Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 9 Nov 2009 21:54:34 +0000 (UTC)
From:      Nathan Whitehorn <nwhitehorn@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject:   svn commit: r199113 - releng/8.0/sys/powerpc/aim
Message-ID:  <200911092154.nA9LsYPS036067@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: nwhitehorn
Date: Mon Nov  9 21:54:34 2009
New Revision: 199113
URL: http://svn.freebsd.org/changeset/base/199113

Log:
  Insta-MFC of r199084,199108:
      Increase the size of the OFW translations buffer to handle G5 systems
      that use many translation regions in firmware, and add bounds checking
      to prevent buffer overflows in case even the new value is exceeded.
  
  Short MFC requested by re since the problem this fixes broken CD boot on
  most G5 systems, making them uninstallable.
  
  Reported by:	Jacob Lambert
  Approved by:	re (kib)
  Reviewed by:	grehan, marcel
  Requested by:	re

Modified:
  releng/8.0/sys/powerpc/aim/mmu_oea64.c
Directory Properties:
  releng/8.0/sys/   (props changed)
  releng/8.0/sys/amd64/include/xen/   (props changed)
  releng/8.0/sys/cddl/contrib/opensolaris/   (props changed)
  releng/8.0/sys/contrib/dev/acpica/   (props changed)
  releng/8.0/sys/contrib/pf/   (props changed)
  releng/8.0/sys/dev/xen/xenpci/   (props changed)

Modified: releng/8.0/sys/powerpc/aim/mmu_oea64.c
==============================================================================
--- releng/8.0/sys/powerpc/aim/mmu_oea64.c	Mon Nov  9 21:39:42 2009	(r199112)
+++ releng/8.0/sys/powerpc/aim/mmu_oea64.c	Mon Nov  9 21:54:34 2009	(r199113)
@@ -270,7 +270,7 @@ static struct	mem_region *pregions;
 extern u_int	phys_avail_count;
 extern int	regions_sz, pregions_sz;
 extern int	ofw_real_mode;
-static struct	ofw_map translations[64];
+static struct	ofw_map translations[96];
 
 extern struct pmap ofw_pmap;
 
@@ -896,6 +896,9 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_o
 		panic("moea64_bootstrap: can't get mmu package");
 	    if ((sz = OF_getproplen(mmu, "translations")) == -1)
 		panic("moea64_bootstrap: can't get ofw translation count");
+	    if (sz > sizeof(translations))
+		panic("moea64_bootstrap: too many ofw translations (%d)",
+		      sz/sizeof(*translations));
 
 	    bzero(translations, sz);
 	    if (OF_getprop(mmu, "translations", translations, sz) == -1)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911092154.nA9LsYPS036067>