From owner-dev-commits-src-all@freebsd.org  Mon Mar  8 19:07:37 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 17A46553BB6;
 Mon,  8 Mar 2021 19:07:37 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DvSX71v1yz3KXv;
 Mon,  8 Mar 2021 19:07:35 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C8632658E;
 Mon,  8 Mar 2021 19:07:34 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 128J7YoX063149;
 Mon, 8 Mar 2021 19:07:34 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 128J7YHM063148;
 Mon, 8 Mar 2021 19:07:34 GMT (envelope-from git)
Date: Mon, 8 Mar 2021 19:07:34 GMT
Message-Id: <202103081907.128J7YHM063148@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Brandon Bergren <bdragon@FreeBSD.org>
Subject: git: 6d7145a2b053 - stable/12 - [PowerPC] Allow traversal of oversize
 OF properties.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bdragon
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 6d7145a2b053e65aaa7acc40a7573fc0aa76984a
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 19:07:37 -0000

The branch stable/12 has been updated by bdragon:

URL: https://cgit.FreeBSD.org/src/commit/?id=6d7145a2b053e65aaa7acc40a7573fc0aa76984a

commit 6d7145a2b053e65aaa7acc40a7573fc0aa76984a
Author:     Brandon Bergren <bdragon@FreeBSD.org>
AuthorDate: 2020-11-13 16:49:41 +0000
Commit:     Brandon Bergren <bdragon@FreeBSD.org>
CommitDate: 2021-03-08 19:02:52 +0000

    [PowerPC] Allow traversal of oversize OF properties.
    
    In standards such as LoPAPR, property names in excess of the usual 31
    characters exist.
    
    This breaks property traversal.
    
    While in IEEE 1275-1994, nextprop is defined explicitly to work with a
    32-byte region of memory, using a larger buffer should be fine. There is
    actually no way to pass a buffer length to the nextprop call in the OF
    client interface, so SLOF actually just blindly overflows the buffer.
    
    So we have to defensively make the buffer larger, to avoid memory
    corruption when reading out long properties on live OF systems.
    
    Note also that on real-mode OF, things are pretty tight because we are
    allocating against a static bounce buffer in low memory, so we can't just
    use a huge buffer to work around this without it being wasteful of our
    limited amount of 32-bit physical memory.
    
    This allows a patched ofwdump to operate properly on SLOF (i.e. pseries)
    systems, as well as any other PowerPC systems with overlength properties.
    
    Reviewed by:    jhibbits
    Sponsored by:   Tag1 Consulting, Inc.
    Differential Revision:  https://reviews.freebsd.org/D26669
    
    (cherry picked from commit 26869ad14c70306313405029229a1e2fd94510cd)
---
 sys/dev/ofw/openfirmio.c   | 15 +++++++++++++--
 sys/dev/ofw/openfirmio.h   | 14 ++++++++++++++
 usr.sbin/ofwdump/ofwdump.c |  2 +-
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/sys/dev/ofw/openfirmio.c b/sys/dev/ofw/openfirmio.c
index a6ee962b5c8f..ccd284e8bff7 100644
--- a/sys/dev/ofw/openfirmio.c
+++ b/sys/dev/ofw/openfirmio.c
@@ -115,7 +115,7 @@ openfirm_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flags,
 	phandle_t node;
 	int len, ok, error;
 	char *name, *value;
-	char newname[32];
+	char newname[OFIOCSUGGPROPNAMELEN];
 
 	if ((flags & FREAD) == 0)
 		return (EBADF);
@@ -223,8 +223,19 @@ openfirm_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flags,
 			break;
 		}
 		len = strlen(newname) + 1;
-		if (len > of->of_buflen)
+		if (len > of->of_buflen) {
+			/*
+			 * Passed buffer was insufficient.
+			 *
+			 * Instead of returning an error here, truncate the
+			 * property name to fit the buffer.
+			 *
+			 * This allows us to retain compatibility with old
+			 * tools which always pass a 32 character buffer.
+			 */
 			len = of->of_buflen;
+			newname[len - 1] = '\0';
+		}
 		else
 			of->of_buflen = len;
 		error = copyout(newname, of->of_buf, len);
diff --git a/sys/dev/ofw/openfirmio.h b/sys/dev/ofw/openfirmio.h
index 7ba7b907e892..e892c50c672a 100644
--- a/sys/dev/ofw/openfirmio.h
+++ b/sys/dev/ofw/openfirmio.h
@@ -76,4 +76,18 @@ struct ofiocdesc {
 /* Maximum accepted value length (maximum of nvramrc property). */
 #define	OFIOCMAXVALUE	8192
 
+/*
+ * While IEEE 1275-1994 states in 3.2.2.1.1 that property names are 1-31
+ * printable characters, in practice, this limit has been ignored.
+ * Noncompliant properties have been codified in standards such as LoPAPR.
+ *
+ * This is a suggested buffer length that should be large enough to hold
+ * any property name currently seen in device trees, without being overly
+ * wasteful of memory.
+ *
+ * If a future version of the Devicetree specification updates the property
+ * names length requirement, this value will be updated to match.
+ */
+#define	OFIOCSUGGPROPNAMELEN	64
+
 #endif /* _DEV_OFW_OPENFIRMIO_H_ */
diff --git a/usr.sbin/ofwdump/ofwdump.c b/usr.sbin/ofwdump/ofwdump.c
index 9a356f48d01b..6bca1ac839ab 100644
--- a/usr.sbin/ofwdump/ofwdump.c
+++ b/usr.sbin/ofwdump/ofwdump.c
@@ -144,7 +144,7 @@ static void
 ofw_dump_properties(int fd, phandle_t n, int level, int raw, int str)
 {
 	int nlen;
-	char prop[32];
+	char prop[OFIOCSUGGPROPNAMELEN];
 
 	for (nlen = ofw_firstprop(fd, n, prop, sizeof(prop)); nlen != 0;
 	     nlen = ofw_nextprop(fd, n, prop, prop, sizeof(prop)))