spapr: sanity check size of the CAS buffer

The CAS buffer is provided by SLOF. A broken SLOF could pass a silly size: either smaller than the diff header, in which case the current code will try to allocate 16 Exabytes of memory and g_malloc0() will abort, or bigger than the maximum memory provisioned for SLOF (ie, 40 Megabytes), which doesn't make sense. Both cases indicate that SLOF has a bug. Let's print out an explicit error message and exit since rebooting as we do with other errors would only result in a reset loop. Signed-off-by: Greg Kurz <groug@kaod.org> [dwg: Fix format specifier that broke 32-bit builds] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-10-04 11:02:31 +02:00 · 2017-10-04 11:02:31 +02:00 · 827b17c468
parent dc1b5eee86
commit 827b17c468
1 changed files with 7 additions and 0 deletions
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@ -819,6 +819,13 @@ int spapr_h_cas_compose_response(sPAPRMachineState *spapr,
        return 1;
    }

+    if (size < sizeof(hdr) || size > FW_MAX_SIZE) {
+        error_report("SLOF provided an unexpected CAS buffer size "
+                     TARGET_FMT_lu " (min: %zu, max: %u)",
+                     size, sizeof(hdr), FW_MAX_SIZE);
+        exit(EXIT_FAILURE);
+    }
+
    size -= sizeof(hdr);

    /* Create skeleton */