From e813f48461b8011244b3e7dfe118cf94fd595f0d Mon Sep 17 00:00:00 2001
From: Markus Stockhausen <markus.stockhausen@gmx.de>
Date: Sun, 25 Aug 2024 13:09:48 -0400
Subject: [PATCH] realtek: harden fw_init_cmdline()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some devices (e.g. HP JG924A) hand over other than expected kernel boot
arguments. Looking at these one can see:

fw_init_cmdline: fw_arg0=00020000
fw_init_cmdline: fw_arg1=00060000
fw_init_cmdline: fw_arg2=fffdffff
fw_init_cmdline: fw_arg3=0000416c

Especially fw_arg2 should be the pointer to the environment and it looks
very suspicous. It is not aligned and the address is outside KSEG0 and
KSEG1. Booting the device will result in a hang. Do better at verifying
the address.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
---
 arch/mips/fw/lib/cmdline.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/mips/fw/lib/cmdline.c
+++ b/arch/mips/fw/lib/cmdline.c
@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void)
 	}
 
 	/* Validate environment pointer. */
-	if (fw_arg2 < CKSEG0)
+	if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2)
 		_fw_envp = NULL;
 	else
 		_fw_envp = (int *)fw_arg2;