From owner-svn-src-stable-8@FreeBSD.ORG  Mon Nov  9 21:30:45 2009
Return-Path: <owner-svn-src-stable-8@FreeBSD.ORG>
Delivered-To: svn-src-stable-8@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7696E1065670;
	Mon,  9 Nov 2009 21:30:45 +0000 (UTC)
	(envelope-from nwhitehorn@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 64A878FC14;
	Mon,  9 Nov 2009 21:30:45 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nA9LUjAl034978;
	Mon, 9 Nov 2009 21:30:45 GMT
	(envelope-from nwhitehorn@svn.freebsd.org)
Received: (from nwhitehorn@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id nA9LUjHC034976;
	Mon, 9 Nov 2009 21:30:45 GMT
	(envelope-from nwhitehorn@svn.freebsd.org)
Message-Id: <200911092130.nA9LUjHC034976@svn.freebsd.org>
From: Nathan Whitehorn <nwhitehorn@FreeBSD.org>
Date: Mon, 9 Nov 2009 21:30:45 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r199110 - stable/8/sys/powerpc/aim
X-BeenThere: svn-src-stable-8@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 8-stable src tree
	<svn-src-stable-8.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-8>
List-Post: <mailto:svn-src-stable-8@freebsd.org>
List-Help: <mailto:svn-src-stable-8-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 21:30:45 -0000

Author: nwhitehorn
Date: Mon Nov  9 21:30:45 2009
New Revision: 199110
URL: http://svn.freebsd.org/changeset/base/199110

Log:
  Insta-MFC of r199084,199108:
     Increase the size of the OFW translations buffer to handle G5 systems
     that use many translation regions in firmware, and add bounds checking
     to prevent buffer overflows in case even the new value is exceeded.
  
  Short MFC requested by re since the problem this fixes breaks CD boot on
  most G5 systems, making them uninstallable.
  
  Reported by:	Jacob Lambert
  Approved by:	re (kensmith,kib)
  Requested by:	re

Modified:
  stable/8/sys/powerpc/aim/mmu_oea64.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)

Modified: stable/8/sys/powerpc/aim/mmu_oea64.c
==============================================================================
--- stable/8/sys/powerpc/aim/mmu_oea64.c	Mon Nov  9 21:28:07 2009	(r199109)
+++ stable/8/sys/powerpc/aim/mmu_oea64.c	Mon Nov  9 21:30:45 2009	(r199110)
@@ -270,7 +270,7 @@ static struct	mem_region *pregions;
 extern u_int	phys_avail_count;
 extern int	regions_sz, pregions_sz;
 extern int	ofw_real_mode;
-static struct	ofw_map translations[64];
+static struct	ofw_map translations[96];
 
 extern struct pmap ofw_pmap;
 
@@ -896,6 +896,9 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_o
 		panic("moea64_bootstrap: can't get mmu package");
 	    if ((sz = OF_getproplen(mmu, "translations")) == -1)
 		panic("moea64_bootstrap: can't get ofw translation count");
+	    if (sz > sizeof(translations))
+		panic("moea64_bootstrap: too many ofw translations (%d)",
+		      sz/sizeof(*translations));
 
 	    bzero(translations, sz);
 	    if (OF_getprop(mmu, "translations", translations, sz) == -1)