[PATCH] habv4: Fix parsing of unresonable events.

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

* [PATCH] habv4: Fix parsing of unresonable events.
@ 2023-12-18 20:25 Christian Melki
  2024-01-02 11:46 ` Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2023-12-18 20:25 UTC (permalink / raw)
  To: barebox

An unknown root cause made data look like events (0xdb)
with very long event lengths. This was causing
very long printouts of bogus stuff in the console.

While the root cause needs to be found and fixed,
there is no need of parsing events with abnormal lengths.
Also stop parsing if length exceeds the end of scope.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 drivers/hab/habv4.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index f74de009fc..1a55a3e448 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -203,6 +203,8 @@ static uint32_t hab_sip_get_version(void)
 	return (uint32_t)res.a0;
 }
 
+#define HABV4_EVENT_MAX_LEN		0x80
+
 #define IMX8MQ_ROM_OCRAM_ADDRESS	0x9061C0
 #define IMX8MM_ROM_OCRAM_ADDRESS	0x908040
 #define IMX8MN_ROM_OCRAM_ADDRESS	0x908040
@@ -217,6 +219,7 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
 	char *sram;
 	int i = 0;
 	int internal_index = 0;
+	uint16_t ev_len;
 	char *end = 0;
 	struct hab_event_record *search;
 
@@ -236,13 +239,21 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
 	 * recommends the address and size, however errors are usually contained
 	 * within the first bytes. Scan only the first few bytes to rule out
 	 * lots of false positives.
+	 * The max event length is just a sanity check.
 	 */
-	end = sram +  0x1a0;
+	end = sram + 0x1a0;
 
 	while (sram < end) {
 		if (*sram == 0xdb) {
 			search = (void *)sram;
-			sram = sram + be16_to_cpu(search->hdr.len);
+			ev_len = be16_to_cpu(search->hdr.len);
+			if (ev_len > HABV4_EVENT_MAX_LEN) {
+				break;
+			}
+			sram += ev_len;
+			if (sram > end) {
+				break;
+			}
 			events[num_events] = search;
 			num_events++;
 		} else {
-- 
2.34.1




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] habv4: Fix parsing of unresonable events.
  2023-12-18 20:25 [PATCH] habv4: Fix parsing of unresonable events Christian Melki
@ 2024-01-02 11:46 ` Sascha Hauer
  0 siblings, 0 replies; 2+ messages in thread
From: Sascha Hauer @ 2024-01-02 11:46 UTC (permalink / raw)
  To: Christian Melki; +Cc: barebox

On Mon, Dec 18, 2023 at 09:25:44PM +0100, Christian Melki wrote:
> An unknown root cause made data look like events (0xdb)
> with very long event lengths. This was causing
> very long printouts of bogus stuff in the console.
> 
> While the root cause needs to be found and fixed,
> there is no need of parsing events with abnormal lengths.
> Also stop parsing if length exceeds the end of scope.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
>  drivers/hab/habv4.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)

Applied, thanks

Sascha

> 
> diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
> index f74de009fc..1a55a3e448 100644
> --- a/drivers/hab/habv4.c
> +++ b/drivers/hab/habv4.c
> @@ -203,6 +203,8 @@ static uint32_t hab_sip_get_version(void)
>  	return (uint32_t)res.a0;
>  }
>  
> +#define HABV4_EVENT_MAX_LEN		0x80
> +
>  #define IMX8MQ_ROM_OCRAM_ADDRESS	0x9061C0
>  #define IMX8MM_ROM_OCRAM_ADDRESS	0x908040
>  #define IMX8MN_ROM_OCRAM_ADDRESS	0x908040
> @@ -217,6 +219,7 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
>  	char *sram;
>  	int i = 0;
>  	int internal_index = 0;
> +	uint16_t ev_len;
>  	char *end = 0;
>  	struct hab_event_record *search;
>  
> @@ -236,13 +239,21 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
>  	 * recommends the address and size, however errors are usually contained
>  	 * within the first bytes. Scan only the first few bytes to rule out
>  	 * lots of false positives.
> +	 * The max event length is just a sanity check.
>  	 */
> -	end = sram +  0x1a0;
> +	end = sram + 0x1a0;
>  
>  	while (sram < end) {
>  		if (*sram == 0xdb) {
>  			search = (void *)sram;
> -			sram = sram + be16_to_cpu(search->hdr.len);
> +			ev_len = be16_to_cpu(search->hdr.len);
> +			if (ev_len > HABV4_EVENT_MAX_LEN) {
> +				break;
> +			}
> +			sram += ev_len;
> +			if (sram > end) {
> +				break;
> +			}
>  			events[num_events] = search;
>  			num_events++;
>  		} else {
> -- 
> 2.34.1
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-01-02 11:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-18 20:25 [PATCH] habv4: Fix parsing of unresonable events Christian Melki
2024-01-02 11:46 ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox