From patchwork Sat Nov 17 09:34:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999269 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="FsakvYlm"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqh12l5Pz9s5c for ; Sat, 17 Nov 2018 20:34:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 543E5C2234B; Sat, 17 Nov 2018 09:34:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id ECC74C2227E; Sat, 17 Nov 2018 09:34:43 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 85788C22298; Sat, 17 Nov 2018 09:34:42 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by lists.denx.de (Postfix) with ESMTPS id 76F96C2227E for ; Sat, 17 Nov 2018 09:34:41 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id s11so807229wmh.1 for ; Sat, 17 Nov 2018 01:34:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MnHQ79G65Wy9lKRoKnQ8YC6XLpvneApKcFzCmAJ8X8Q=; b=FsakvYlm104scQRdohQTMR2oxgGUX08Rf+tD04Psr1F6qo+1dKt79A40vOcwFyit15 K5bjG8xj1KkQkkUY4jc/7UWMXJkcy/Dk5NB5xFJdnM1z4mD+5zPOWGuDjyVDpaE7pLom brEEXMQVRbNt7uy1M1sdP0Q67taUeoeOA1Fz9SoSyhbi4HfdGJZ14wIU79dCBNiSxGIT BBgRS4xjbMP13V7Vv8a7bz3BeJIZbQBA0HGikJssro5YJu/R//GPm34eGR3w6MLQgzrV q/ku9UBcrHsrCuo2mOYhj+TT4CQDCASuVgf269O2KLZpbP9G7+ActBeMsxqGRCKc+MpS kbHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MnHQ79G65Wy9lKRoKnQ8YC6XLpvneApKcFzCmAJ8X8Q=; b=CjSPYyi5Wcaj3VnrSA30/Obgso0GDn7CQEcZl3BSLYyehQtCWhVSxDA2RDZqj0usgb bjr2+qin1jyQxhKVaynX9RgbVptc0myVergkahURgEmlJOdoF133cdaaRhpzztPoiFRJ JkXzsFHPRjz2c9mKeqvF1DctUf/hojaZgwRs0JsfCCeJKu3Dbs8HVmXWKwKfSso+YHwZ U33ogvxq3FnF7ij/db1WYpKLLHqu9leScCPqct9RfF931dNs2AzgVvELtggmxEwvZ+u/ bBSw/3Ot+BiUgKSkJEVH3UTPwJxHBXMX3dh37nEPwh8waKaGlLZEq9ttpF41rlNn/Gdb AqBg== X-Gm-Message-State: AA+aEWamqsW4pjXOJjF87KuBRQKLoIY/82rorBRoioybSUVBMkzNYDCJ 3TGonJ3KuwM1nH1TrNk1SdM= X-Google-Smtp-Source: AFSGD/UpMjD7Po9EdhHhx+jmDFLuxgckX2Dw4pW4uEih5/cUI4SnmmiYBr8GM4+ZN7EMzn6LVKAygw== X-Received: by 2002:a1c:e90d:: with SMTP id q13mr1185905wmc.106.1542447281067; Sat, 17 Nov 2018 01:34:41 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:39 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:23 +0100 Message-Id: <20181117093430.15827-2-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Andrea Barisani Subject: [U-Boot] [PATCH v2 1/8] lib: lmb: reserving overlapping regions should fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" lmb_add_region handles overlapping regions wrong: instead of merging or rejecting to add a new reserved region that overlaps an existing one, it just adds the new region. Since internally the same function is used for lmb_alloc, change lmb_add_region to reject overlapping regions. Signed-off-by: Simon Goldschmidt --- Changes in v2: None lib/lmb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/lmb.c b/lib/lmb.c index 1705417348..8dc703d996 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -136,6 +136,9 @@ static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t rgn->region[i].size += size; coalesced++; break; + } else if (lmb_addrs_overlap(base, size, rgnbase, rgnsize)) { + /* regions overlap */ + return -1; } } From patchwork Sat Nov 17 09:34:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999270 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="EBBWoza1"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqhm3wstz9s5c for ; Sat, 17 Nov 2018 20:35:36 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 2874CC222AB; Sat, 17 Nov 2018 09:35:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E4F11C22387; Sat, 17 Nov 2018 09:34:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id CFCB3C22332; Sat, 17 Nov 2018 09:34:46 +0000 (UTC) Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by lists.denx.de (Postfix) with ESMTPS id 0471CC22285 for ; Sat, 17 Nov 2018 09:34:44 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id j26-v6so27201825wre.1 for ; Sat, 17 Nov 2018 01:34:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WS07eggGoTW69Ho4qw3zxggNdwUk9Sx4SiMCLxiY2uw=; b=EBBWoza1A2B6MvshcjAykgw5+3wjbyD7AAbt5VWH+Jb/7sP4TphOSuw99HsAxRNP3n x5U0ukla3h7pd3Htkur48r4DlO1q9BQtY9hZDjR7YE2f61hScY0L36LVTtsL1bwh7GTO