From 1f66c0e1f4ffb2f9f0fea8fcb7118028039e76a2 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Sat, 2 Nov 2024 07:32:26 +0100
Subject: [PATCH] lmb: do not panic in lmb_print_region_flags

Commit c3cf0dc64f1c ("lmb: add a check to prevent memory overrun")
addressed a possible buffer overrun using assert_noisy().

Resetting via panic() in lmb_print_region() while allowing invalid
lmb flags elsewhere is not reasonable.

Instead of panicking print a message indicating the problem.

fls() returns an int. Using a u64 for bitpos does not match.
Use int instead.

fls() takes an int as argument. Using 1ull << bitpos generates a u64.
Use 1u << bitpos instead.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
 lib/lmb.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lib/lmb.c b/lib/lmb.c
index 74ffa9f927..3dfd8f4f88 100644
--- a/lib/lmb.c
+++ b/lib/lmb.c
@@ -481,16 +481,22 @@ static int lmb_map_update_notify(phys_addr_t addr, phys_size_t size, u8 op,
 
 static void lmb_print_region_flags(enum lmb_flags flags)
 {
-	u64 bitpos;
 	const char *flag_str[] = { "none", "no-map", "no-overwrite", "no-notify" };
+	unsigned int pflags = flags &
+			      (LMB_NOMAP | LMB_NOOVERWRITE | LMB_NONOTIFY);
+
+	if (flags != pflags) {
+		printf("invalid %#x\n", flags);
+		return;
+	}
 
 	do {
-		bitpos = flags ? fls(flags) - 1 : 0;
-		assert_noisy(bitpos < ARRAY_SIZE(flag_str));
+		int bitpos = pflags ? fls(pflags) - 1 : 0;
+
 		printf("%s", flag_str[bitpos]);
-		flags &= ~(1ull << bitpos);
-		puts(flags ? ", " : "\n");
-	} while (flags);
+		pflags &= ~(1u << bitpos);
+		puts(pflags ? ", " : "\n");
+	} while (pflags);
 }
 
 static void lmb_dump_region(struct alist *lmb_rgn_lst, char *name)
-- 
2.39.5