spapr: sanity check size of the CAS buffer

The CAS buffer is provided by SLOF. A broken SLOF could pass a silly
size: either smaller than the diff header, in which case the current
code will try to allocate 16 Exabytes of memory and g_malloc0() will
abort, or bigger than the maximum memory provisioned for SLOF (ie,
40 Megabytes), which doesn't make sense. Both cases indicate that
SLOF has a bug.

Let's print out an explicit error message and exit since rebooting as
we do with other errors would only result in a reset loop.

Signed-off-by: Greg Kurz <groug@kaod.org>
[dwg: Fix format specifier that broke 32-bit builds]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
Greg Kurz 2017-10-04 11:02:31 +02:00 committed by David Gibson
parent dc1b5eee86
commit 827b17c468

View File

@ -819,6 +819,13 @@ int spapr_h_cas_compose_response(sPAPRMachineState *spapr,
return 1;
}
if (size < sizeof(hdr) || size > FW_MAX_SIZE) {
error_report("SLOF provided an unexpected CAS buffer size "
TARGET_FMT_lu " (min: %zu, max: %u)",
size, sizeof(hdr), FW_MAX_SIZE);
exit(EXIT_FAILURE);
}
size -= sizeof(hdr);
/* Create skeleton */