jA00tbaVvOn4yFHwSPYb3oS8l0RBlyJyIufgheWDSlUsSnOGz2Px0BVAzYI/DFKJbiIX KXRl1g2BvP78FHb54UxxRf1jE5fV3aIC42BLUOuZTtWNWf5CynRLPJzdf3wVt2QURnOk I5dcByXPIO7iY+z3e/FSQ0j/JCiy7XqV957u9aJ24D5xyzStPQrHLCY5jkG7pNSDhrU+ yn3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WS07eggGoTW69Ho4qw3zxggNdwUk9Sx4SiMCLxiY2uw=; b=Zt5m7FnWR97MBAUvpYgDuZyJ5xRMYd93mqZLDNv19MBVIU1iOcDv+ncKz6l+GJGtnT 1MLmNMbPEK6/+AU2zqcDpKeR4cwLjmIn8MD9/76amwYnfqcJNy1hfxdjVvLhMAkUbyuq hUcZzVK3bp+CmP/EJEDD6Pggc1/rJgJvzoptPoMV2wTrv64lDaz4HukIFngnd9anb9c1 MAqO9eyCUjkFbQLhVp3gM6GI+8VlzzFBXJiizds5qCjlrzaytF3FE1w1wSKtHqih1gJe KWT5UdGg8SG7ohBq+hAovQpD+qPEFzTptNG0hOrwYjShv+3DxXbsILZ+PEKo3pmrXjyh oOUA== X-Gm-Message-State: AGRZ1gIc4HubAVBeO40C9c/mL5a7FPjFmc5iexvFIdlhHy7CtZMP/1YB 0IVEJvzfcXAQpQqSx19SdL8= X-Google-Smtp-Source: AJdET5cl7NEzG/Zzjjr+ZZn2JHnEXC0sc1R2vBdXyB1tMiX6TygfPuFpohD28dn1Rdic47CqpsheaQ== X-Received: by 2002:adf:812a:: with SMTP id 39-v6mr11743171wrm.84.1542447283491; Sat, 17 Nov 2018 01:34:43 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:42 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:24 +0100 Message-Id: <20181117093430.15827-3-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Andrea Barisani Subject: [U-Boot] [PATCH v2 2/8] fdt: parse "reserved-memory" for memory reservation X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" boot_fdt_add_mem_rsv_regions() adds reserved memory sections to an lmb struct. Currently, it only parses regions described by /memreserve/ entries. Extend this to the more commonly used scheme of the "reserved-memory" node. Signed-off-by: Simon Goldschmidt --- Changes in v2: - this patch is new in v2 common/image-fdt.c | 52 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/common/image-fdt.c b/common/image-fdt.c index 95748f0ae1..65984c3c98 100644 --- a/common/image-fdt.c +++ b/common/image-fdt.c @@ -10,6 +10,7 @@ #include #include +#include #include #include #include @@ -67,30 +68,65 @@ static const image_header_t *image_get_fdt(ulong fdt_addr) } #endif +static void boot_fdt_reserve_region(struct lmb *lmb, uint64_t addr, + uint64_t size) +{ + int ret; + + ret = lmb_reserve(lmb, addr, size); + if (!ret) + debug(" reserving fdt memory region: addr=%llx size=%llx\n", + (unsigned long long)addr, (unsigned long long)size); + else + puts("ERROR: reserving fdt memory region failed "); + printf("(addr=%llx size=%llx)\n", + (unsigned long long)addr, (unsigned long long)size); +} + /** - * boot_fdt_add_mem_rsv_regions - Mark the memreserve sections as unusable + * boot_fdt_add_mem_rsv_regions - Mark the memreserve and reserved-memory + * sections as unusable * @lmb: pointer to lmb handle, will be used for memory mgmt * @fdt_blob: pointer to fdt blob base address * - * Adds the memreserve regions in the dtb to the lmb block. Adding the - * memreserve regions prevents u-boot from using them to store the initrd - * or the fdt blob. + * Adds the and reserved-memorymemreserve regions in the dtb to the lmb block. + * Adding the memreserve regions prevents u-boot from using them to store the + * initrd or the fdt blob. */ void boot_fdt_add_mem_rsv_regions(struct lmb *lmb, void *fdt_blob) { uint64_t addr, size; - int i, total; + int i, total, ret; + int nodeoffset, subnode; + struct fdt_resource res; if (fdt_check_header(fdt_blob) != 0) return; + /* process memreserve sections */ total = fdt_num_mem_rsv(fdt_blob); for (i = 0; i < total; i++) { if (fdt_get_mem_rsv(fdt_blob, i, &addr, &size) != 0) continue; - printf(" reserving fdt memory region: addr=%llx size=%llx\n", - (unsigned long long)addr, (unsigned long long)size); - lmb_reserve(lmb, addr, size); + boot_fdt_reserve_region(lmb, addr, size); + } + + /* process reserved-memory */ + nodeoffset = fdt_subnode_offset(fdt_blob, 0, "reserved-memory"); + if (nodeoffset >= 0) { + subnode = fdt_first_subnode(fdt_blob, nodeoffset); + while (subnode >= 0) { + /* check if this subnode has a reg property */ + ret = fdt_get_resource(fdt_blob, subnode, "reg", 0, + &res); + if (!ret) { + addr = res.start; + size = res.end - res.start + 1; + boot_fdt_reserve_region(lmb, addr, size); + } + + subnode = fdt_next_subnode(fdt_blob, subnode); + } } } From patchwork Sat Nov 17 09:34:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999273 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="SGwpXNWP"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqkt5NfQz9s1c for ; Sat, 17 Nov 2018 20:37:26 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 4AC32C22330; Sat, 17 Nov 2018 09:35:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E9ED0C2235A; Sat, 17 Nov 2018 09:35:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9DD1DC2235A; Sat, 17 Nov 2018 09:34:51 +0000 (UTC) Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by lists.denx.de (Postfix) with ESMTPS id 9CC9DC22380 for ; Sat, 17 Nov 2018 09:34:46 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id v6so5327291wrr.12 for ; Sat, 17 Nov 2018 01:34:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=erXrpQIDJPsLfEBBlx20usoYhOduK7V9YHV3TT0slpI=; b=SGwpXNWPPaqk20yYbBfFQ/MmWKOlku8najkkMBYNcrrCDMzX8+H61QmgL/a/y/zx3Q LprpY5N+Hv8QhObb2PypTo6i2YAGpzAqcmbWyXGI3DqVmZ+chD1Cal+o0DAuIkOPWjyv gwYXXJNLicKmsWHrMueguluvVqXLTLwAxJfBaUM5ehDpsXipMkf7P1bjxCERJBeVgM4n OkJ1OvCnrg5Kzm/2UHa4yfAaY83yfo/QCzxgPH1QngDd9ZTmtvvsvQup+POk4Dxi4vBe 50n4Mh5eylHd5ZwKVyd8x/ql/hCgtmn6RUeLU+Ez6G37GZcFCzYzgqzrPVdNuTahdfhK QmEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=erXrpQIDJPsLfEBBlx20usoYhOduK7V9YHV3TT0slpI=; b=kRbJu0Xaxs7P7KyaTV2r7MMOOrzDJ6G7H93klpbKse+r6frbMmHvehImTyubl0WuWR aaCdOQcJsm4UIo6wi8b0rw97NFNdORcOYzw/9Hog5bqBieZDpUTg9PuGc0fDAUgPUPNl e6rJT24+G5KlDT0qUsf074bc2mxx+PQ5Sw2bwJY+iygRuttH/0eyHu35biIIZHSIHP7q GjIplEE4nb1TLUqP5hLuRHidjc6hUIVDF5KKyYpmHbW3VnqJIvRYysPYqJCvtGYK9QKy 8TisUNEzfllS1DfM7xsPbglTYR7cRRj5ltnHdP0BJlwNQgj6NbETnp9Hu8Urbn5lY56u utCw== X-Gm-Message-State: AA+aEWb5nvXPWBnkDjj/rMqNHYTOlKDnunsitXhukM0aIRWk+pI7rNqK UHX0HN5EWVUzgizobPcJCAw= X-Google-Smtp-Source: AFSGD/XPRPteo6xGAiBBk6UwfwHQoNfqA5NjwqCNPOVglSg47NCky+UsjmeJGOYd8Y1GM2Khew2d6A== X-Received: by 2002:adf:8228:: with SMTP id 37mr6158816wrb.160.1542447286236; Sat, 17 Nov 2018 01:34:46 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:45 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:25 +0100 Message-Id: <20181117093430.15827-4-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Andrea Barisani Subject: [U-Boot] [PATCH v2 3/8] lib: lmb: extend lmb for checks at load time X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This adds two new functions, lmb_alloc_addr and lmb_get_unreserved_size. lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a pre-specified address range. Unlike lmb_reserve, this address range must be inside one of the memory ranges that has been set up with lmb_add. lmb_get_unreserved_size returns the number of bytes that can be used up to the next reserved region or the end of valid ram. This can be 0 if the address passed is reserved. Signed-off-by: Simon Goldschmidt --- Changes in v2: - added lmb_get_unreserved_size() for tftp include/lmb.h | 3 +++ lib/lmb.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/include/lmb.h b/include/lmb.h index f04d058093..7d7e2a78dc 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -38,6 +38,9 @@ extern phys_addr_t lmb_alloc_base(struct lmb *lmb, phys_size_t size, ulong align phys_addr_t max_addr); extern phys_addr_t __lmb_alloc_base(struct lmb *lmb, phys_size_t size, ulong align, phys_addr_t max_addr); +extern phys_addr_t lmb_alloc_addr(struct lmb *lmb, phys_addr_t base, + phys_size_t size); +extern phys_size_t lmb_get_unreserved_size(struct lmb *lmb, phys_addr_t addr); extern int lmb_is_reserved(struct lmb *lmb, phys_addr_t addr); extern long lmb_free(struct lmb *lmb, phys_addr_t base, phys_size_t size); diff --git a/lib/lmb.c b/lib/lmb.c index 8dc703d996..9de1581972 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -324,6 +324,59 @@ phys_addr_t __lmb_alloc_base(struct lmb *lmb, phys_size_t size, ulong align, phy return 0; } +/* + * Try to allocate a specific address range: must be in defined memory but not + * reserved + */ +phys_addr_t lmb_alloc_addr(struct lmb *lmb, phys_addr_t base, phys_size_t size) +{ + long j; + + /* Check if the requested address is in one of the memory regions */ + j = lmb_overlaps_region(&lmb->memory, base, size); + if (j >= 0) { + /* + * Check if the requested end address is in the same memory + * region we found. + */ + if (lmb_addrs_overlap(lmb->memory.region[j].base, + lmb->memory.region[j].size, base + size - + 1, 1)) { + /* ok, reserve the memory */ + if (!lmb_reserve(lmb, base, size)) + return base; + } + } + return 0; +} + +/* Return number of bytes from a given address that are free */ +phys_size_t lmb_get_unreserved_size(struct lmb *lmb, phys_addr_t addr) +{ + int i; + long j; + + /* check if the requested address is in the memory regions */ + j = lmb_overlaps_region(&lmb->memory, addr, 1); + if (j >= 0) { + for (i = 0; i < lmb->reserved.cnt; i++) { + if (addr < lmb->reserved.region[i].base) { + /* first reserved range > requested address */ + return lmb->reserved.region[i].base - addr; + } + if (lmb->reserved.region[i].base + + lmb->reserved.region[i].size > addr) { + /* requested addr is in this reserved range */ + return 0; + } + } + /* if we come here: no reserved ranges above requested addr */ + return lmb->memory.region[lmb->memory.cnt - 1].base + + lmb->memory.region[lmb->memory.cnt - 1].size - addr; + } + return 0; +} + int lmb_is_reserved(struct lmb *lmb, phys_addr_t addr) { int i; From patchwork Sat Nov 17 09:34:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999272 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="By7r2Vkq"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqkm1bM4z9s5c for ; Sat, 17 Nov 2018 20:37:19 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BEB5BC2233E; Sat, 17 Nov 2018 09:35:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C4B37C22386; Sat, 17 Nov 2018 09:34:57 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 42BAFC22382; Sat, 17 Nov 2018 09:34:52 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by lists.denx.de (Postfix) with ESMTPS id ABE3CC2238A for ; Sat, 17 Nov 2018 09:34:48 +0000 (UTC) Received: by mail-wm1-f67.google.com with SMTP id q26so790719wmf.5 for ; Sat, 17 Nov 2018 01:34:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ziVOM6r2GpfYoveAnYWNWhfHGgeYgkr7ZYkU+r83g+s=; b=By7r2VkqUma73iXmIwSlmN/N8XhuBrjgy+au0olDy0W1+W1KwupdI915tfVFuJdF8s L+QP3PERofVB+dNpE6wA00Jixc2bkGNln0PNH6XRWTgm11k1nyO4wtxL4dX656RyM8+0 np5BfMXk+BScajfYdJJEUsx3Nj7S7jtj9PCeAfhaiMWeTH/xFt6F6D3NakH5x7LpqNLi h7BTuKbgXbCQ+dOO6kwKeGyNYmcgxLQE8hl1bPQeavu2YMEk1v+swe+Xyh1XkJy9ib1q BfaWAGapqFLIUh9tydR1vDMo3Cf0Evg6WJv+axN8an9H2DZmpD0Yo8jt7vuJT6TQSuaW jX0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ziVOM6r2GpfYoveAnYWNWhfHGgeYgkr7ZYkU+r83g+s=; b=nmT2Uk4zBNWlCbXjIk8e8kMZc7Y1wJTsVlp4o3OgV97Ldy7x4G1zpfGhuGJ+8uGpf9 Ek/jtNqaQuVCfTlHG4Pj7cIHI8Q+6nHU2z3FKje5TW6nrlV9Jr5whCLfgpvTrqU404/n tYtGC2xxJ4IGt6Wuuu2/5vxJS8dignmCAJHnABHBJUJXuIFJ/TvjuQOLbeIgXpMikgFD hJ1TxthGJ39Dx76XmwzSdYlgaFk0yZL12aDeO525GNTsGeG8LrJcB46E5EAF7on8PMCU HA9wPkecSnhun70CgCiBVxLQtHgmAM9Z9jP/kgPe1GnttdFGMFNPcycUL8Kctza3DKLj iVAQ== X-Gm-Message-State: AGRZ1gL5s+y1To6cJ+ZtGkS0EqkP68cIld7oSfSYGtQu2zSLLytPwHCK 1FS2Flfnm7Xw2VqGZmeeIEY= X-Google-Smtp-Source: AJdET5d3ThWcgzLT2V9B3lId+poAFSLEoTCEcU2tzgCYc/QPvKRge3tGOn8frifm9PcnPFMzyd21rw== X-Received: by 2002:a1c:770c:: with SMTP id t12mr1126536wmi.101.1542447288266; Sat, 17 Nov 2018 01:34:48 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:47 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:26 +0100 Message-Id: <20181117093430.15827-5-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Alexander Graf , Andrea Barisani Subject: [U-Boot] [PATCH v2 4/8] fs: prevent overwriting reserved memory X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt --- Changes in v2: None fs/fs.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++--- include/lmb.h | 2 ++ lib/lmb.c | 13 ++++++++++++ 3 files changed, 68 insertions(+), 3 deletions(-) diff --git a/fs/fs.c b/fs/fs.c index adae98d021..4baf6b1c39 100644 --- a/fs/fs.c +++ b/fs/fs.c @@ -428,13 +428,57 @@ int fs_size(const char *filename, loff_t *size) return ret; } -int fs_read(const char *filename, ulong addr, loff_t offset, loff_t len, - loff_t *actread) +#ifdef CONFIG_LMB +/* Check if a file may be read to the given address */ +static int fs_read_lmb_check(const char *filename, ulong addr, loff_t offset, + loff_t len, struct fstype_info *info) +{ + struct lmb lmb; + int ret; + loff_t size; + loff_t read_len; + + /* get the actual size of the file */ + ret = info->size(filename, &size); + if (ret) + return ret; + if (offset >= size) { + /* offset >= EOF, no bytes will be written */ + return 0; + } + read_len = size - offset; + + /* limit to 'len' if it is smaller */ + if (len && len < read_len) + read_len = len; + + lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start, + gd->bd->bi_dram[0].size, (void *)gd->fdt_blob); + lmb_dump_all(&lmb); + + if (lmb_alloc_addr(&lmb, addr, read_len) == addr) + return 0; + + printf("** Reading file would overwrite reserved memory **\n"); + return -1; +} +#endif + +static int _fs_read(const char *filename, ulong addr, loff_t offset, loff_t len, + int do_lmb_check, loff_t *actread) { struct fstype_info *info = fs_get_info(fs_type); void *buf; int ret; +#ifdef CONFIG_LMB + if (do_lmb_check) { + ret = fs_read_lmb_check(filename, addr, offset, len, info); + if (ret) + return ret; + } +#endif + /* * We don't actually know how many bytes are being read, since len==0 * means read the whole file. @@ -451,6 +495,12 @@ int fs_read(const char *filename, ulong addr, loff_t offset, loff_t len, return ret; } +int fs_read(const char *filename, ulong addr, loff_t offset, loff_t len, + loff_t *actread) +{ + return _fs_read(filename, addr, offset, len, 0, actread); +} + int fs_write(const char *filename, ulong addr, loff_t offset, loff_t len, loff_t *actwrite) { @@ -621,7 +671,7 @@ int do_load(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[], pos = 0; time = get_timer(0); - ret = fs_read(filename, addr, pos, bytes, &len_read); + ret = _fs_read(filename, addr, pos, bytes, 1, &len_read); time = get_timer(time); if (ret < 0) return 1; diff --git a/include/lmb.h b/include/lmb.h index 7d7e2a78dc..62da85e716 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -31,6 +31,8 @@ struct lmb { extern struct lmb lmb; extern void lmb_init(struct lmb *lmb); +extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, + phys_size_t size, void *fdt_blob); extern long lmb_add(struct lmb *lmb, phys_addr_t base, phys_size_t size); extern long lmb_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size); extern phys_addr_t lmb_alloc(struct lmb *lmb, phys_size_t size, ulong align); diff --git a/lib/lmb.c b/lib/lmb.c index 9de1581972..776aa7a8b7 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -104,6 +104,19 @@ void lmb_init(struct lmb *lmb) lmb->reserved.size = 0; } +/* Initialize the struct, add memory and call arch/board reserve functions */ +void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size, + void *fdt_blob) +{ + lmb_init(lmb); + lmb_add(lmb, base, size); + arch_lmb_reserve(lmb); + board_lmb_reserve(lmb); + + if (IMAGE_ENABLE_OF_LIBFDT) + boot_fdt_add_mem_rsv_regions(lmb, fdt_blob); +} + /* This routine called with relocation disabled. */ static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size) { From patchwork Sat Nov 17 09:34:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999271 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="elryzffq"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqjG3T6pz9s5c for ; Sat, 17 Nov 2018 20:36:02 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 21AD4C22324; Sat, 17 Nov 2018 09:35:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id ED575C22382; Sat, 17 Nov 2018 09:35:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 22AB8C222AB; Sat, 17 Nov 2018 09:34:54 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by lists.denx.de (Postfix) with ESMTPS id D75FAC22390 for ; Sat, 17 Nov 2018 09:34:50 +0000 (UTC) Received: by mail-wm1-f67.google.com with SMTP id k198so361556wmd.3 for ; Sat, 17 