From patchwork Fri Sep 12 13:23:52 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 37315 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f70.google.com (mail-la0-f70.google.com [209.85.215.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id D2792203EE for ; Fri, 12 Sep 2014 13:33:38 +0000 (UTC) Received: by mail-la0-f70.google.com with SMTP id s18sf487825lam.1 for ; Fri, 12 Sep 2014 06:33:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:date :message-id:in-reply-to:references:subject:precedence:list-id :list-unsubscribe:list-archive:list-post:list-help:list-subscribe :errors-to:sender:x-original-sender :x-original-authentication-results:mailing-list; bh=7qRJsh3l5BQ/YK3eGmUpUwJeweMJZ0LH//DPykCbeA8=; b=jzAZJz+zWZ2y7kT2DGBGkwBRIeOeS/ZCaQC0zvURd+siVsANGHYhIUxOYXAEAyEIPA Y8UbO9BEZnWPwEGOmZzcGQy6Sw0qm2tg/Xs0D0Xd2x+tNT1eVfC69PQ+jnQLM2GWDRBf rLQlSjfz24J/xlAyI284nngzFI0rQk0fZ5iEMvg7vPJFgm9OIx7ya05KDEr9PIftRgrN r/gq5/gYO+qPAHSBDyHxQ3ujHWIxqDVMbhGQdbKhLRXtRz2m2gEmgMJXEBOm2eHnpuPn tDN4K7MjkB6d+ywQs8uWe99/oi1PPohv3RK3Uf/79fZE2WfuqXk8AYwk6i3W+Bx2Igly idAg== X-Gm-Message-State: ALoCoQnn9+qeDXPK78t/ZGbtW3IRAWqwYE5pkwjHyuqeBXDqbe1VhjY+3j90ZnuB6An82ZFDUOqf X-Received: by 10.194.121.72 with SMTP id li8mr2265056wjb.1.1410528817482; Fri, 12 Sep 2014 06:33:37 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.116.18 with SMTP id js18ls173762lab.69.gmail; Fri, 12 Sep 2014 06:33:37 -0700 (PDT) X-Received: by 10.153.11.132 with SMTP id ei4mr9157028lad.24.1410528817182; Fri, 12 Sep 2014 06:33:37 -0700 (PDT) Received: from mail-la0-f43.google.com (mail-la0-f43.google.com [209.85.215.43]) by mx.google.com with ESMTPS id le2si6500741lac.114.2014.09.12.06.33.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 12 Sep 2014 06:33:36 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.43 as permitted sender) client-ip=209.85.215.43; Received: by mail-la0-f43.google.com with SMTP id gi9so974238lab.30 for ; Fri, 12 Sep 2014 06:33:36 -0700 (PDT) X-Received: by 10.152.204.231 with SMTP id lb7mr7322259lac.44.1410528816905; Fri, 12 Sep 2014 06:33:36 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.141.42 with SMTP id rl10csp732333lbb; Fri, 12 Sep 2014 06:33:36 -0700 (PDT) X-Received: by 10.224.160.83 with SMTP id m19mr11078974qax.95.1410528815481; Fri, 12 Sep 2014 06:33:35 -0700 (PDT) Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id x1si5636670qce.44.2014.09.12.06.33.32 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 12 Sep 2014 06:33:33 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Received: from localhost ([::1]:44994 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XSQyi-00073L-GJ for patch@linaro.org; Fri, 12 Sep 2014 09:33:32 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56996) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XSQpa-0006q4-EF for qemu-devel@nongnu.org; Fri, 12 Sep 2014 09:24:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XSQpQ-0003xv-Dl for qemu-devel@nongnu.org; Fri, 12 Sep 2014 09:24:06 -0400 Received: from mnementh.archaic.org.uk ([81.2.115.146]:46960) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XSQpQ-0003xI-7I for qemu-devel@nongnu.org; Fri, 12 Sep 2014 09:23:56 -0400 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1XSQpP-0003Yc-M7 for qemu-devel@nongnu.org; Fri, 12 Sep 2014 14:23:55 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 12 Sep 2014 14:23:52 +0100 Message-Id: <1410528234-13545-22-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1410528234-13545-1-git-send-email-peter.maydell@linaro.org> References: <1410528234-13545-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 81.2.115.146 Subject: [Qemu-devel] [PULL 21/23] hw/arm/boot: pass an address limit to and return size from load_dtb() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.43 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 From: Ard Biesheuvel Add an address limit input parameter to load_dtb() so that we can tell load_dtb() how much memory the dtb is allowed to consume. If the dtb doesn't fit, return 0, otherwise return the actual size of the loaded dtb. Reviewed-by: Peter Maydell Signed-off-by: Ard Biesheuvel Message-id: 1410453915-9344-3-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Peter Maydell --- hw/arm/boot.c | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 50eca93..2083aeb 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -312,7 +312,26 @@ static void set_kernel_args_old(const struct arm_boot_info *info) } } -static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo) +/** + * load_dtb() - load a device tree binary image into memory + * @addr: the address to load the image at + * @binfo: struct describing the boot environment + * @addr_limit: upper limit of the available memory area at @addr + * + * Load a device tree supplied by the machine or by the user with the + * '-dtb' command line option, and put it at offset @addr in target + * memory. + * + * If @addr_limit contains a meaningful value (i.e., it is strictly greater + * than @addr), the device tree is only loaded if its size does not exceed + * the limit. + * + * Returns: the size of the device tree image on success, + * 0 if the image size exceeds the limit, + * -1 on errors. + */ +static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo, + hwaddr addr_limit) { void *fdt = NULL; int size, rc; @@ -341,6 +360,15 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo) } } + if (addr_limit > addr && size > (addr_limit - addr)) { + /* Installing the device tree blob at addr would exceed addr_limit. + * Whether this constitutes failure is up to the caller to decide, + * so just return 0 as size, i.e., no error. + */ + g_free(fdt); + return 0; + } + acells = qemu_fdt_getprop_cell(fdt, "/", "#address-cells"); scells = qemu_fdt_getprop_cell(fdt, "/", "#size-cells"); if (acells == 0 || scells == 0) { @@ -403,7 +431,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo) g_free(fdt); - return 0; + return size; fail: g_free(fdt); @@ -572,7 +600,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info) */ hwaddr dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size, 4096); - if (load_dtb(dtb_start, info)) { + if (load_dtb(dtb_start, info, 0) < 0) { exit(1); } fixupcontext[FIXUP_ARGPTR] = dtb_start;