From af0d4bce65df277b56e495892dff1c712ed76ddd Mon Sep 17 00:00:00 2001
From: Nico Huber <nico.h@gmx.de>
Date: Thu, 11 Jan 2024 18:59:24 +0100
Subject: region: Introduce region_create() functions

We introduce two new functions to create region objects. They allow us
to check for integer overflows (region_create_untrusted()) or assert
their absence (region_create()).

This fixes potential overflows in region_overlap() checks in SMI
handlers, where we would wrongfully report MMIO as *not* overlapping
SMRAM.

Also, two cases of strtol() in parse_region() (cbfstool),  where the
results were implicitly converted to `size_t`, are replaced with the
unsigned strtoul().

FIT payload support is left out, as it doesn't use the region API
(only the struct).

Change-Id: I4ae3e6274c981c9ab4fb1263c2a72fa68ef1c32b
Ticket: https://ticket.coreboot.org/issues/522
Found-by: Vadim Zaliva <lord@digamma.ai>
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79905
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
---
 src/commonlib/include/commonlib/region.h | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'src/commonlib/include')

diff --git a/src/commonlib/include/commonlib/region.h b/src/commonlib/include/commonlib/region.h
index 25efcc8724..45a3b8d7b7 100644
--- a/src/commonlib/include/commonlib/region.h
+++ b/src/commonlib/include/commonlib/region.h
@@ -6,6 +6,7 @@
 #include <sys/types.h>
 #include <stddef.h>
 #include <stdbool.h>
+#include <commonlib/bsd/cb_err.h>
 #include <commonlib/bsd/helpers.h>
 #include <commonlib/mem_pool.h>
 
@@ -94,10 +95,20 @@ struct region_device {
 		},					\
 	}
 
-/* Helper to dynamically initialize region device. */
-void region_device_init(struct region_device *rdev,
-			const struct region_device_ops *ops, size_t offset,
-			size_t size);
+static inline struct region region_create(size_t offset, size_t size)
+{
+	assert(offset + size - 1 >= offset);
+	return (struct region){ .offset = offset, .size = size };
+}
+
+static inline enum cb_err region_create_untrusted(
+		struct region *r, unsigned long long offset, unsigned long long size)
+{
+	if (offset > SIZE_MAX || size > SIZE_MAX || (size_t)(offset + size - 1) < offset)
+		return CB_ERR_ARG;
+	*r = (struct region){ .offset = offset, .size = size };
+	return CB_SUCCESS;
+}
 
 /* Return 1 if child is subregion of parent, else 0. */
 int region_is_subregion(const struct region *p, const struct region *c);
@@ -123,6 +134,11 @@ static inline bool region_overlap(const struct region *r1, const struct region *
 	       (region_offset(r1) < region_end(r2));
 }
 
+/* Helper to dynamically initialize region device. */
+void region_device_init(struct region_device *rdev,
+			const struct region_device_ops *ops, size_t offset,
+			size_t size);
+
 static inline const struct region *region_device_region(
 					const struct region_device *rdev)
 {
-- 
cgit v1.2.3