Fix for commit 60649d443dc395243e74d2b3e05594ac0c43cfe3
that introduces a null pointer dereference when the
fdt_node_offset_by_compatible is called with "fdt"
argument null.
Reported-by: Julien Grall <julien@xen.org>
Fixes: 60649d443d ("arm/efi: Introduce xen,uefi-cfg-load DT property")
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
---
xen/arch/arm/efi/efi-boot.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h
index a3e46453d4..e63dafac26 100644
--- a/xen/arch/arm/efi/efi-boot.h
+++ b/xen/arch/arm/efi/efi-boot.h
@@ -593,7 +593,8 @@ static bool __init efi_arch_use_config_file(EFI_SYSTEM_TABLE *SystemTable)
dtbfile.ptr = fdt;
dtbfile.need_to_free = false; /* Config table memory can't be freed. */
- if ( fdt_node_offset_by_compatible(fdt, 0, "multiboot,module") > 0 )
+ if ( fdt &&
+ (fdt_node_offset_by_compatible(fdt, 0, "multiboot,module") > 0) )
{
/* Locate chosen node */
int node = fdt_subnode_offset(fdt, 0, "chosen");
--
2.17.1
Hi Luca, > On 11 Oct 2021, at 08:56, Luca Fancellu <Luca.Fancellu@arm.com> wrote: > > Fix for commit 60649d443dc395243e74d2b3e05594ac0c43cfe3 > that introduces a null pointer dereference when the > fdt_node_offset_by_compatible is called with "fdt" > argument null. > > Reported-by: Julien Grall <julien@xen.org> > Fixes: 60649d443d ("arm/efi: Introduce xen,uefi-cfg-load DT property") > Signed-off-by: Luca Fancellu <luca.fancellu@arm.com> Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com> Cheers Bertrand > --- > xen/arch/arm/efi/efi-boot.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h > index a3e46453d4..e63dafac26 100644 > --- a/xen/arch/arm/efi/efi-boot.h > +++ b/xen/arch/arm/efi/efi-boot.h > @@ -593,7 +593,8 @@ static bool __init efi_arch_use_config_file(EFI_SYSTEM_TABLE *SystemTable) > dtbfile.ptr = fdt; > dtbfile.need_to_free = false; /* Config table memory can't be freed. */ > > - if ( fdt_node_offset_by_compatible(fdt, 0, "multiboot,module") > 0 ) > + if ( fdt && > + (fdt_node_offset_by_compatible(fdt, 0, "multiboot,module") > 0) ) > { > /* Locate chosen node */ > int node = fdt_subnode_offset(fdt, 0, "chosen"); > -- > 2.17.1 >
On Mon, 11 Oct 2021, Bertrand Marquis wrote: > Hi Luca, > > > On 11 Oct 2021, at 08:56, Luca Fancellu <Luca.Fancellu@arm.com> wrote: > > > > Fix for commit 60649d443dc395243e74d2b3e05594ac0c43cfe3 > > that introduces a null pointer dereference when the > > fdt_node_offset_by_compatible is called with "fdt" > > argument null. > > > > Reported-by: Julien Grall <julien@xen.org> > > Fixes: 60649d443d ("arm/efi: Introduce xen,uefi-cfg-load DT property") > > Signed-off-by: Luca Fancellu <luca.fancellu@arm.com> > Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > > --- > > xen/arch/arm/efi/efi-boot.h | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h > > index a3e46453d4..e63dafac26 100644 > > --- a/xen/arch/arm/efi/efi-boot.h > > +++ b/xen/arch/arm/efi/efi-boot.h > > @@ -593,7 +593,8 @@ static bool __init efi_arch_use_config_file(EFI_SYSTEM_TABLE *SystemTable) > > dtbfile.ptr = fdt; > > dtbfile.need_to_free = false; /* Config table memory can't be freed. */ > > > > - if ( fdt_node_offset_by_compatible(fdt, 0, "multiboot,module") > 0 ) > > + if ( fdt && > > + (fdt_node_offset_by_compatible(fdt, 0, "multiboot,module") > 0) ) > > { > > /* Locate chosen node */ > > int node = fdt_subnode_offset(fdt, 0, "chosen"); > > -- > > 2.17.1 > > >
© 2016 - 2024 Red Hat, Inc.