* [PATCH master 1/2] hab: habv4: use explicitly unsigned types for pointers into SRAM
@ 2024-01-11 12:12 Ahmad Fatoum
  2024-01-11 12:12 ` [PATCH master 2/2] hab: habv4: warn if more than 10 HAB events are found Ahmad Fatoum
  0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2024-01-11 12:12 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum
char is generally unsigned on ARM, but we shouldn't rely on that. HAB
code does though and compare a char against 0xdb, which would never
succeed if chars were signed. Switch to an explicitly unsigned type to
fix this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 drivers/hab/habv4.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index 974158fd0c01..4db1e7cc0f3a 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -216,11 +216,11 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
 {
 	struct hab_event_record *events[10];
 	int num_events = 0;
-	char *sram;
+	u8 *sram;
 	int i = 0;
 	int internal_index = 0;
 	uint16_t ev_len;
-	char *end = 0;
+	u8 *end = 0;
 	struct hab_event_record *search;
 
 	if (cpu_is_mx8mq())
-- 
2.39.2
^ permalink raw reply	[flat|nested] 2+ messages in thread
* [PATCH master 2/2] hab: habv4: warn if more than 10 HAB events are found
  2024-01-11 12:12 [PATCH master 1/2] hab: habv4: use explicitly unsigned types for pointers into SRAM Ahmad Fatoum
@ 2024-01-11 12:12 ` Ahmad Fatoum
  0 siblings, 0 replies; 2+ messages in thread
From: Ahmad Fatoum @ 2024-01-11 12:12 UTC (permalink / raw)
  To: barebox; +Cc: Christian Melki, Ahmad Fatoum
The function has space for up to 10 HAB events. On the off-chance that
there are more found, it will scribble them over stack memory.
Fix this by only collecting up to 10 events and printing a warning if
that's exceeded. Once we have reports that this issue manifests, we can
consider extending the array or dynamically allocating it.
Reported-by: Christian Melki <christian.melki@t2data.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 drivers/hab/habv4.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index 4db1e7cc0f3a..66caa875835d 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -255,7 +255,10 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
 				break;
 
 			events[num_events] = search;
-			num_events++;
+			if (num_events < ARRAY_SIZE(events))
+				num_events++;
+			else
+				pr_warn("Discarding excess event\n");
 		} else {
 			sram++;
 		}
-- 
2.39.2
^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-01-11 12:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-11 12:12 [PATCH master 1/2] hab: habv4: use explicitly unsigned types for pointers into SRAM Ahmad Fatoum
2024-01-11 12:12 ` [PATCH master 2/2] hab: habv4: warn if more than 10 HAB events are found Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox