From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36250) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XS7V1-00086N-4r for qemu-devel@nongnu.org; Thu, 11 Sep 2014 12:45:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XS7Uv-0004CD-0V for qemu-devel@nongnu.org; Thu, 11 Sep 2014 12:45:34 -0400 Received: from mail-we0-f170.google.com ([74.125.82.170]:51469) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XS7Uu-0004C2-Dg for qemu-devel@nongnu.org; Thu, 11 Sep 2014 12:45:28 -0400 Received: by mail-we0-f170.google.com with SMTP id u57so7203934wes.29 for ; Thu, 11 Sep 2014 09:45:25 -0700 (PDT) From: Ard Biesheuvel Date: Thu, 11 Sep 2014 18:45:13 +0200 Message-Id: <1410453915-9344-3-git-send-email-ard.biesheuvel@linaro.org> In-Reply-To: <1410453915-9344-1-git-send-email-ard.biesheuvel@linaro.org> References: <1410453915-9344-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [Qemu-devel] [PATCH v3 2/4] hw/arm/boot: pass an address limit to and return size from load_dtb() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: peter.maydell@linaro.org, qemu-devel@nongnu.org Cc: christoffer.dall@linaro.org, Ard Biesheuvel Add an address limit input parameter to load_dtb() so that we can tell load_dtb() how much memory the dtb is allowed to consume. If the dtb doesn't fit, return 0, otherwise return the actual size of the loaded dtb. Reviewed-by: Peter Maydell Signed-off-by: Ard Biesheuvel --- hw/arm/boot.c | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 50eca931e1a4..2083aeb95d80 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -312,7 +312,26 @@ static void set_kernel_args_old(const struct arm_boot_info *info) } } -static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo) +/** + * load_dtb() - load a device tree binary image into memory + * @addr: the address to load the image at + * @binfo: struct describing the boot environment + * @addr_limit: upper limit of the available memory area at @addr + * + * Load a device tree supplied by the machine or by the user with the + * '-dtb' command line option, and put it at offset @addr in target + * memory. + * + * If @addr_limit contains a meaningful value (i.e., it is strictly greater + * than @addr), the device tree is only loaded if its size does not exceed + * the limit. + * + * Returns: the size of the device tree image on success, + * 0 if the image size exceeds the limit, + * -1 on errors. + */ +static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo, + hwaddr addr_limit) { void *fdt = NULL; int size, rc; @@ -341,6 +360,15 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo) } } + if (addr_limit > addr && size > (addr_limit - addr)) { + /* Installing the device tree blob at addr would exceed addr_limit. + * Whether this constitutes failure is up to the caller to decide, + * so just return 0 as size, i.e., no error. + */ + g_free(fdt); + return 0; + } + acells = qemu_fdt_getprop_cell(fdt, "/", "#address-cells"); scells = qemu_fdt_getprop_cell(fdt, "/", "#size-cells"); if (acells == 0 || scells == 0) { @@ -403,7 +431,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo) g_free(fdt); - return 0; + return size; fail: g_free(fdt); @@ -572,7 +600,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info) */ hwaddr dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size, 4096); - if (load_dtb(dtb_start, info)) { + if (load_dtb(dtb_start, info, 0) < 0) { exit(1); } fixupcontext[FIXUP_ARGPTR] = dtb_start; -- 1.8.3.2