diff options
author | Nicola Corna <nicola@corna.info> | 2018-05-15 17:15:03 +0200 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2018-05-29 07:31:09 +0000 |
commit | 14604dad4e470e8140d18296bd28b42c4bb26668 (patch) | |
tree | 90763dee80922ed79b8273764e2936cfcefc166f | |
parent | b433d26ef11b78dda353723ff7c8797d06f76f21 (diff) |
sb/intel/{bd82x6x,ibexpeak}: Fix out of bounds access in intel_me_status()
On Ibex Peak (and maybe also on other platforms), when the AltMeDisable
bit is set (-S or -s option of me_cleaner), the ME PCI device disappears
from the bus and its configuration space is all ones.
This causes a freeze in intel_me_status(), as coreboot tries to access
an out of bounds array element.
Change-Id: I957abebe1db15ec2c9a2b439f0103106bfa56b33
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/26601
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
-rw-r--r-- | src/southbridge/intel/bd82x6x/early_me.c | 13 | ||||
-rw-r--r-- | src/southbridge/intel/bd82x6x/early_me_mrc.c | 13 |
2 files changed, 20 insertions, 6 deletions
diff --git a/src/southbridge/intel/bd82x6x/early_me.c b/src/southbridge/intel/bd82x6x/early_me.c index 47b8708ba7..bda139b1fe 100644 --- a/src/southbridge/intel/bd82x6x/early_me.c +++ b/src/southbridge/intel/bd82x6x/early_me.c @@ -18,6 +18,7 @@ #include <console/console.h> #include <delay.h> #include <device/pci_ids.h> +#include <device/pci_def.h> #include <halt.h> #include <string.h> #include <timestamp.h> @@ -45,11 +46,17 @@ void intel_early_me_status(void) { struct me_hfs hfs; struct me_gmes gmes; + u32 id = pci_read_config32(PCH_ME_DEV, PCI_VENDOR_ID); - pci_read_dword_ptr(&hfs, PCI_ME_HFS); - pci_read_dword_ptr(&gmes, PCI_ME_GMES); + if ((id == 0xffffffff) || (id == 0x00000000) || + (id == 0x0000ffff) || (id == 0xffff0000)) { + printk(BIOS_DEBUG, "Missing Intel ME PCI device.\n"); + } else { + pci_read_dword_ptr(&hfs, PCI_ME_HFS); + pci_read_dword_ptr(&gmes, PCI_ME_GMES); - intel_me_status(&hfs, &gmes); + intel_me_status(&hfs, &gmes); + } } int intel_early_me_init(void) diff --git a/src/southbridge/intel/bd82x6x/early_me_mrc.c b/src/southbridge/intel/bd82x6x/early_me_mrc.c index 8faab62c04..a6562c77a7 100644 --- a/src/southbridge/intel/bd82x6x/early_me_mrc.c +++ b/src/southbridge/intel/bd82x6x/early_me_mrc.c @@ -18,6 +18,7 @@ #include <console/console.h> #include <delay.h> #include <device/pci_ids.h> +#include <device/pci_def.h> #include <halt.h> #include <string.h> #include "me.h" @@ -51,11 +52,17 @@ void intel_early_me_status(void) { struct me_hfs hfs; struct me_gmes gmes; + u32 id = pci_read_config32(PCH_ME_DEV, PCI_VENDOR_ID); - pci_read_dword_ptr(&hfs, PCI_ME_HFS); - pci_read_dword_ptr(&gmes, PCI_ME_GMES); + if ((id == 0xffffffff) || (id == 0x00000000) || + (id == 0x0000ffff) || (id == 0xffff0000)) { + printk(BIOS_DEBUG, "Missing Intel ME PCI device.\n"); + } else { + pci_read_dword_ptr(&hfs, PCI_ME_HFS); + pci_read_dword_ptr(&gmes, PCI_ME_GMES); - intel_me_status(&hfs, &gmes); + intel_me_status(&hfs, &gmes); + } } int intel_early_me_init(void) |