From: Nathan Fontenot Date: Wed, 24 Apr 2013 05:49:36 +0000 (+0000) Subject: powerpc/pseries: Correct buffer parsing in update_dt_node() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2e9b7b02a3bbe5070495bce7107ea3d1d8c3ef65;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git powerpc/pseries: Correct buffer parsing in update_dt_node() Correct parsing of the buffer returned from ibm,update-properties. The first element is a length and the path to the property which is slightly different from the list of properties in the buffer so we need to specifically handle this. Signed-off-by: Nathan Fontenot Signed-off-by: Benjamin Herrenschmidt --- diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c index 4c184ceb2450..3d01eee9ffb1 100644 --- a/arch/powerpc/platforms/pseries/mobility.c +++ b/arch/powerpc/platforms/pseries/mobility.c @@ -134,6 +134,7 @@ static int update_dt_node(u32 phandle, s32 scope) char *prop_data; char *rtas_buf; int update_properties_token; + u32 vd; update_properties_token = rtas_token("ibm,update-properties"); if (update_properties_token == RTAS_UNKNOWN_SERVICE) @@ -160,13 +161,24 @@ static int update_dt_node(u32 phandle, s32 scope) prop_data = rtas_buf + sizeof(*upwa); - for (i = 0; i < upwa->nprops; i++) { + /* The first element of the buffer is the path of the node + * being updated in the form of a 8 byte string length + * followed by the string. Skip past this to get to the + * properties being updated. + */ + vd = *prop_data++; + prop_data += vd; + + /* The path we skipped over is counted as one of the elements + * returned so start counting at one. + */ + for (i = 1; i < upwa->nprops; i++) { char *prop_name; - u32 vd; - prop_name = prop_data + 1; + prop_name = prop_data; prop_data += strlen(prop_name) + 1; - vd = *prop_data++; + vd = *(u32 *)prop_data; + prop_data += sizeof(vd); switch (vd) { case 0x00000000: