Author: nwhitehorn
Date: Mon Nov 9 14:26:23 2009
New Revision: 199084
URL: http://svn.freebsd.org/changeset/base/199084
Log:
Increase the size of the OFW translations buffer to handle G5 systems
that use many translation regions in firmware, and add bounds checking
to prevent buffer overflows in case even the new value is exceeded.
Reported by: Jacob Lambert
MFC after: 3 days
Modified:
head/sys/powerpc/aim/mmu_oea64.c
Modified: head/sys/powerpc/aim/mmu_oea64.c
==============================================================================
--- head/sys/powerpc/aim/mmu_oea64.c Mon Nov 9 12:46:59 2009
(r199083)
+++ head/sys/powerpc/aim/mmu_oea64.c Mon Nov 9 14:26:23 2009
(r199084)
@@ -264,7 +264,7 @@ static struct mem_region *pregions;
extern u_int phys_avail_count;
extern int regions_sz, pregions_sz;
extern int ofw_real_mode;
-static struct ofw_map translations[64];
+static struct ofw_map translations[96];
extern struct pmap ofw_pmap;
@@ -897,6 +897,9 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_o
panic("moea64_bootstrap: can't get mmu package");
if ((sz = OF_getproplen(mmu, "translations")) == -1)
panic("moea64_bootstrap: can't get ofw translation count");
+ if (size > sizeof(translations))
+ panic("moea64_bootstrap: too many ofw translations (%d)",
+ sz/sizeof(*translations));
bzero(translations, sz);
if (OF_getprop(mmu, "translations", translations, sz) == -1)
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
