summaryrefslogtreecommitdiff
path: root/lib/lmb.c
diff options
context:
space:
mode:
authorSimon Goldschmidt <simon.k.r.goldschmidt@gmail.com>2019-01-14 22:38:19 +0100
committerTom Rini <trini@konsulko.com>2019-01-16 16:37:05 -0500
commitaa3c609e2be5a837e7b81e308d47f55b67666bd6 (patch)
tree4e1e3090b5ec43ed88cc2790c080b2a790679d78 /lib/lmb.c
parent4cc8af8037ebabd674d0a6bed202b0c711dc7699 (diff)
downloadu-boot-aa3c609e2be5a837e7b81e308d47f55b67666bd6.tar.gz
fs: prevent overwriting reserved memory
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/lmb.c')
-rw-r--r--lib/lmb.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/lmb.c b/lib/lmb.c
index e380a0a722..3407705fa7 100644
--- a/lib/lmb.c
+++ b/lib/lmb.c
@@ -98,6 +98,19 @@ void lmb_init(struct lmb *lmb)
lmb->reserved.size = 0;
}
+/* Initialize the struct, add memory and call arch/board reserve functions */
+void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
+ void *fdt_blob)
+{
+ lmb_init(lmb);
+ lmb_add(lmb, base, size);
+ arch_lmb_reserve(lmb);
+ board_lmb_reserve(lmb);
+
+ if (IMAGE_ENABLE_OF_LIBFDT && fdt_blob)
+ boot_fdt_add_mem_rsv_regions(lmb, fdt_blob);
+}
+
/* This routine called with relocation disabled. */
static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size)
{