diff options
| author | Balbir Singh <bsingharora@gmail.com> | 2016-08-10 12:07:50 +1000 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2016-08-17 13:27:55 +1000 |
| commit | 5c4bfc63a0e6ae9d3bb6f6e1bfaa9443c847998a (patch) | |
| tree | b4c8bf2094f65733d57ad0c2e104a0b5441dab37 /core/opal-msg.c | |
| parent | 683c50e27319d432176931bebb5aa172606783ac (diff) | |
| download | blackbird-skiboot-5c4bfc63a0e6ae9d3bb6f6e1bfaa9443c847998a.tar.gz blackbird-skiboot-5c4bfc63a0e6ae9d3bb6f6e1bfaa9443c847998a.zip | |
Use additional checks in skiboot for pointers
The checks validate pointers sent in using
opal_addr_valid() in opal_call API's provided
via the console, cpu, fdt, flash, i2c, interrupts,
nvram, opal-msg, opal, opal-pci, xscom and
cec modules
Signed-off-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'core/opal-msg.c')
| -rw-r--r-- | core/opal-msg.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/opal-msg.c b/core/opal-msg.c index 4a7cddb1..19714670 100644 --- a/core/opal-msg.c +++ b/core/opal-msg.c @@ -81,6 +81,9 @@ static int64_t opal_get_msg(uint64_t *buffer, uint64_t size) if (size < sizeof(struct opal_msg) || !buffer) return OPAL_PARAMETER; + if (!opal_addr_valid(buffer)) + return OPAL_PARAMETER; + lock(&opal_msg_lock); entry = list_pop(&msg_pending_list, struct opal_msg_entry, link); @@ -114,6 +117,9 @@ static int64_t opal_check_completion(uint64_t *buffer, uint64_t size, int rc = OPAL_BUSY; void *data = NULL; + if (!opal_addr_valid(buffer)) + return OPAL_PARAMETER; + lock(&opal_msg_lock); list_for_each_safe(&msg_pending_list, entry, next_entry, link) { if (entry->msg.msg_type == OPAL_MSG_ASYNC_COMP && |
