From patchwork Wed Sep 10 10:59:48 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 37195
Return-Path: <patchwork-forward+bncBDYNJBOFRECBBWXAYCQAKGQEB437SIQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-pa0-f71.google.com (mail-pa0-f71.google.com
 [209.85.220.71])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 092B120491
 for <linaro@patches.linaro.org>; Wed, 10 Sep 2014 11:04:58 +0000 (UTC)
Received: by mail-pa0-f71.google.com with SMTP id rd3sf33802007pab.6
 for <linaro@patches.linaro.org>; Wed, 10 Sep 2014 04:04:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:in-reply-to:references:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=/m43T7FOKktS9XGStDse1zk5CYmEXTurg7Q2raJNs0I=;
 b=ZT1pxRZ8t3pSde1x+Nub0ozWpXWcJqE9il07y0JrSYQYYfFM1HHF3/sLUlky50Pn9I
 0ABQa+f5oGsCvacJVc445ha066ELsw29y+UCAIWIOyXQjDF/vllo94pj4MWvZufoqGO2
 3X6FBqrL5nfoVYCXEVYC83tF5jkeGqEYajoFk8CoFXx67VZ5etyB1+QiOWEDbUh2dEzg
 ar4mXN36g9FTMZ3Mtf41EM+w744F7oDo8p8bfKhLmFOXxV9CiqTgZADLnIw1Cela0lHT
 o1wx8nmZRFjlza44/eu//al9UCwtpJEaomYGwuPLSwYTTyEmjcPbxN1hJ/WHLadc/qrc
 +tCQ==
X-Gm-Message-State: ALoCoQmD/pxUkCE+7GOIsFoubVuQ+kbSObmOi7mL6ew42szQUEw6/jr5GIaqgSzoOgaMkZGerGv+
X-Received: by 10.66.141.48 with SMTP id rl16mr24766209pab.1.1410347098374; 
 Wed, 10 Sep 2014 04:04:58 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.30.195 with SMTP id d61ls856043qgd.68.gmail; Wed, 10 Sep
 2014 04:04:58 -0700 (PDT)
X-Received: by 10.52.8.130 with SMTP id r2mr9289280vda.53.1410347098202;
 Wed, 10 Sep 2014 04:04:58 -0700 (PDT)
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com
 [209.85.220.181])
 by mx.google.com with ESMTPS id j6si6198114vcs.30.2014.09.10.04.04.58
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 10 Sep 2014 04:04:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.181 as permitted sender) client-ip=209.85.220.181; 
Received: by mail-vc0-f181.google.com with SMTP id ij19so4564249vcb.26
 for <patchwork-forward@linaro.org>;
 Wed, 10 Sep 2014 04:04:58 -0700 (PDT)
X-Received: by 10.52.69.231 with SMTP id h7mr5596777vdu.60.1410347098127;
 Wed, 10 Sep 2014 04:04:58 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.45.67 with SMTP id uj3csp419576vcb;
 Wed, 10 Sep 2014 04:04:57 -0700 (PDT)
X-Received: by 10.140.109.75 with SMTP id k69mr26870190qgf.96.1410347097709; 
 Wed, 10 Sep 2014 04:04:57 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 la1si18310680qcb.46.2014.09.10.04.04.57 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Wed, 10 Sep 2014 04:04:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:55168 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1XRfho-0006Rb-Vm
 for patch@linaro.org; Wed, 10 Sep 2014 07:04:57 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39497)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <ard.biesheuvel@linaro.org>) id 1XRfdF-00077J-Ht
 for qemu-devel@nongnu.org; Wed, 10 Sep 2014 07:00:19 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ard.biesheuvel@linaro.org>) id 1XRfd5-00037w-Er
 for qemu-devel@nongnu.org; Wed, 10 Sep 2014 07:00:13 -0400
Received: from mail-wg0-f49.google.com ([74.125.82.49]:36813)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <ard.biesheuvel@linaro.org>) id 1XRfd5-00036u-9m
 for qemu-devel@nongnu.org; Wed, 10 Sep 2014 07:00:03 -0400
Received: by mail-wg0-f49.google.com with SMTP id m15so4377865wgh.32
 for <qemu-devel@nongnu.org>; Wed, 10 Sep 2014 04:00:02 -0700 (PDT)
X-Received: by 10.180.149.244 with SMTP id ud20mr35762491wib.55.1410346802511; 
 Wed, 10 Sep 2014 04:00:02 -0700 (PDT)
Received: from ards-macbook-pro.local (cag06-7-83-153-85-71.fbx.proxad.net.
 [83.153.85.71]) by mx.google.com with ESMTPSA id
 wr10sm18127240wjc.10.2014.09.10.04.00.01 for <multiple recipients>
 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 10 Sep 2014 04:00:01 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: peter.maydell@linaro.org,
	qemu-devel@nongnu.org
Date: Wed, 10 Sep 2014 12:59:48 +0200
Message-Id: <1410346790-31743-3-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 1.8.3.2
In-Reply-To: <1410346790-31743-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1410346790-31743-1-git-send-email-ard.biesheuvel@linaro.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-Received-From: 74.125.82.49
Cc: christoffer.dall@linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [Qemu-devel] [PATCH v2 2/4] hw/arm/boot: pass an address limit to
 and return size from load_dtb()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: ard.biesheuvel@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.181 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

Add an address limit input parameter to load_dtb() so that we can
tell it how much memory the dtb is allowed to consume. If the dtb
doesn't fit, return 0, otherwise return the actual size of the
loaded dtb, or -1 on error.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 hw/arm/boot.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 50eca931e1a4..014fab347b09 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -312,7 +312,8 @@ static void set_kernel_args_old(const struct arm_boot_info *info)
     }
 }
 
-static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo)
+static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
+                    hwaddr addr_limit)
 {
     void *fdt = NULL;
     int size, rc;
@@ -341,6 +342,15 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo)
         }
     }
 
+    if (addr_limit > addr && size > (addr_limit - addr)) {
+        /* We have been given a non-zero address limit and we have exceeded
+         * it. Whether this is constitues a failure is up to the caller to
+         * decide, so just return 0 as size, i.e., no error.
+         */
+        g_free(fdt);
+        return 0;
+    }
+
     acells = qemu_fdt_getprop_cell(fdt, "/", "#address-cells");
     scells = qemu_fdt_getprop_cell(fdt, "/", "#size-cells");
     if (acells == 0 || scells == 0) {
@@ -403,7 +413,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo)
 
     g_free(fdt);
 
-    return 0;
+    return size;
 
 fail:
     g_free(fdt);
@@ -572,7 +582,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
              */
             hwaddr dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size,
                                              4096);
-            if (load_dtb(dtb_start, info)) {
+            if (load_dtb(dtb_start, info, 0) < 0) {
                 exit(1);
             }
             fixupcontext[FIXUP_ARGPTR] = dtb_start;