From d59245dc8c6e57a3382d9c12953ffb090a9ea7e3 Mon Sep 17 00:00:00 2001
From: James Archer <j.archer@unsw.edu.au>
Date: Fri, 26 Jul 2024 14:33:23 +1000
Subject: [PATCH] tool: check number of domains does not exceed max

Signed-off-by: James Archer <j.archer@unsw.edu.au>
---
 tool/microkit/src/sysxml.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tool/microkit/src/sysxml.rs b/tool/microkit/src/sysxml.rs
index d002468b..f72a9304 100644
--- a/tool/microkit/src/sysxml.rs
+++ b/tool/microkit/src/sysxml.rs
@@ -41,6 +41,9 @@ const PD_MAX_PRIORITY: u8 = 254;
 /// In microseconds
 const BUDGET_DEFAULT: u64 = 1000;
 
+/// The maximum number of domains supported by the kernel
+const DOMAIN_COUNT_MAX: u64 = 256;
+
 /// The purpose of this function is to parse an integer that could
 /// either be in decimal or hex format, unlike the normal parsing
 /// functionality that the Rust standard library provides.
@@ -840,6 +843,12 @@ impl DomainSchedule {
                     loc_string(xml_sdf, pos)
                 ));
             }
+            if domain_names.size() > DOMAIN_COUNT_MAX {
+                return Err(format!(
+                    "Error: number of domains in domain schedule exceeds maximum of 256: {}",
+                    loc_string(xml_sdf, pos)
+                ));
+            }
 
             let time = checked_lookup(xml_sdf, &child, "length")?.parse::<u64>();
             if let Err(_) = time {