diff mbox

[v3,07/27] xen/dts: Check "reg" property length in process_multiboot_node

Message ID 1378824555-16564-8-git-send-email-julien.grall@linaro.org
State Superseded, archived
Headers show

Commit Message

Julien Grall Sept. 10, 2013, 2:48 p.m. UTC 
The device tree compiler (dtc) will only warn if the "reg" property doesn't
match #address-cells and #size-cells size. It won't update the different
property. Therefore, Xen needs to check if the size match both properties,
otherwise Xen can retrieve a wrong range.

Signed-off-by: Julien Grall <julien.grall@linaro.org>

---
    Changes in v3:
        - Rework comment
---
 xen/common/device_tree.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
diff mbox

Patch

diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
index f867dfd..9d300ec 100644
--- a/xen/common/device_tree.c
+++ b/xen/common/device_tree.c
@@ -467,10 +467,14 @@  static void __init process_multiboot_node(const void *fdt, int node,
 
     mod = &early_info.modules.module[nr];
 
-    prop = fdt_get_property(fdt, node, "reg", NULL);
+    prop = fdt_get_property(fdt, node, "reg", &len);
     if ( !prop )
         early_panic("node %s missing `reg' property\n", name);
 
+    if ( len < dt_cells_to_size(address_cells + size_cells) )
+        early_panic("fdt: node `%s': `reg` property length is too short\n",
+                    name);
+
     cell = (const u32 *)prop->data;
     device_tree_get_reg(&cell, address_cells, size_cells,
                         &mod->start, &mod->size);