|
|
@@ -0,0 +1,38 @@
|
|
|
+From e813f48461b8011244b3e7dfe118cf94fd595f0d Mon Sep 17 00:00:00 2001
|
|
|
+From: Markus Stockhausen <[email protected]>
|
|
|
+Date: Sun, 25 Aug 2024 13:09:48 -0400
|
|
|
+Subject: [PATCH] realtek: harden fw_init_cmdline()
|
|
|
+MIME-Version: 1.0
|
|
|
+Content-Type: text/plain; charset=UTF-8
|
|
|
+Content-Transfer-Encoding: 8bit
|
|
|
+
|
|
|
+Some devices (e.g. HP JG924A) hand over other than expected kernel boot
|
|
|
+arguments. Looking at these one can see:
|
|
|
+
|
|
|
+fw_init_cmdline: fw_arg0=00020000
|
|
|
+fw_init_cmdline: fw_arg1=00060000
|
|
|
+fw_init_cmdline: fw_arg2=fffdffff
|
|
|
+fw_init_cmdline: fw_arg3=0000416c
|
|
|
+
|
|
|
+Especially fw_arg2 should be the pointer to the environment and it looks
|
|
|
+very suspicous. It is not aligned and the address is outside KSEG0 and
|
|
|
+KSEG1. Booting the device will result in a hang. Do better at verifying
|
|
|
+the address.
|
|
|
+
|
|
|
+Signed-off-by: Bjørn Mork <[email protected]>
|
|
|
+Signed-off-by: Markus Stockhausen <[email protected]>
|
|
|
+---
|
|
|
+ arch/mips/fw/lib/cmdline.c | 2 +-
|
|
|
+ 1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
+
|
|
|
+--- a/arch/mips/fw/lib/cmdline.c
|
|
|
++++ b/arch/mips/fw/lib/cmdline.c
|
|
|
+@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void)
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Validate environment pointer. */
|
|
|
+- if (fw_arg2 < CKSEG0)
|
|
|
++ if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2)
|
|
|
+ _fw_envp = NULL;
|
|
|
+ else
|
|
|
+ _fw_envp = (int *)fw_arg2;
|
Markus Stockhausen