diff options
author | Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> | 2019-01-26 22:13:04 +0100 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2019-02-02 08:19:17 -0500 |
commit | 9cc2323feebdde500f50f7abb855045dbde765cb (patch) | |
tree | 7d4c0bf226c098a560620457a6e4a96321a47bee | |
parent | e3b4fc9598388f47632a8c802aaa68b1154526f2 (diff) | |
download | u-boot-9cc2323feebdde500f50f7abb855045dbde765cb.tar.gz |
lmb: handle more than one DRAM BANK
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.
This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.
Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
-rw-r--r-- | common/bootm.c | 4 | ||||
-rw-r--r-- | fs/fs.c | 3 | ||||
-rw-r--r-- | include/lmb.h | 7 | ||||
-rw-r--r-- | lib/lmb.c | 37 | ||||
-rw-r--r-- | net/tftp.c | 3 |
5 files changed, 41 insertions, 13 deletions
diff --git a/common/bootm.c b/common/bootm.c index a4618b6d2e..7c7505f092 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -59,8 +59,8 @@ static void boot_start_lmb(bootm_headers_t *images) mem_start = env_get_bootm_low(); mem_size = env_get_bootm_size(); - lmb_init_and_reserve(&images->lmb, (phys_addr_t)mem_start, mem_size, - NULL); + lmb_init_and_reserve_range(&images->lmb, (phys_addr_t)mem_start, + mem_size, NULL); } #else #define lmb_reserve(lmb, base, size) @@ -454,8 +454,7 @@ static int fs_read_lmb_check(const char *filename, ulong addr, loff_t offset, if (len && len < read_len) read_len = len; - lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start, - gd->bd->bi_dram[0].size, (void *)gd->fdt_blob); + lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob); lmb_dump_all(&lmb); if (lmb_alloc_addr(&lmb, addr, read_len) == addr) diff --git a/include/lmb.h b/include/lmb.h index e87c0b0ada..3b338dfee0 100644 --- a/include/lmb.h +++ b/include/lmb.h @@ -4,6 +4,8 @@ #ifdef __KERNEL__ #include <asm/types.h> +#include <asm/u-boot.h> + /* * Logical memory blocks. * @@ -29,8 +31,9 @@ struct lmb { }; extern void lmb_init(struct lmb *lmb); -extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, - phys_size_t size, void *fdt_blob); +extern void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob); +extern void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base, + phys_size_t size, void *fdt_blob); extern long lmb_add(struct lmb *lmb, phys_addr_t base, phys_size_t size); extern long lmb_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size); extern phys_addr_t lmb_alloc(struct lmb *lmb, phys_size_t size, ulong align); @@ -98,12 +98,8 @@ void lmb_init(struct lmb *lmb) lmb->reserved.size = 0; } -/* Initialize the struct, add memory and call arch/board reserve functions */ -void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size, - void *fdt_blob) +static void lmb_reserve_common(struct lmb *lmb, void *fdt_blob) { - lmb_init(lmb); - lmb_add(lmb, base, size); arch_lmb_reserve(lmb); board_lmb_reserve(lmb); @@ -111,6 +107,37 @@ void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size, boot_fdt_add_mem_rsv_regions(lmb, fdt_blob); } +/* Initialize the struct, add memory and call arch/board reserve functions */ +void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob) +{ +#ifdef CONFIG_NR_DRAM_BANKS + int i; +#endif + + lmb_init(lmb); +#ifdef CONFIG_NR_DRAM_BANKS + for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) { + if (bd->bi_dram[i].size) { + lmb_add(lmb, bd->bi_dram[i].start, + bd->bi_dram[i].size); + } + } +#else + if (bd->bi_memsize) + lmb_add(lmb, bd->bi_memstart, bd->bi_memsize); +#endif + lmb_reserve_common(lmb, fdt_blob); +} + +/* Initialize the struct, add memory and call arch/board reserve functions */ +void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base, + phys_size_t size, void *fdt_blob) +{ + lmb_init(lmb); + lmb_add(lmb, base, size); + lmb_reserve_common(lmb, fdt_blob); +} + /* This routine called with relocation disabled. */ static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size) { diff --git a/net/tftp.c b/net/tftp.c index eca801aa19..34488b76c8 100644 --- a/net/tftp.c +++ b/net/tftp.c @@ -606,8 +606,7 @@ static int tftp_init_load_addr(void) struct lmb lmb; phys_size_t max_size; - lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start, - gd->bd->bi_dram[0].size, (void *)gd->fdt_blob); + lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob); max_size = lmb_get_free_size(&lmb, load_addr); if (!max_size) |