diff options
authorNathan Whitehorn <nwhitehorn@FreeBSD.org>2009-11-09 21:54:34 +0000
committerNathan Whitehorn <nwhitehorn@FreeBSD.org>2009-11-09 21:54:34 +0000
commitfaf2e10bc01c4f43c5bfd777087046be3246c3ac (patch)
parent65a1fd769a3ac665cf9e489ef70c575d6e2a4946 (diff)
Insta-MFC of r199084,199108:
Increase the size of the OFW translations buffer to handle G5 systems that use many translation regions in firmware, and add bounds checking to prevent buffer overflows in case even the new value is exceeded. Short MFC requested by re since the problem this fixes broken CD boot on most G5 systems, making them uninstallable. Reported by: Jacob Lambert Approved by: re (kib) Reviewed by: grehan, marcel Requested by: re
Notes: svn path=/releng/8.0/; revision=199113
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/powerpc/aim/mmu_oea64.c b/sys/powerpc/aim/mmu_oea64.c
index 4dad3dc7561a..b8147cb06e72 100644
--- a/sys/powerpc/aim/mmu_oea64.c
+++ b/sys/powerpc/aim/mmu_oea64.c
@@ -270,7 +270,7 @@ static struct mem_region *pregions;
extern u_int phys_avail_count;
extern int regions_sz, pregions_sz;
extern int ofw_real_mode;
-static struct ofw_map translations[64];
+static struct ofw_map translations[96];
extern struct pmap ofw_pmap;
@@ -896,6 +896,9 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_offset_t kernelstart, vm_offset_t kernele
panic("moea64_bootstrap: can't get mmu package");
if ((sz = OF_getproplen(mmu, "translations")) == -1)
panic("moea64_bootstrap: can't get ofw translation count");
+ if (sz > sizeof(translations))
+ panic("moea64_bootstrap: too many ofw translations (%d)",
+ sz/sizeof(*translations));
bzero(translations, sz);
if (OF_getprop(mmu, "translations", translations, sz) == -1)