Commit 2c10636a authored by Nathan Fontenot's avatar Nathan Fontenot Committed by Michael Ellerman

powerpc/pseries: Check for zero filled ibm,dynamic-memory property

Some versions of QEMU will produce an ibm,dynamic-reconfiguration-memory
node with a ibm,dynamic-memory property that is zero-filled. This
causes the drmem code to oops trying to parse this property.

The fix for this is to validate that the property does contain LMB
entries before trying to parse it and bail if the count is zero.

  Oops: Kernel access of bad area, sig: 11 [#1]
  DAR: 0000000000000010
  NIP read_drconf_v1_cell+0x54/0x9c
  LR  read_drconf_v1_cell+0x48/0x9c
  Call Trace:
    __param_initcall_debug+0x0/0x28 (unreliable)
    drmem_init+0x144/0x2f8
    do_one_initcall+0x64/0x1d0
    kernel_init_freeable+0x298/0x38c
    kernel_init+0x24/0x160
    ret_from_kernel_thread+0x5c/0xb4

The ibm,dynamic-reconfiguration-memory device tree property generated
that causes this:

  ibm,dynamic-reconfiguration-memory {
          ibm,lmb-size = <0x0 0x10000000>;
          ibm,memory-flags-mask = <0xff>;
          ibm,dynamic-memory = <0x0 0x0 0x0 0x0 0x0 0x0>;
          linux,phandle = <0x7e57eed8>;
          ibm,associativity-lookup-arrays = <0x1 0x4 0x0 0x0 0x0 0x0>;
          ibm,memory-preservation-time = <0x0>;
  };
Signed-off-by: default avatarNathan Fontenot <nfont@linux.vnet.ibm.com>
Reviewed-by: default avatarCyril Bur <cyrilbur@gmail.com>
Tested-by: default avatarDaniel Black <daniel@linux.vnet.ibm.com>
[mpe: Trim oops report]
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent c1e150ce
...@@ -216,6 +216,8 @@ static void __init __walk_drmem_v1_lmbs(const __be32 *prop, const __be32 *usm, ...@@ -216,6 +216,8 @@ static void __init __walk_drmem_v1_lmbs(const __be32 *prop, const __be32 *usm,
u32 i, n_lmbs; u32 i, n_lmbs;
n_lmbs = of_read_number(prop++, 1); n_lmbs = of_read_number(prop++, 1);
if (n_lmbs == 0)
return;
for (i = 0; i < n_lmbs; i++) { for (i = 0; i < n_lmbs; i++) {
read_drconf_v1_cell(&lmb, &prop); read_drconf_v1_cell(&lmb, &prop);
...@@ -245,6 +247,8 @@ static void __init __walk_drmem_v2_lmbs(const __be32 *prop, const __be32 *usm, ...@@ -245,6 +247,8 @@ static void __init __walk_drmem_v2_lmbs(const __be32 *prop, const __be32 *usm,
u32 i, j, lmb_sets; u32 i, j, lmb_sets;
lmb_sets = of_read_number(prop++, 1); lmb_sets = of_read_number(prop++, 1);
if (lmb_sets == 0)
return;
for (i = 0; i < lmb_sets; i++) { for (i = 0; i < lmb_sets; i++) {
read_drconf_v2_cell(&dr_cell, &prop); read_drconf_v2_cell(&dr_cell, &prop);
...@@ -354,6 +358,8 @@ static void __init init_drmem_v1_lmbs(const __be32 *prop) ...@@ -354,6 +358,8 @@ static void __init init_drmem_v1_lmbs(const __be32 *prop)
struct drmem_lmb *lmb; struct drmem_lmb *lmb;
drmem_info->n_lmbs = of_read_number(prop++, 1); drmem_info->n_lmbs = of_read_number(prop++, 1);
if (drmem_info->n_lmbs == 0)
return;
drmem_info->lmbs = kcalloc(drmem_info->n_lmbs, sizeof(*lmb), drmem_info->lmbs = kcalloc(drmem_info->n_lmbs, sizeof(*lmb),
GFP_KERNEL); GFP_KERNEL);
...@@ -373,6 +379,8 @@ static void __init init_drmem_v2_lmbs(const __be32 *prop) ...@@ -373,6 +379,8 @@ static void __init init_drmem_v2_lmbs(const __be32 *prop)
int lmb_index; int lmb_index;
lmb_sets = of_read_number(prop++, 1); lmb_sets = of_read_number(prop++, 1);
if (lmb_sets == 0)
return;
/* first pass, calculate the number of LMBs */ /* first pass, calculate the number of LMBs */
p = prop; p = prop;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment