summaryrefslogtreecommitdiff
path: root/lib/lmb.c
AgeCommit message (Collapse)Author
2019-01-16fs: prevent overwriting reserved memorySimon Goldschmidt
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2019-01-16lib: lmb: extend lmb for checks at load timeSimon Goldschmidt
This adds two new functions, lmb_alloc_addr and lmb_get_unreserved_size. lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a pre-specified address range. Unlike lmb_reserve, this address range must be inside one of the memory ranges that has been set up with lmb_add. lmb_get_unreserved_size returns the number of bytes that can be used up to the next reserved region or the end of valid ram. This can be 0 if the address passed is reserved. Added test for these new functions. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16lib: lmb: reserving overlapping regions should failSimon Goldschmidt
lmb_add_region handles overlapping regions wrong: instead of merging or rejecting to add a new reserved region that overlaps an existing one, it just adds the new region. Since internally the same function is used for lmb_alloc, change lmb_add_region to reject overlapping regions. Also, to keep reserved memory correct after 'free', reserved entries created by allocating memory must not set their size to a multiple of alignment but to the original size. This ensures the reserved region is completely removed when the caller calls 'lmb_free', as this one takes the same size as passed to 'lmb_alloc' etc. Add test to assert this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16lmb: fix allocation at end of address rangeSimon Goldschmidt
The lmb code fails if base + size of RAM overflows to zero. Fix this by calculating end as 'base + size - 1' instead of 'base + size' where appropriate. Added tests to assert this is fixed. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2014-10-25lmb: make local functions staticJeroen Hofstee
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-08-09lib: lmb: fix overflow in __lmb_alloc_base w/ large RAMStephen Warren
If a 32-bit system has 2GB of RAM, and the base address of that RAM is 2GB, then start+size will overflow a 32-bit value (to a value of 0). __lmb_alloc_base is affected by this; it calculates the minimum of (start+size of RAM) and max_addr. However, when start+size is 0, it is always less than max_addr, which causes the value of max_addr not to be taken into account when restricting the allocation's location. Fix this by calculating start+size separately, and if that calculation underflows, using -1 (interpreted as the max unsigned value) as the value instead, and then taking the min of that and max_addr. Now that start+size doesn't overflow, it's typically large, and max_addr dominates the min() call, and is taken into account. The user-visible symptom of this bug is that CONFIG_BOOTMAP_SZ is ignored on Tegra124 systems with 2GB of RAM, which in turn causes the DT to be relocated at the very end of RAM, which the ARM Linux kernel doesn't map during early boot, and which causes boot failures. With this fix, CONFIG_BOOTMAP_SZ correctly restricts the relocated DT to a much lower address, and everything works. Signed-off-by: Stephen Warren <swarren@nvidia.com>
2014-07-18lib:lmb: use __weakJeroen Hofstee
This not only looks a bit better it also prevents a warning with W=1 (no previous prototype). Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2013-07-24Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
2010-04-13Rename lib_generic/ to lib/Peter Tyser
Now that the other architecture-specific lib directories have been moved out of the top-level directory there's not much reason to have the '_generic' suffix on the common lib directory. Signed-off-by: Peter Tyser <ptyser@xes-inc.com>