[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] xen/arm: bootfdt: Harden handling of malformed mem reserve map



commit 410837189edc7a5abfe018a71dee1084d8423849
Author:     Shawn Anastasio <sanastasio@xxxxxxxxxxxxxxxxxxxxx>
AuthorDate: Thu Jan 11 17:24:22 2024 -0600
Commit:     Julien Grall <jgrall@xxxxxxxxxx>
CommitDate: Fri Jan 12 11:04:54 2024 +0000

    xen/arm: bootfdt: Harden handling of malformed mem reserve map
    
    The early_print_info routine in bootfdt.c incorrectly stores the result
    of a call to fdt_num_mem_rsv() in an unsigned int, which results in the
    negative error code being interpreted incorrectly in a subsequent loop
    in the case where the device tree is malformed. Fix this by properly
    checking the return code for an error and calling panic().
    
    Signed-off-by: Shawn Anastasio <sanastasio@xxxxxxxxxxxxxxxxxxxxx>
    Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>
---
 xen/arch/arm/bootfdt.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c
index 1cbac3cb2a..35dbdf3384 100644
--- a/xen/arch/arm/bootfdt.c
+++ b/xen/arch/arm/bootfdt.c
@@ -463,7 +463,8 @@ static void __init early_print_info(void)
     struct meminfo *mem_resv = &bootinfo.reserved_mem;
     struct bootmodules *mods = &bootinfo.modules;
     struct bootcmdlines *cmds = &bootinfo.cmdlines;
-    unsigned int i, j, nr_rsvd;
+    unsigned int i, j;
+    int nr_rsvd;
 
     for ( i = 0; i < mi->nr_banks; i++ )
         printk("RAM: %"PRIpaddr" - %"PRIpaddr"\n",
@@ -478,6 +479,9 @@ static void __init early_print_info(void)
                 boot_module_kind_as_string(mods->module[i].kind));
 
     nr_rsvd = fdt_num_mem_rsv(device_tree_flattened);
+    if ( nr_rsvd < 0 )
+        panic("Parsing FDT memory reserve map failed (%d)\n", nr_rsvd);
+
     for ( i = 0; i < nr_rsvd; i++ )
     {
         paddr_t s, e;
--
generated by git-patchbot for /home/xen/git/xen.git#master



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.