[U-Boot,2/3] fs: cbfs: fix locating the cbfs header

Message ID	20180215064012.28557-2-a.heider@gmail.com
State	Accepted
Commit	44683170f818ecaf914ea4c77d35021f60e38b04
Delegated to:	Simon Glass
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Andre Heider <a.heider@gmail.com> To: u-boot@lists.denx.de Date: Thu, 15 Feb 2018 07:40:11 +0100 Message-Id: <20180215064012.28557-2-a.heider@gmail.com> In-Reply-To: <20180215064012.28557-1-a.heider@gmail.com> References: <20180215064012.28557-1-a.heider@gmail.com> Subject: [U-Boot] [PATCH 2/3] fs: cbfs: fix locating the cbfs header Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[U-Boot,1/3] cmd: cbfs: fix reading the end_of_rom pointer for 64bit archs \| expand [U-Boot,1/3] cmd: cbfs: fix reading the end_of_rom pointer for 64bit archs [U-Boot,2/3] fs: cbfs: fix locating the cbfs header [U-Boot,3/3] cbfs: add support for cbfs header components

Message ID

20180215064012.28557-2-a.heider@gmail.com

State

Accepted

Commit

44683170f818ecaf914ea4c77d35021f60e38b04

Delegated to:

Simon Glass

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="ZRCme4Cc"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3zhmrh59GMz9s7M
	for <incoming@patchwork.ozlabs.org>;
	Thu, 15 Feb 2018 17:41:24 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 5D199C22062; Thu, 15 Feb 2018 06:40:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id A22B7C22087;
	Thu, 15 Feb 2018 06:40:18 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 66DFBC21F4D; Thu, 15 Feb 2018 06:40:16 +0000 (UTC)
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com
	[74.125.82.65])
	by lists.denx.de (Postfix) with ESMTPS id 0D988C21C3F
	for <u-boot@lists.denx.de>; Thu, 15 Feb 2018 06:40:16 +0000 (UTC)
Received: by mail-wm0-f65.google.com with SMTP id t74so26883297wme.3
	for <u-boot@lists.denx.de>; Wed, 14 Feb 2018 22:40:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=VkNV/va4NK+HNdjSDi7rBXBfDfz7HTqq4CHV22bJaf0=;
	b=ZRCme4Ccq0YMoKfu03zflUwN8Vfq+rm5l1aq3vzxOb85XJtbg8GpN/BDwcq+Oty0v+
	36SMaWNbWouO6QgzpS6/W6MUkj7Dt5i9T8y0CwCai5fCjADPmuFgOI8LpOlb8qzrkH+N
	xf5R3KFBeRcoHb1koSZ6kIw9jma75PETUqVQYaYHpwVyXQX3u82TGS/5kuII5oOXQrN2
	VeCZiaDMtJ0QqahwOSREaWY4LSgNZMiRX9Gz1KyKA7STlyjPad6zawRfK8Pc8fddOyv4
	gZpUTtBoeS2PpUCSbJRDEPK97Tavm0/wqCdF7BvqOKxY3xopUF92tedDPeBosqn9+Lhx
	CBew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=VkNV/va4NK+HNdjSDi7rBXBfDfz7HTqq4CHV22bJaf0=;
	b=cM/J9KZAoWG6u5JexswWcN05nIu8sYkY9WAwCRd3llmXLuDaKJgfXacAEMvdiHBe35
	LZUrKSLsuUGggskkqsGRpb3RK5ZysyYavX0pajns7bKJI+BOdotAOM6U+bdIVUKc4ILM
	FWtz2KWKF8whzwjmrrCf2TmgBCfaLjTOVkRi+SiHW5vQMfXkB3/i422LX20YaZXLIPvO
	Mlgx3NVOiUVzVNIpMDCY1KZDT8SNgcmFxpx1SghhuEIdyl90tXu5VmRg3VQRSnXHtCyb
	FpDFm+iiwQz0ee8Piv0JxbLWLxRIFp3atzygBk+V+YcakB8F4Sxjc5Jm5MMm92zLCrwh
	f4Mg==
X-Gm-Message-State: APf1xPA8RuCOhH+Xz+G0XJ3t2AD+ZgKeJtgE+mXDSX8TGMObRy8iMv/B
	xR1nj6MRZjBOMxv7tDLXihW34Q==
X-Google-Smtp-Source: AH8x225NSV6aEihfjlrIBvCpSFiKe7G5fqEPCpzl301s8hP1DMu3sQgTX7mxLBDBgZ8CJNGVcAHx6w==
X-Received: by 10.28.165.130 with SMTP id o124mr924102wme.122.1518676815273; 
	Wed, 14 Feb 2018 22:40:15 -0800 (PST)
Received: from mamamia.internal (a89-182-101-87.net-htp.de. [89.182.101.87])
	by smtp.gmail.com with ESMTPSA id
	x203sm28410443wmd.11.2018.02.14.22.40.14
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 14 Feb 2018 22:40:14 -0800 (PST)
From: Andre Heider <a.heider@gmail.com>
To: u-boot@lists.denx.de
Date: Thu, 15 Feb 2018 07:40:11 +0100
Message-Id: <20180215064012.28557-2-a.heider@gmail.com>
X-Mailer: git-send-email 2.16.1
In-Reply-To: <20180215064012.28557-1-a.heider@gmail.com>
References: <20180215064012.28557-1-a.heider@gmail.com>
Subject: [U-Boot] [PATCH 2/3] fs: cbfs: fix locating the cbfs header
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

[U-Boot,1/3] cmd: cbfs: fix reading the end_of_rom pointer for 64bit archs | expand

The value at the end of the rom is not a pointer, it is an offset relative to the end of rom. Signed-off-by: Andre Heider <a.heider@gmail.com> --- fs/cbfs/cbfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Alexander Graf Feb. 22, 2018, 12:08 a.m. UTC | #1

On 15.02.18 07:40, Andre Heider wrote:
> The value at the end of the rom is not a pointer, it is an offset
> relative to the end of rom.

Do you have any documentation pointers to this? Even just pointing to a
specific line of code in coreboot would be helpful in case anyone wants
to read it up.

> 
> Signed-off-by: Andre Heider <a.heider@gmail.com>
> ---
>  fs/cbfs/cbfs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
> index 6e1107d751..46da8f134f 100644
> --- a/fs/cbfs/cbfs.c
> +++ b/fs/cbfs/cbfs.c
> @@ -168,9 +168,9 @@ static int file_cbfs_load_header(uintptr_t end_of_rom,
>  				 struct cbfs_header *header)
>  {
>  	struct cbfs_header *header_in_rom;
> +	int32_t offset = *(u32 *)(end_of_rom - 3);

Accessing a pointer that gets subtracted by 3 looks terribly wrong.
Unfortunately it's correct, because the pointer itself is unaligned.

How about we change the logic so that we calculate an aligned pointer
(after_rom?) which we sanity check for alignment and base all
calculations on that instead?

That way the next time someone comes around he's not getting puzzled why
we're subtracting 3 and adding 1 to the pointer ;).

Alex

>  
> -	header_in_rom = (struct cbfs_header *)(uintptr_t)
> -			*(u32 *)(end_of_rom - 3);
> +	header_in_rom = (struct cbfs_header *)(end_of_rom + offset + 1);
>  	swap_header(header, header_in_rom);
>  
>  	if (header->magic != good_magic || header->offset >
>

Simon Glass April 1, 2018, 2:19 p.m. UTC | #2

Hi,

On 22 February 2018 at 08:08, Alexander Graf <agraf@suse.de> wrote:
>
>
> On 15.02.18 07:40, Andre Heider wrote:
>> The value at the end of the rom is not a pointer, it is an offset
>> relative to the end of rom.
>
> Do you have any documentation pointers to this? Even just pointing to a
> specific line of code in coreboot would be helpful in case anyone wants
> to read it up.
>
>>
>> Signed-off-by: Andre Heider <a.heider@gmail.com>
>> ---
>>  fs/cbfs/cbfs.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
>> index 6e1107d751..46da8f134f 100644
>> --- a/fs/cbfs/cbfs.c
>> +++ b/fs/cbfs/cbfs.c
>> @@ -168,9 +168,9 @@ static int file_cbfs_load_header(uintptr_t end_of_rom,
>>                                struct cbfs_header *header)
>>  {
>>       struct cbfs_header *header_in_rom;
>> +     int32_t offset = *(u32 *)(end_of_rom - 3);
>
> Accessing a pointer that gets subtracted by 3 looks terribly wrong.
> Unfortunately it's correct, because the pointer itself is unaligned.
>
> How about we change the logic so that we calculate an aligned pointer
> (after_rom?) which we sanity check for alignment and base all
> calculations on that instead?
>
> That way the next time someone comes around he's not getting puzzled why
> we're subtracting 3 and adding 1 to the pointer ;).

Either that or a comment would be nice. But since this has been
sitting around for a while and fixes a bug I think it is best to take
it. Please feel free to send a follow-up patch..

We also have no tests for this code, so I'd really like to get some
tests in there!

Reviewed-by: Simon Glass <sjg@chromium.org>

Regards,
Simon

Simon Glass April 1, 2018, 2:28 p.m. UTC | #3

On 1 April 2018 at 22:19, Simon Glass <sjg@chromium.org> wrote:
> Hi,
>
> On 22 February 2018 at 08:08, Alexander Graf <agraf@suse.de> wrote:
>>
>>
>> On 15.02.18 07:40, Andre Heider wrote:
>>> The value at the end of the rom is not a pointer, it is an offset
>>> relative to the end of rom.
>>
>> Do you have any documentation pointers to this? Even just pointing to a
>> specific line of code in coreboot would be helpful in case anyone wants
>> to read it up.
>>
>>>
>>> Signed-off-by: Andre Heider <a.heider@gmail.com>
>>> ---
>>>  fs/cbfs/cbfs.c | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
>>> index 6e1107d751..46da8f134f 100644
>>> --- a/fs/cbfs/cbfs.c
>>> +++ b/fs/cbfs/cbfs.c
>>> @@ -168,9 +168,9 @@ static int file_cbfs_load_header(uintptr_t end_of_rom,
>>>                                struct cbfs_header *header)
>>>  {
>>>       struct cbfs_header *header_in_rom;
>>> +     int32_t offset = *(u32 *)(end_of_rom - 3);
>>
>> Accessing a pointer that gets subtracted by 3 looks terribly wrong.
>> Unfortunately it's correct, because the pointer itself is unaligned.
>>
>> How about we change the logic so that we calculate an aligned pointer
>> (after_rom?) which we sanity check for alignment and base all
>> calculations on that instead?
>>
>> That way the next time someone comes around he's not getting puzzled why
>> we're subtracting 3 and adding 1 to the pointer ;).
>
> Either that or a comment would be nice. But since this has been
> sitting around for a while and fixes a bug I think it is best to take
> it. Please feel free to send a follow-up patch..
>
> We also have no tests for this code, so I'd really like to get some
> tests in there!
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot-dm, thanks!

diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index 6e1107d751..46da8f134f 100644
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -168,9 +168,9 @@  static int file_cbfs_load_header(uintptr_t end_of_rom,
 				 struct cbfs_header *header)
 {
 	struct cbfs_header *header_in_rom;
+	int32_t offset = *(u32 *)(end_of_rom - 3);
 
-	header_in_rom = (struct cbfs_header *)(uintptr_t)
-			*(u32 *)(end_of_rom - 3);
+	header_in_rom = (struct cbfs_header *)(end_of_rom + offset + 1);
 	swap_header(header, header_in_rom);
 
 	if (header->magic != good_magic || header->offset >

[U-Boot,2/3] fs: cbfs: fix locating the cbfs header

Commit Message

Comments

Patch