Nov 2018 01:34:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o3oXB+hlFAmn76tgQFc0Wh0yDjBFJdOCxSkZN/OpfT0=; b=elryzffq2bUNTZAwVtwZuiNz/NxvUmqwuc8vKRQ9mfUBbxbzZBm253q4ZRw0kzGTE+ UYESQe95mLkIhmb1FiXsnlv2NWjR/o79xik63C4ntqA8jSwevhuw2CtDd+bMr5qLbP0e B3QE8UAzdEZ4E4T6kgS8rPIZF71dM8tkU7UEUEfg4WcyGuu/xo+af7mlmVRarLctLbie yRQLWl9Go48+/t0KDWSe2tb5if7JebE2UIrQ4oVzX3JRWDVOX6WvDxviP53oqxNTKa2I RHowSxnrnJFKuL78x1ZJod4aQT1bMiCLGE5PT1mL+oKVU4FqEfq+a1hv7LPfiMyLgTdb EhMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o3oXB+hlFAmn76tgQFc0Wh0yDjBFJdOCxSkZN/OpfT0=; b=pOj67tqOLdKCGudCZG9rDH+ZQxYkuKJuAwO82VBZLGOw+1qLr+EQmPbVJdefetyHi6 j6z6fiZ6IVIbIHIL1WppWyFqgW3qw1dBGNYV0fsdYjarN13JWiNyS6Hm0R08LLKk7B9o u/d18yeso+cy3e+bDNYUZmin55xLu8RtFF2PU3vzHmfwbEh/aqHaJ+64exZaf3qqMuFW c59oSPnVFxVtKt6yN9rUTVdLT+Chxel6yAEPsILDhR7939VPmx8Tc/DwbzM1Jq0tqqLb ISraTxfKsAQv5aAXPQOmnAH/9cA0+OitY6m1Mcitg+ffTCKOA5/8wY/4xkN66fnahzfU dxwQ== X-Gm-Message-State: AA+aEWajA0duaYRwXalyG6iCoALk+X6ZfNdhJrgimZdhqXIJWf08bHsF TOTGvW+xH99ApSExSUgkMlQ= X-Google-Smtp-Source: AFSGD/VIrdqeEiUiptFNhZe2ObnGemb2Q9k6xb5kNuKbu67Aeb6y1lm3N55nz8QN+VulOBt9NiCFrQ== X-Received: by 2002:a1c:8f94:: with SMTP id r142-v6mr1110641wmd.104.1542447290529; Sat, 17 Nov 2018 01:34:50 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:49 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:27 +0100 Message-Id: <20181117093430.15827-6-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Alexander Graf , Andrea Barisani Subject: [U-Boot] [PATCH v2 5/8] bootm: use new common function lmb_init_and_reserve X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This reduces duplicate code only. Signed-off-by: Simon Goldschmidt --- Changes in v2: None common/bootm.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/common/bootm.c b/common/bootm.c index 8bf84ebcb7..31e4f0f794 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -56,15 +56,11 @@ static void boot_start_lmb(bootm_headers_t *images) ulong mem_start; phys_size_t mem_size; - lmb_init(&images->lmb); - mem_start = env_get_bootm_low(); mem_size = env_get_bootm_size(); - lmb_add(&images->lmb, (phys_addr_t)mem_start, mem_size); - - arch_lmb_reserve(&images->lmb); - board_lmb_reserve(&images->lmb); + lmb_init_and_reserve(&images->lmb, (phys_addr_t)mem_start, mem_size, + NULL); } #else #define lmb_reserve(lmb, base, size) From patchwork Sat Nov 17 09:34:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999274 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="oxXdlOIr"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqlj1byXz9s1c for ; Sat, 17 Nov 2018 20:38:09 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E8E20C22014; Sat, 17 Nov 2018 09:36:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C7815C22285; Sat, 17 Nov 2018 09:35:18 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E6AB2C222A8; Sat, 17 Nov 2018 09:34:56 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by lists.denx.de (Postfix) with ESMTPS id BB2A5C22384 for ; Sat, 17 Nov 2018 09:34:52 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id q26so790829wmf.5 for ; Sat, 17 Nov 2018 01:34:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=xGRwyWt8tHpOLMPDYSCO4m/GL2gumsUAtLh87QazDm4=; b=oxXdlOIrYEpFY7MOJ8UvOWAIAA8yzFm4S2Yx75FpE7LPOAIXuDQV1X3T9XXq9G1dRW kvdcMzR6mfJeGCXAfa1mP791lSF7eb1AhhWeqR7JfCB78qgscpJ+VUs51HeHEX6b02hD qHjZtRVN2zIKscfzVoYM06PGyYHoy39jJBORce8ThCZXIP6x1RXx741epneFfeSkUXaX lmW5poycq+M1I4ZXIvn6R0akzpEnd+TVVxPrFnhSIZdn0HtZ4CgFweD0loMNbttXJM7O CdzzaPms2boqJKUIst4DkTl2i4lDIjHO1BszGkzter1hHCS8REtmtFKDauSLjZZWRLzg HRWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=xGRwyWt8tHpOLMPDYSCO4m/GL2gumsUAtLh87QazDm4=; b=i5WyrXxPNIdK0XF1IkImerJvWWcX+paqU9+TxyFX25vbn6hNzuuu/cGBHq+aAKsb/e haUii28ZKQ3rCzH6hSL0pKY1wyoRtkZdwm+L9762AMb/CNfumBkD77vbBcmfJSKcXEJ0 bY+mVjtoc8N1SjMpdWIWsEJUyy4zu2gFN6oJN4ttNx9WajZtRrTLAhh+BGNGKWDE9QZJ 0dNXYtJ+nRPKqByUzvsGekg93A/YY0D3ZOzBA+vvsFtuaRWeS+NZyjnoN/YnH/gxK9ay oDUU5l4OYwqFl8ro+olF/1l/JlgovgHQfm2za00wuN4J3H0jyGg2h4cCEfpOOAgsE29D 20Zg== X-Gm-Message-State: AGRZ1gJcWjmQg+VGD7tZFE8eb5vFctvBzjMUVysSEXx0n+hEgwv6vt8o 