All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ieee1275: prevent buffer over-read
@ 2016-02-13  0:50 Eric Snowberg
  2016-02-13  5:36 ` Andrei Borzenkov
  2016-02-13 14:05 ` Vladimir 'phcoder' Serbinenko
  0 siblings, 2 replies; 7+ messages in thread
From: Eric Snowberg @ 2016-02-13  0:50 UTC (permalink / raw)
  To: grub-devel; +Cc: Eric Snowberg

Prevent buffer over-read in grub_machine_mmap_iterate. This was
causing phys_base from being calculated properly. This then
caused the wrong value to be placed in ramdisk_image within
struct linux_hdrs. Which prevented the ramdisk from loading on
boot.

Newer SPARC systems contain more than 8 available memory entries.

For example on a T5-8 with 2TB of memory, the memory layout could
look like this:

T5-8 Memory
reg                      00000000 30000000 0000003f b0000000
                         00000800 00000000 00000040 00000000
                         00001000 00000000 00000040 00000000
                         00001800 00000000 00000040 00000000
                         00002000 00000000 00000040 00000000
                         00002800 00000000 00000040 00000000
                         00003000 00000000 00000040 00000000
                         00003800 00000000 00000040 00000000
available                00003800 00000000 0000003f ffcae000
                         00003000 00000000 00000040 00000000
                         00002800 00000000 00000040 00000000
                         00002000 00000000 00000040 00000000
                         00001800 00000000 00000040 00000000
                         00001000 00000000 00000040 00000000
                         00000800 00000000 00000040 00000000
                         00000000 70000000 0000003f 70000000
                         00000000 6eef8000 00000000 00002000
                         00000000 30400000 00000000 3eaf6000
name                     memory

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
---
 grub-core/kern/ieee1275/mmap.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/grub-core/kern/ieee1275/mmap.c b/grub-core/kern/ieee1275/mmap.c
index 911bb00..8df4e9b 100644
--- a/grub-core/kern/ieee1275/mmap.c
+++ b/grub-core/kern/ieee1275/mmap.c
@@ -25,7 +25,7 @@ grub_machine_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
 {
   grub_ieee1275_phandle_t root;
   grub_ieee1275_phandle_t memory;
-  grub_uint32_t available[32];
+  grub_uint32_t available[64];
   grub_ssize_t available_size;
   grub_uint32_t address_cells = 1;
   grub_uint32_t size_cells = 1;
@@ -49,6 +49,9 @@ grub_machine_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
 					  sizeof available, &available_size))
     return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
 		       "couldn't examine /memory/available property");
+  if (available_size > sizeof available)
+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
+                       "/memory response buffer exceeded");
 
   if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_BROKEN_ADDRESS_CELLS))
     {
-- 
1.7.1



^ permalink raw reply related	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-02-14  7:03 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-13  0:50 [PATCH] ieee1275: prevent buffer over-read Eric Snowberg
2016-02-13  5:36 ` Andrei Borzenkov
2016-02-13 14:03   ` Vladimir 'phcoder' Serbinenko
2016-02-13 14:05 ` Vladimir 'phcoder' Serbinenko
2016-02-13 16:08   ` Eric Snowberg
2016-02-14  2:45     ` Eric Snowberg
2016-02-14  7:03       ` Vladimir 'phcoder' Serbinenko

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.