ia64/xen-unstable

changeset 17412:13cc6b2b8b61

hvmloader: Fix parsing Etherboot roms to avoid an infinite loop.

Signed-off-by: Yosuke Iwamatsu <y-iwamatsu@ab.jp.nec.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Apr 09 13:52:34 2008 +0100 (2008-04-09)
parents a8ce3e934abd
children 29389310884f
files tools/firmware/hvmloader/hvmloader.c
line diff
     1.1 --- a/tools/firmware/hvmloader/hvmloader.c	Wed Apr 09 13:35:44 2008 +0100
     1.2 +++ b/tools/firmware/hvmloader/hvmloader.c	Wed Apr 09 13:52:34 2008 +0100
     1.3 @@ -374,30 +374,31 @@ static int scan_etherboot_nic(void *copy
     1.4              /* Check the PCI PnP header (if any) for a match. */
     1.5              pcih = (struct option_rom_pci_header *)
     1.6                  ((char *)rom + rom->pci_header_offset);
     1.7 -            if ( (rom->pci_header_offset == 0) ||
     1.8 -                 strncmp(pcih->signature, "PCIR", 4) ||
     1.9 -                 (pcih->vendor_id != vendor_id) ||
    1.10 -                 (pcih->device_id != device_id) )
    1.11 -                continue;
    1.12 +            if ( (rom->pci_header_offset != 0) &&
    1.13 +                 !strncmp(pcih->signature, "PCIR", 4) &&
    1.14 +                 (pcih->vendor_id == vendor_id) &&
    1.15 +                 (pcih->device_id == device_id) )
    1.16 +                goto found;
    1.17  
    1.18 -            /* Find the PnP expansion header (if any). */
    1.19 -            pnph = ((rom->expansion_header_offset != 0)
    1.20 -                    ? ((struct option_rom_pnp_header *)
    1.21 -                       ((char *)rom + rom->expansion_header_offset))
    1.22 -                    : ((struct option_rom_pnp_header *)NULL));
    1.23 -            while ( (pnph != NULL) && strncmp(pnph->signature, "$PnP", 4) )
    1.24 -                pnph = ((pnph->next_header_offset != 0)
    1.25 -                        ? ((struct option_rom_pnp_header *)
    1.26 -                           ((char *)rom + pnph->next_header_offset))
    1.27 -                        : ((struct option_rom_pnp_header *)NULL));
    1.28 -
    1.29 -            goto found;
    1.30 +            rom = (struct option_rom_header *)
    1.31 +                ((char *)rom + rom->rom_size * 512);
    1.32          }
    1.33      }
    1.34  
    1.35      return 0;
    1.36  
    1.37   found:
    1.38 +    /* Find the PnP expansion header (if any). */
    1.39 +    pnph = ((rom->expansion_header_offset != 0)
    1.40 +            ? ((struct option_rom_pnp_header *)
    1.41 +               ((char *)rom + rom->expansion_header_offset))
    1.42 +            : ((struct option_rom_pnp_header *)NULL));
    1.43 +    while ( (pnph != NULL) && strncmp(pnph->signature, "$PnP", 4) )
    1.44 +        pnph = ((pnph->next_header_offset != 0)
    1.45 +                ? ((struct option_rom_pnp_header *)
    1.46 +                   ((char *)rom + pnph->next_header_offset))
    1.47 +                : ((struct option_rom_pnp_header *)NULL));
    1.48 +
    1.49      printf("Loading PXE ROM ...\n");
    1.50      if ( (pnph != NULL) && (pnph->manufacturer_name_offset != 0) )
    1.51          printf(" - Manufacturer: %s\n",