From patchwork Wed Aug 28 14:47:25 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 19574
Return-Path: <patchwork-forward+bncBCI3N6FH3YJRBNE37CIAKGQEPBS4CNQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-ye0-f199.google.com (mail-ye0-f199.google.com
 [209.85.213.199])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id C1A6425E58
 for <linaro@patches.linaro.org>; Wed, 28 Aug 2013 14:48:20 +0000 (UTC)
Received: by mail-ye0-f199.google.com with SMTP id l13sf6486150yen.2
 for <linaro@patches.linaro.org>; Wed, 28 Aug 2013 07:48:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:x-gm-message-state:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=0bssQGv82nHQcfsrgNAOQVy8vVCXOf2zpB4AwICQE7E=;
 b=bT88cS2hQNV3RqUo09Y8kUFndIvkf2NboRp6fSSQs/ugwVjZ7nuaTHRfieceDTmzJo
 c1lsHGooEGtzRDjWNR1/uD6U2TisBXQaPn3FdLd9jSaLIY6g3v+aAdxBABsCb22MYhGL
 04BRozIk4SR2mjhs1y38WKHKuYrXtpOv8B8+66dJF9k7bOFHSdREqeNVKWTsQTeMR3z3
 I0RV2kS4/uW8HNe/TxuDYi2MstE/bpdHWnl5yM44mHVFG558JI9BExBHnZ0nyPluDgM4
 4O62spZT95UW2w4m5MeEEgVNgMU/Uoin5Csaj+8einFu8Foq+1pBaDf8GSw5jBaLbw98
 Wx9A==
X-Received: by 10.236.31.228 with SMTP id m64mr10523408yha.5.1377701300517; 
 Wed, 28 Aug 2013 07:48:20 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.49.50.169 with SMTP id d9ls345162qeo.21.gmail; Wed, 28 Aug
 2013 07:48:20 -0700 (PDT)
X-Received: by 10.58.208.130 with SMTP id me2mr26076060vec.13.1377701300270; 
 Wed, 28 Aug 2013 07:48:20 -0700 (PDT)
Received: from mail-vb0-f43.google.com (mail-vb0-f43.google.com
 [209.85.212.43]) by mx.google.com with ESMTPS id
 f20si6607085vcs.67.1969.12.31.16.00.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 28 Aug 2013 07:48:20 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.212.43 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.212.43; 
Received: by mail-vb0-f43.google.com with SMTP id h11so4044388vbh.2
 for <patchwork-forward@linaro.org>;
 Wed, 28 Aug 2013 07:48:20 -0700 (PDT)
X-Gm-Message-State: ALoCoQk38OtXZsifAJ4c0DRl7gOoYBUIzHwCGPzccGiB08H23lfRgEub3PgKAjSRLON6VGVV/ZZ9
X-Received: by 10.58.100.234 with SMTP id fb10mr26220889veb.5.1377701300179; 
 Wed, 28 Aug 2013 07:48:20 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.220.174.196 with SMTP id u4csp359946vcz;
 Wed, 28 Aug 2013 07:48:19 -0700 (PDT)
X-Received: by 10.194.119.166 with SMTP id kv6mr871425wjb.89.1377701299177; 
 Wed, 28 Aug 2013 07:48:19 -0700 (PDT)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com
 [209.85.212.181])
 by mx.google.com with ESMTPS id f8si1807329wiz.86.1969.12.31.16.00.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 28 Aug 2013 07:48:19 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.212.181 is neither permitted nor
 denied by best guess record for domain of
 julien.grall@linaro.org) client-ip=209.85.212.181; 
Received: by mail-wi0-f181.google.com with SMTP id ex4so3571828wid.14
 for <patches@linaro.org>; Wed, 28 Aug 2013 07:48:18 -0700 (PDT)
X-Received: by 10.194.104.199 with SMTP id gg7mr3062316wjb.52.1377701298655; 
 Wed, 28 Aug 2013 07:48:18 -0700 (PDT)
Received: from belegaer.uk.xensource.com. ([185.25.64.249])
 by mx.google.com with ESMTPSA id a8sm5590498wie.6.1969.12.31.16.00.00
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 28 Aug 2013 07:48:18 -0700 (PDT)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Cc: stefano.stabellini@eu.citrix.com, ian.campbell@citrix.com,
 patches@linaro.org, andre.przywara@linaro.org,
 Julien Grall <julien.grall@linaro.org>
Subject: [PATCH V1 11/29] xen/dts: Check "reg" property length in
 process_multiboot_node
Date: Wed, 28 Aug 2013 15:47:25 +0100
Message-Id: <1377701263-3319-12-git-send-email-julien.grall@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1377701263-3319-1-git-send-email-julien.grall@linaro.org>
References: <1377701263-3319-1-git-send-email-julien.grall@linaro.org>
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: julien.grall@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.212.43 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

When the device tree compiler (dtc) can't find right #address-cells
and #size-cells, it will assume the encoding is 1 for each.
As multiboot node are inside the /chosen, dtc will asume the previous values
if the both property are not correct set.

During boot, Xen will browse the fdt and store the nearest #address-cells
and #size-cells value. If the size of "reg" is smaller, Xen can retrieve
wrong range.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
 xen/common/device_tree.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
index 9568250..7295f34 100644
--- a/xen/common/device_tree.c
+++ b/xen/common/device_tree.c
@@ -467,10 +467,14 @@ static void __init process_multiboot_node(const void *fdt, int node,
 
     mod = &early_info.modules.module[nr];
 
-    prop = fdt_get_property(fdt, node, "reg", NULL);
+    prop = fdt_get_property(fdt, node, "reg", &len);
     if ( !prop )
         early_panic("node %s missing `reg' property\n", name);
 
+    if ( len < dt_cells_to_size(address_cells + size_cells) )
+        early_panic("fdt: node `%s': `reg` property length is too short\n",
+                    name);
+
     cell = (const u32 *)prop->data;
     device_tree_get_reg(&cell, address_cells, size_cells,
                         &mod->start, &mod->size);