|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH v2] xen/arm: bootfdt: Harden handling of malformed mem reserve map
The early_print_info routine in bootfdt.c incorrectly stores the result
of a call to fdt_num_mem_rsv() in an unsigned int, which results in the
negative error code being interpreted incorrectly in a subsequent loop
in the case where the device tree is malformed. Fix this by properly
checking the return code for an error and calling panic().
Signed-off-by: Shawn Anastasio <sanastasio@xxxxxxxxxxxxxxxxxxxxx>
---
v2:
- panic() if the fdt_num_mem_rsv() call fails
- Reword commit message to clarify that the error condition can only
be triggered by a malformed device tree
- Rebase to standalone patch instead of a part of my patch series
'[PATCH v2 0/7] Early Boot Allocation on Power'
---
xen/arch/arm/bootfdt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c
index 1cbac3cb2a..35dbdf3384 100644
--- a/xen/arch/arm/bootfdt.c
+++ b/xen/arch/arm/bootfdt.c
@@ -463,7 +463,8 @@ static void __init early_print_info(void)
struct meminfo *mem_resv = &bootinfo.reserved_mem;
struct bootmodules *mods = &bootinfo.modules;
struct bootcmdlines *cmds = &bootinfo.cmdlines;
- unsigned int i, j, nr_rsvd;
+ unsigned int i, j;
+ int nr_rsvd;
for ( i = 0; i < mi->nr_banks; i++ )
printk("RAM: %"PRIpaddr" - %"PRIpaddr"\n",
@@ -478,6 +479,9 @@ static void __init early_print_info(void)
boot_module_kind_as_string(mods->module[i].kind));
nr_rsvd = fdt_num_mem_rsv(device_tree_flattened);
+ if ( nr_rsvd < 0 )
+ panic("Parsing FDT memory reserve map failed (%d)\n", nr_rsvd);
+
for ( i = 0; i < nr_rsvd; i++ )
{
paddr_t s, e;
--
2.30.2
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |