diff options
| author | Nico Huber <nico.h@gmx.de> | 2024-01-11 18:59:24 +0100 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2024-08-11 17:07:32 +0000 |
| commit | af0d4bce65df277b56e495892dff1c712ed76ddd (patch) | |
| tree | 73aef7f8fb6301f0af8e08e3f7f78823d0ebdfe6 /util/cbfstool/cbfstool.c | |
| parent | 0e9830884c118735ad0122c81156473d91f57cf1 (diff) | |
region: Introduce region_create() functions
We introduce two new functions to create region objects. They allow us
to check for integer overflows (region_create_untrusted()) or assert
their absence (region_create()).
This fixes potential overflows in region_overlap() checks in SMI
handlers, where we would wrongfully report MMIO as *not* overlapping
SMRAM.
Also, two cases of strtol() in parse_region() (cbfstool), where the
results were implicitly converted to `size_t`, are replaced with the
unsigned strtoul().
FIT payload support is left out, as it doesn't use the region API
(only the struct).
Change-Id: I4ae3e6274c981c9ab4fb1263c2a72fa68ef1c32b
Ticket: https://ticket.coreboot.org/issues/522
Found-by: Vadim Zaliva <lord@digamma.ai>
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79905
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Diffstat (limited to 'util/cbfstool/cbfstool.c')
| -rw-r--r-- | util/cbfstool/cbfstool.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c index f81c133bf1..cc8dbb5e3c 100644 --- a/util/cbfstool/cbfstool.c +++ b/util/cbfstool/cbfstool.c @@ -324,19 +324,25 @@ struct mmap_window { static int mmap_window_table_size; static struct mmap_window mmap_window_table[MMAP_MAX_WINDOWS]; -static void add_mmap_window(size_t flash_offset, size_t host_offset, - size_t window_size) +static int add_mmap_window(unsigned long flash_offset, unsigned long host_offset, unsigned long window_size) { if (mmap_window_table_size >= MMAP_MAX_WINDOWS) { ERROR("Too many memory map windows\n"); - return; + return 1; + } + + if (region_create_untrusted( + &mmap_window_table[mmap_window_table_size].flash_space, + flash_offset, window_size) != CB_SUCCESS || + region_create_untrusted( + &mmap_window_table[mmap_window_table_size].host_space, + host_offset, window_size) != CB_SUCCESS) { + ERROR("Invalid mmap window size %lu.\n", window_size); + return 1; } - mmap_window_table[mmap_window_table_size].flash_space.offset = flash_offset; - mmap_window_table[mmap_window_table_size].host_space.offset = host_offset; - mmap_window_table[mmap_window_table_size].flash_space.size = window_size; - mmap_window_table[mmap_window_table_size].host_space.size = window_size; mmap_window_table_size++; + return 0; } @@ -377,7 +383,9 @@ static int decode_mmap_arg(char *arg) return 1; } - add_mmap_window(mmap_args.flash_base, mmap_args.mmap_base, mmap_args.mmap_size); + if (add_mmap_window(mmap_args.flash_base, mmap_args.mmap_base, mmap_args.mmap_size)) + return 1; + return 0; } @@ -403,7 +411,8 @@ static bool create_mmap_windows(void) * maximum of 16MiB. If the window is smaller than 16MiB, the SPI flash window is mapped * at the top of the host window just below 4G. */ - add_mmap_window(std_window_flash_offset, DEFAULT_DECODE_WINDOW_TOP - std_window_size, std_window_size); + if (add_mmap_window(std_window_flash_offset, DEFAULT_DECODE_WINDOW_TOP - std_window_size, std_window_size)) + return false; } else { /* * Check provided memory map |