[Skiboot] [PATCH 02/14] hdat: Parse hostboot memory reservations from HDAT

Fri Jan 13 14:41:26 AEDT 2017

On Fri, Jan 13, 2017 at 1:49 PM, Balbir Singh <bsingharora at gmail.com> wrote:
> On Thu, Jan 12, 2017 at 02:54:01PM +1100, Oliver O'Halloran wrote:
>> From: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
>>
>> +#define HRMOR_BIT (1ul << 63)
>> +
>> +static void get_hb_reserved_mem(struct HDIF_common_hdr *ms_vpd)
>> +{
>> +     const struct msvpd_hb_reserved_mem *hb_resv_mem;
>> +     u64 start_addr, end_addr, label_size;
>> +     int unnamed = 0, count, i;
>> +     char label[65];
>
> I presume this includes the NULL terminator, the HDAT structure is
> of size 64, but it also has a size field, so its not NULL terminated?

The spec doesn't say. Even if the 64 is supposed to include a
terminator I think being paranoid is a good idea here. Especially
since stewart is known to run AFL against the hdat parser...

>
>> +
>> +     /*
>> +      * XXX: Reservation names only exist on P9 and on P7/8 we get the
>> +      *      reserved ranges through the hostboot mini-FDT instead.
>> +      */
>> +     if (proc_gen < proc_gen_p9)
>> +             return;
>> +
>> +     count = HDIF_get_iarray_size(ms_vpd, MSVPD_IDATA_HB_RESERVED_MEM);
>> +     if (count <= 0) {
>> +             prerror("MS VPD: No hostboot reserved memory found\n");
>> +             return;
>> +     }
>> +
>> +     for (i = 0; i < count; i++) {
>> +             hb_resv_mem = HDIF_get_iarray_item(ms_vpd,
>> +                                                MSVPD_IDATA_HB_RESERVED_MEM,
>> +                                                i, NULL);
>> +             if (!CHECK_SPPTR(hb_resv_mem))
>> +                     continue;
>> +
>> +             label_size = be32_to_cpu(hb_resv_mem->label_size);
>> +             start_addr = be64_to_cpu(hb_resv_mem->start_addr);
>> +             end_addr = be64_to_cpu(hb_resv_mem->end_addr);
>> +
>> +             /* remove the HRMOR bypass bit */
>> +             start_addr &= ~HRMOR_BIT;
>> +             end_addr &= ~HRMOR_BIT;
>> +
>> +             if (label_size > 64)
>> +                     label_size = 64;
>> +
>> +             memcpy(label, hb_resv_mem->label, label_size);
>> +             label[label_size] = '\0';
>> +
>> +             if (strlen(label) == 0)
>> +                     snprintf(label, 64, "hostboot-reserve-%d", unnamed++);
>> +
>
> 64 including NULL terminator?
>
> Balbir Singh.