1hIzV0syomxDImpJSxb9uAs= X-Google-Smtp-Source: AJdET5d6FsL5b2fxlj/Yt4JGJQVtq2rn0MfkHfoyzQhGAQynqYgpIEMyPDPrvRVQoE8ZiUpmBjPJcw== X-Received: by 2002:a1c:bb42:: with SMTP id l63-v6mr1204257wmf.32.1542447292481; Sat, 17 Nov 2018 01:34:52 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:51 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:28 +0100 Message-Id: <20181117093430.15827-7-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Andrea Barisani Subject: [U-Boot] [PATCH v2 6/8] lmb: remove unused extern declaration X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" lmb.h includes an extern declaration of "struct lmb lmb;" which is not used anywhere, so remove it. Signed-off-by: Simon Goldschmidt --- Changes in v2: - this patch is new in v2 include/lmb.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/lmb.h b/include/lmb.h index 62da85e716..1bb003e35e 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -28,8 +28,6 @@ struct lmb { struct lmb_region reserved; }; -extern struct lmb lmb; - extern void lmb_init(struct lmb *lmb); extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size, void *fdt_blob); From patchwork Sat Nov 17 09:34:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Goldschmidt X-Patchwork-Id: 999275 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="VC9VFw6K"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42xqmc4F5Lz9s9m for ; Sat, 17 Nov 2018 20:38:56 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 40F3FC22363; Sat, 17 Nov 2018 09:36:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 261ECC22380; Sat, 17 Nov 2018 09:35:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 7DC5FC22333; Sat, 17 Nov 2018 09:35:02 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by lists.denx.de (Postfix) with ESMTPS id 92005C222A8 for ; Sat, 17 Nov 2018 09:34:57 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id r63-v6so799656wma.4 for ; Sat, 17 Nov 2018 01:34:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wbJklMEWa5CLUUElStPiL3CzvYp6HuWNOE9nqyf9RWY=; b=VC9VFw6KW22nWsItZoDKheLWhEHJ0DRfyIBqXGgL2Q/cYBVWDd9XBfdwzwpxKwEWF2 7ZtgPndyfLuHbOB2V7nOsgbmof4D52gWWfWcAd4uFW9GGrFTKpbx1V0l2xBgAzf3dq8Q dF0rF8DITU2w09LJvWCFby1ioHt0J5PUDmD4TY+zdrTn1/HazLpen9368657Wq5gwAk4 Phy2kWgen7opO9zuTr8pfjt8bQNJsuiUjn12YRWylKzezir64R2/j0Neiuw1EkJ/sH9e VwUP4zyVI8LvVCZYimN1j/zGFzBBT1WQnfqtUgKOBlLdAlIgejB69fdnpem0bqWmL5hm SLfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wbJklMEWa5CLUUElStPiL3CzvYp6HuWNOE9nqyf9RWY=; b=X5FVYBuHo7Ro4kwl9iCa8yvWF6Ndcu597YtOT3NWMnqw6/V6B8MGWnQSNuq43WS4G6 axUDRwOaoF7of/mKTaXJTi0RcYOtGtdbyUThCgpz0JR613d26WhtOiRjsVv1B2HhlVkF AdH4taxEvkpmZeUN46xOrqXV7a9lcp0yeF/Ch0qa4yDR4UuK8bZpszYkpY6NZtf/4Xlf tfKlY8i5vLgVFLm9ag8lpiLo7KppY5PCfw7gS0kWRIw4zfTvdzO9u5SeWOdgJT8cKcmt hS/uLEn1rPA+hlhq9G9FwwgNbmHRW9yVq/VUSDQYNFcGQOP7/4n4X4U4hWtx7Lubvrno wpzw== X-Gm-Message-State: AA+aEWZ53nZm7RLHvJr/lyZNeii6CVtj6Frq7F3dOzGL5ZjKvPtdBXGB P8P9DiXHb+ZPYkcrqhUG6Fyhp3xq X-Google-Smtp-Source: AJdET5dJ7KHCYcr9/nlUlcu4a6AvQ1Y1xqt7qaUziC7RXuqYbW1+0ViH6ErPc0JjC5JCZvoLLkjg8Q== X-Received: by 2002:a1c:9f8f:: with SMTP id i137mr1085832wme.30.1542447297165; Sat, 17 Nov 2018 01:34:57 -0800 (PST) Received: from ubuntu.home ([2a02:8071:6a3:700:456c:50ae:6b7:768d]) by smtp.gmail.com with ESMTPSA id p19-v6sm17660541wmc.46.2018.11.17.01.34.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 01:34:56 -0800 (PST) From: Simon Goldschmidt To: Tom Rini , u-boot@lists.denx.de, Joe Hershberger Date: Sat, 17 Nov 2018 10:34:30 +0100 Message-Id: <20181117093430.15827-9-simon.k.r.goldschmidt@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> References: <20181117093430.15827-1-simon.k.r.goldschmidt@gmail.com> Cc: Heinrich Schuchardt , Andrea Barisani Subject: [U-Boot] [PATCH v2 8/8] tftp: prevent overwriting reserved memory X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This fixes CVE-2018-18439 ("insufficient boundary checks in network image boot") by using lmb to check for a valid range to store received blocks. Signed-off-by: Simon Goldschmidt --- Changes in v2: - this patch is new in v2 net/tftp.