forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc 
 kernel/drivers/firmware/iscsi_ibft.c
....@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
12 /*
23  *  Copyright 2007-2010 Red Hat, Inc.
34  *  by Peter Jones <pjones@redhat.com>
....@@ -7,15 +8,6 @@
78  *  by Konrad Rzeszutek <ketuzsezr@darnok.org>
89  *
910  * This code exposes the iSCSI Boot Format Table to userland via sysfs.
10
- *
11
- * This program is free software; you can redistribute it and/or modify
12
- * it under the terms of the GNU General Public License v2.0 as published by
13
- * the Free Software Foundation
14
- *
15
- * This program is distributed in the hope that it will be useful,
16
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
17
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
- * GNU General Public License for more details.
1911  *
2012  * Changelog:
2113  *
....@@ -63,7 +55,6 @@
6355  *
6456  *  27 Aug 2007 - Konrad Rzeszutek <konradr@linux.vnet.ibm.com>
6557  *   First version exposing iBFT data via a binary /sysfs. (v0.1)
66
- *
6758  */
6859 
6960 
....@@ -113,6 +104,7 @@
113104 	u16 tgt0_off;
114105 	u16 nic1_off;
115106 	u16 tgt1_off;
107
+	u16 expansion[];
116108 } __attribute__((__packed__));
117109 
118110 struct ibft_initiator {
....@@ -244,7 +236,7 @@
244236 				"found %d instead!\n", t, id, hdr->id);
245237 		return -ENODEV;
246238 	}
247
-	if (hdr->length != length) {
239
+	if (length && hdr->length != length) {
248240 		printk(KERN_ERR "iBFT error: We expected the %s " \
249241 				"field header.length to have %d but " \
250242 				"found %d instead!\n", t, length, hdr->length);
....@@ -429,7 +421,7 @@
429421 
430422 	switch (type) {
431423 	case ISCSI_BOOT_ACPITBL_SIGNATURE:
432
-		str += sprintf_string(str, ACPI_NAME_SIZE,
424
+		str += sprintf_string(str, ACPI_NAMESEG_SIZE,
433425 				      entry->header->header.signature);
434426 		break;
435427 	case ISCSI_BOOT_ACPITBL_OEM_ID:
....@@ -758,16 +750,16 @@
758750 	control = (void *)header + sizeof(*header);
759751 	end = (void *)control + control->hdr.length;
760752 	eot_offset = (void *)header + header->header.length - (void *)control;
761
-	rc = ibft_verify_hdr("control", (struct ibft_hdr *)control, id_control,
762
-			     sizeof(*control));
753
+	rc = ibft_verify_hdr("control", (struct ibft_hdr *)control, id_control, 0);
763754 
764755 	/* iBFT table safety checking */
765756 	rc |= ((control->hdr.index) ? -ENODEV : 0);
757
+	rc |= ((control->hdr.length < sizeof(*control)) ? -ENODEV : 0);
766758 	if (rc) {
767759 		printk(KERN_ERR "iBFT error: Control header is invalid!\n");
768760 		return rc;
769761 	}
770
-	for (ptr = &control->initiator_off; ptr < end; ptr += sizeof(u16)) {
762
+	for (ptr = &control->initiator_off; ptr + sizeof(u16) <= end; ptr += sizeof(u16)) {
771763 		offset = *(u16 *)ptr;
772764 		if (offset && offset < header->header.length &&
773765 						offset < eot_offset) {