From 4cc8af8037ebabd674d0a6bed202b0c711dc7699 Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Mon, 14 Jan 2019 22:38:18 +0100 Subject: lib: lmb: extend lmb for checks at load time This adds two new functions, lmb_alloc_addr and lmb_get_unreserved_size. lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a pre-specified address range. Unlike lmb_reserve, this address range must be inside one of the memory ranges that has been set up with lmb_add. lmb_get_unreserved_size returns the number of bytes that can be used up to the next reserved region or the end of valid ram. This can be 0 if the address passed is reserved. Added test for these new functions. Reviewed-by: Simon Glass Signed-off-by: Simon Goldschmidt --- include/lmb.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/lmb.h') diff --git a/include/lmb.h b/include/lmb.h index f04d058093..7d7e2a78dc 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -38,6 +38,9 @@ extern phys_addr_t lmb_alloc_base(struct lmb *lmb, phys_size_t size, ulong align phys_addr_t max_addr); extern phys_addr_t __lmb_alloc_base(struct lmb *lmb, phys_size_t size, ulong align, phys_addr_t max_addr); +extern phys_addr_t lmb_alloc_addr(struct lmb *lmb, phys_addr_t base, + phys_size_t size); +extern phys_size_t lmb_get_unreserved_size(struct lmb *lmb, phys_addr_t addr); extern int lmb_is_reserved(struct lmb *lmb, phys_addr_t addr); extern long lmb_free(struct lmb *lmb, phys_addr_t base, phys_size_t size); -- cgit From aa3c609e2be5a837e7b81e308d47f55b67666bd6 Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Mon, 14 Jan 2019 22:38:19 +0100 Subject: fs: prevent overwriting reserved memory This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt Reviewed-by: Simon Glass --- include/lmb.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/lmb.h') diff --git a/include/lmb.h b/include/lmb.h index 7d7e2a78dc..62da85e716 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -31,6 +31,8 @@ struct lmb { extern struct lmb lmb; extern void lmb_init(struct lmb *lmb); +extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, + phys_size_t size, void *fdt_blob); extern long lmb_add(struct lmb *lmb, phys_addr_t base, phys_size_t size); extern long lmb_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size); extern phys_addr_t lmb_alloc(struct lmb *lmb, phys_size_t size, ulong align); -- cgit From a85c213f4725fc097e28795d87136e05508ba70b Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Mon, 14 Jan 2019 22:38:21 +0100 Subject: lmb: remove unused extern declaration lmb.h includes an extern declaration of "struct lmb lmb;" which is not used anywhere, so remove it. Reviewed-by: Simon Glass Signed-off-by: Simon Goldschmidt --- include/lmb.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/lmb.h') diff --git a/include/lmb.h b/include/lmb.h index 62da85e716..1bb003e35e 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -28,8 +28,6 @@ struct lmb { struct lmb_region reserved; }; -extern struct lmb lmb; - extern void lmb_init(struct lmb *lmb); extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size, void *fdt_blob); -- cgit