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 9 deletions(-) diff --git a/net/tftp.c b/net/tftp.c index 563ce3a06f..390394199d 100644 --- a/net/tftp.c +++ b/net/tftp.c @@ -17,6 +17,8 @@ #include #endif +DECLARE_GLOBAL_DATA_PTR; + /* Well known TFTP port # */ #define WELL_KNOWN_PORT 69 /* Millisecs to timeout for lost pkt */ @@ -81,6 +83,8 @@ static ulong tftp_block_wrap; /* memory offset due to wrapping */ static ulong tftp_block_wrap_offset; static int tftp_state; +static ulong tftp_load_addr; +static ulong tftp_load_size; #ifdef CONFIG_TFTP_TSIZE /* The file size reported by the server */ static int tftp_tsize; @@ -134,10 +138,11 @@ static char tftp_filename[MAX_LEN]; static unsigned short tftp_block_size = TFTP_BLOCK_SIZE; static unsigned short tftp_block_size_option = TFTP_MTU_BLOCKSIZE; -static inline void store_block(int block, uchar *src, unsigned len) +static inline int store_block(int block, uchar *src, unsigned int len) { ulong offset = block * tftp_block_size + tftp_block_wrap_offset; ulong newsize = offset + len; + ulong store_addr = tftp_load_addr + offset; #ifdef CONFIG_SYS_DIRECT_FLASH_TFTP int i, rc = 0; @@ -145,30 +150,38 @@ static inline void store_block(int block, uchar *src, unsigned len) /* start address in flash? */ if (flash_info[i].flash_id == FLASH_UNKNOWN) continue; - if (load_addr + offset >= flash_info[i].start[0]) { + if (store_addr >= flash_info[i].start[0]) { rc = 1; break; } } if (rc) { /* Flash is destination for this packet */ - rc = flash_write((char *)src, (ulong)(load_addr+offset), len); + rc = flash_write((char *)src, store_addr, len); if (rc) { flash_perror(rc); - net_set_state(NETLOOP_FAIL); - return; + return rc; } } else #endif /* CONFIG_SYS_DIRECT_FLASH_TFTP */ { - void *ptr = map_sysmem(load_addr + offset, len); + void *ptr; + if (store_addr < tftp_load_addr || + store_addr + len > tftp_load_addr + tftp_load_size) { + puts("\nTFTP error: "); + puts("trying to overwrite reserved memory...\n"); + return -1; + } + ptr = map_sysmem(store_addr, len); memcpy(ptr, src, len); unmap_sysmem(ptr); } if (net_boot_file_size < newsize) net_boot_file_size = newsize; + + return 0; } /* Clear our state ready for a new transfer */ @@ -527,7 +540,11 @@ static void tftp_handler(uchar *pkt, unsigned dest, struct in_addr sip, timeout_count_max = tftp_timeout_count_max; net_set_timeout_handler(timeout_ms, tftp_timeout_handler); - store_block(tftp_cur_block - 1, pkt + 2, len); + if (store_block(tftp_cur_block - 1, pkt + 2, len)) { + eth_halt(); + net_set_state(NETLOOP_FAIL); + break; + } /* * Acknowledge the block just received, which will prompt @@ -577,6 +594,24 @@ static void tftp_timeout_handler(void) } } +/* Initialize tftp_load_addr and tftp_load_size from load_addr and lmb */ +static int tftp_init_load_addr(void) +{ + struct lmb lmb; + phys_size_t max_size; + + tftp_load_addr = load_addr; + + lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start, + gd->bd->bi_dram[0].size, (void *)gd->fdt_blob); + + max_size = lmb_get_unreserved_size(&lmb, tftp_load_addr); + if (!max_size) + return -1; + + tftp_load_size = max_size; + return 0; +} void tftp_start(enum proto_t protocol) { @@ -673,7 +708,14 @@ void tftp_start(enum proto_t protocol) } else #endif { - printf("Load address: 0x%lx\n", load_addr); + if (tftp_init_load_addr()) { + eth_halt(); + net_set_state(NETLOOP_FAIL); + puts("\nTFTP error: "); + puts("trying to overwrite reserved memory...\n"); + return; + } + printf("Load address: 0x%lx\n", tftp_load_addr); puts("Loading: *\b"); tftp_state = STATE_SEND_RRQ; #ifdef CONFIG_CMD_BOOTEFI @@ -721,9 +763,15 @@ void tftp_start_server(void) { tftp_filename[0] = 0; + if (tftp_init_load_addr()) { + eth_halt(); + net_set_state(NETLOOP_FAIL); + puts("\nTFTP error: trying to overwrite reserved memory...\n"); + return; + } printf("Using %s device\n", eth_get_name()); printf("Listening for TFTP transfer on %pI4\n", &net_ip); - printf("Load address: 0x%lx\n", load_addr); + printf("Load address: 0x%lx\n", tftp_load_addr); puts("Loading: *\b");