From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1aXkWA-0007kC-Ff for mharc-grub-devel@gnu.org; Mon, 22 Feb 2016 02:02:50 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54792) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXkW8-0007jn-2i for grub-devel@gnu.org; Mon, 22 Feb 2016 02:02:49 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aXkW4-00043o-Ro for grub-devel@gnu.org; Mon, 22 Feb 2016 02:02:47 -0500 Received: from mail-lf0-x235.google.com ([2a00:1450:4010:c07::235]:33720) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXkW4-00043L-IK for grub-devel@gnu.org; Mon, 22 Feb 2016 02:02:44 -0500 Received: by mail-lf0-x235.google.com with SMTP id m1so88429962lfg.0 for ; Sun, 21 Feb 2016 23:02:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=LNcJis8wn5/ggJBMT09TjAYCfjLnTl+gZUTmR2NAYe0=; b=XVLGopNkl9GbHfnCmVn0jPmXpFhJZGTodqO9MLDODeUHX+Rs5ofA2LnS5cDFRDfOgy eKo3pONJDSs8KFnAO+73nPXpUQ9F/m1cAs3wBzWEMxLj4kir+3s5XqA6TgTiSyZvaU8p adDcVX5qcyRGI+ivOq7q8L7H41cLt93srxXOgCs0Xgtp4yd1c1u9f/zkrpzFLhysi4qc YeclX8NkyQpnbC8lbQYicS8Eki1vYoc1I93ZdEd9V8gBkQaJWvwplINuEo2sv/ys15Wg V9+n0SqNZIgqx8MoC8MIsQu6WwNPc6QNOz+26gD7B5TrElUOr5hy9tvv7omZ7hdRzVNf hnfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=LNcJis8wn5/ggJBMT09TjAYCfjLnTl+gZUTmR2NAYe0=; b=O+oA/6WfpVhN8sWXWFKKz4zeZdiNNmA1hNdUa6eaHk2W7lcm1Sf4Epkt/n0yTiAvSk ECYXf9CsD90/Fsnft5llqJFpHCHbJPEuG4+vfcnTOUxWmrhM2dCRt1D6KA4AYKATVWck hGBqzkWl6IJu0Pn0MxpI3iThCxeczNahbga9Ge2B5xCCLvgVfGkxqvKVCNP01tsiNbQT KlcYrz/vvb7vnfQ1l3wJqQmZFX0tX/EHi69RjrrapGyFS+2PIpfUxZ7M5PaaEIpba15P ToCt8IelAfLfo5J2C5SgnF7QLgQjWBiJuvuJXdLHkj9K+jqPuNxjz/Y/0doBkWogUJlo aDqw== X-Gm-Message-State: AG10YOTG0iqygOQODMp628OmtyqbxN8DPdVBcptiHCwV0syF+lL2kUaYJ8+ys5mptY+9iw== X-Received: by 10.25.39.146 with SMTP id n140mr9681808lfn.23.1456124563780; Sun, 21 Feb 2016 23:02:43 -0800 (PST) Received: from [192.168.1.41] (ppp109-252-76-159.pppoe.spdop.ru. [109.252.76.159]) by smtp.gmail.com with ESMTPSA id d131sm3129589lfg.27.2016.02.21.23.02.42 for (version=TLSv1/SSLv3 cipher=OTHER); Sun, 21 Feb 2016 23:02:43 -0800 (PST) Subject: Re: [PATCH v2] ieee1275: prevent buffer over-read To: grub-devel@gnu.org References: <1455562425-87254-1-git-send-email-eric.snowberg@oracle.com> From: Andrei Borzenkov Message-ID: <56CAB292.7090403@gmail.com> Date: Mon, 22 Feb 2016 10:02:42 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <1455562425-87254-1-git-send-email-eric.snowberg@oracle.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::235 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2016 07:02:49 -0000 15.02.2016 21:53, Eric Snowberg пишет: > Prevent buffer over-read in grub_machine_mmap_iterate. This was > causing phys_base from being calculated properly. This then > caused the wrong value to be placed in ramdisk_image within > struct linux_hdrs. Which prevented the ramdisk from loading on > boot. > Applied. Thanks! > Newer SPARC systems contain more than 8 available memory entries. > > For example on a T5-8 with 2TB of memory, the memory layout could > look like this: > > T5-8 Memory > reg 00000000 30000000 0000003f b0000000 > 00000800 00000000 00000040 00000000 > 00001000 00000000 00000040 00000000 > 00001800 00000000 00000040 00000000 > 00002000 00000000 00000040 00000000 > 00002800 00000000 00000040 00000000 > 00003000 00000000 00000040 00000000 > 00003800 00000000 00000040 00000000 > available 00003800 00000000 0000003f ffcae000 > 00003000 00000000 00000040 00000000 > 00002800 00000000 00000040 00000000 > 00002000 00000000 00000040 00000000 > 00001800 00000000 00000040 00000000 > 00001000 00000000 00000040 00000000 > 00000800 00000000 00000040 00000000 > 00000000 70000000 0000003f 70000000 > 00000000 6eef8000 00000000 00002000 > 00000000 30400000 00000000 3eaf6000 > name memory > > Signed-off-by: Eric Snowberg > --- > grub-core/kern/ieee1275/mmap.c | 5 ++++- > 1 files changed, 4 insertions(+), 1 deletions(-) > > diff --git a/grub-core/kern/ieee1275/mmap.c b/grub-core/kern/ieee1275/mmap.c > index 911bb00..d7f6a1b 100644 > --- a/grub-core/kern/ieee1275/mmap.c > +++ b/grub-core/kern/ieee1275/mmap.c > @@ -25,7 +25,7 @@ grub_machine_mmap_iterate (grub_memory_hook_t hook, void *hook_data) > { > grub_ieee1275_phandle_t root; > grub_ieee1275_phandle_t memory; > - grub_uint32_t available[32]; > + grub_uint32_t available[128]; > grub_ssize_t available_size; > grub_uint32_t address_cells = 1; > grub_uint32_t size_cells = 1; > @@ -49,6 +49,9 @@ grub_machine_mmap_iterate (grub_memory_hook_t hook, void *hook_data) > sizeof available, &available_size)) > return grub_error (GRUB_ERR_UNKNOWN_DEVICE, > "couldn't examine /memory/available property"); > + if (available_size > sizeof (available)) > + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, > + "/memory response buffer exceeded"); > > if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_BROKEN_ADDRESS_CELLS)) > { >