                   ((char *)rom + pnph->next_header_offset))
+                : ((struct option_rom_pnp_header *)NULL));
+
     printf("Loading PXE ROM ...\n");
     if ( (pnph != NULL) && (pnph->manufacturer_name_offset != 0) )
         printf(" - Manufacturer: %s\n",

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.