[U-Boot] [PATCH] fs: cbfs: remove wrong header validation

Bin Meng bmeng.cn at gmail.com
Tue Dec 18 08:57:00 UTC 2018 

Hi Christian,

On Tue, Dec 18, 2018 at 4:18 PM Christian Gmeiner
<christian.gmeiner at gmail.com> wrote:
>
> Am Mi., 12. Dez. 2018 um 15:27 Uhr schrieb Christian Gmeiner
> <christian.gmeiner at gmail.com>:
> >
> > Hi Bin,
> >
> > Finally I have some time to look deeper into this issue.
> >
> > >
> > > On Thu, Sep 20, 2018 at 10:47 PM Christian Gmeiner
> > > <christian.gmeiner at gmail.com> wrote:
> > > >
> > > > Coreboot does not contain such a check:
> > > > https://github.com/coreboot/coreboot/blob/eeb4e20b2f6d786c92fe3efb30817e90389a2bfe/src/commonlib/cbfs.c#L64
> > > >
> > > > Before this change cbfsinit failed with 'Bad CBFS file'. After this change all cbfs commands
> > > > are working as expected.
> > > >
> > > > Signed-off-by: Christian Gmeiner <christian.gmeiner at gmail.com>
> > > > ---
> > > >  fs/cbfs/cbfs.c | 6 +-----
> > > >  1 file changed, 1 insertion(+), 5 deletions(-)
> > > >
> > > > diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
> > > > index 0dce639b49..2a581f0c18 100644
> > > > --- a/fs/cbfs/cbfs.c
> > > > +++ b/fs/cbfs/cbfs.c
> > > > @@ -96,11 +96,7 @@ static int file_cbfs_next_file(u8 *start, u32 size, u32 align,
> > > >                 }
> > > >
> > > >                 swap_file_header(&header, fileHeader);
> > > > -               if (header.offset < sizeof(struct cbfs_fileheader) ||
> > > > -                   header.offset > header.len) {
> > > > -                       file_cbfs_result = CBFS_BAD_FILE;
> > > > -                       return -1;
> > > > -               }
> > >
> > > It looks to me the existing codes were doing some sanity checks. Can
> > > you elaborate why this is failing on your board? In your coreboot
> > > reference, I don't see exactly how U-Boot codes are connected to the
> > > coreboot one.
> > >
> >
> > This has nothing to do with my board at all - I can easily reproduce
> > this issue under qemu:
> >
> > qemu-system-i386 -bios build/coreboot.rom  -hda /dev/zero -serial
> > stdio -display none
> > WARNING: Image format was not specified for '/dev/zero' and probing guessed raw.
> >          Automatically detecting the format is dangerous for raw
> > images, write operations on block 0 will be restricted.
> >          Specify the 'raw' format explicitly to remove the restrictions.
> >
> >
> > coreboot-4.8-2510-g303a4bfd4a Wed Dec 12 02:20:54 UTC 2018 bootblock starting...
> > CBFS: 'Master Header Locator' located CBFS at [1fa0200:2000000)
> > CBFS: Locating 'fallback/romstage'
> > CBFS: Found @ offset 80 size 3c04
> >
> >
> > coreboot-4.8-2510-g303a4bfd4a Wed Dec 12 02:20:54 UTC 2018 romstage starting...
> > CBMEM:
> > IMD: root @ 07fff000 254 entries.
> > IMD: root @ 07ffec00 62 entries.
> > CBFS: 'Master Header Locator' located CBFS at [1fa0200:2000000)
> > CBFS: Locating 'fallback/ramstage'
> > CBFS: Found @ offset 3d00 size acb2
> > Decompressing stage fallback/ramstage @ 0x07fbcfc0 (128664 bytes)
> > Loading module at 07fbd000 with entry 07fbd000. filesize: 0x15750
> > memsize: 0x1f658
> > Processing 1257 relocs. Offset value of 0x071bd000
> >
> >
> > coreboot-4.8-2510-g303a4bfd4a Wed Dec 12 02:20:54 UTC 2018 ramstage starting...
> > Enumerating buses...
> > CPU_CLUSTER: 0 enabled
> > DOMAIN: 0000 enabled
> > QEMU: firmware config interface detected
> > QEMU: max_cpus is 1
> > CPU: APIC: 00 enabled
> > scan_bus: scanning of bus CPU_CLUSTER: 0 took 0 usecs
> > PCI: pci_scan_bus for bus 00
> > PCI: 00:00.0 [8086/1237] enabled
> > PCI: 00:01.0 [8086/7000] enabled
> > PCI: 00:01.1 [8086/7010] enabled
> > PCI: 00:01.3 [8086/7113] enabled
> > PCI: 00:02.0 [1234/1111] enabled
> > PCI: 00:03.0 [8086/100e] enabled
> > scan_bus: scanning of bus PCI: 00:01.0 took 0 usecs
> > scan_bus: scanning of bus PCI: 00:01.3 took 0 usecs
> > scan_bus: scanning of bus DOMAIN: 0000 took 0 usecs
> > scan_bus: scanning of bus Root Device took 0 usecs
> > done
> > found VGA at PCI: 00:02.0
> > Setting up VGA for PCI: 00:02.0
> > Setting PCI_BRIDGE_CTL_VGA for bridge DOMAIN: 0000
> > Setting PCI_BRIDGE_CTL_VGA for bridge Root Device
> > Allocating resources...
> > Reading resources...
> > QEMU: 11 files in fw_cfg
> > QEMU:     bootorder [size=0]
> > QEMU:     etc/acpi/rsdp [size=36]
> > QEMU:     etc/acpi/tables [size=131072]
> > QEMU:     etc/boot-fail-wait [size=4]
> > QEMU:     etc/e820 [size=20]
> > QEMU:     etc/smbios/smbios-anchor [size=31]
> > QEMU:     etc/smbios/smbios-tables [size=320]
> > QEMU:     etc/system-states [size=6]
> > QEMU:     etc/table-loader [size=4096]
> > QEMU:     etc/tpm/log [size=0]
> > QEMU:     genroms/kvmvapic.bin [size=9216]
> > QEMU: e820/ram: 0x00000000 +0x08000000
> > QEMU: reserve ioports 0x0510-0x0511 [firmware-config]
> > QEMU: reserve ioports 0x5658-0x5658 [vmware-port]
> > QEMU: reserve ioports 0xae00-0xae0f [pci-hotplug]
> > QEMU: reserve ioports 0xaf00-0xaf1f [cpu-hotplug]
> > QEMU: reserve ioports 0xafe0-0xafe3 [piix4-gpe0]
> > Done reading resources.
> > Setting resources...
> > PCI: 00:01.1 20 <- [0x0000005840 - 0x000000584f] size 0x00000010 gran 0x04 io
> > PCI: 00:02.0 10 <- [0x00fd000000 - 0x00fdffffff] size 0x01000000 gran
> > 0x18 prefmem
> > PCI: 00:02.0 18 <- [0x00fe070000 - 0x00fe070fff] size 0x00001000 gran 0x0c mem
> > PCI: 00:02.0 30 <- [0x00fe060000 - 0x00fe06ffff] size 0x00010000 gran 0x10 romem
> > PCI: 00:03.0 10 <- [0x00fe040000 - 0x00fe05ffff] size 0x00020000 gran 0x11 mem
> > PCI: 00:03.0 14 <- [0x0000005800 - 0x000000583f] size 0x00000040 gran 0x06 io
> > PCI: 00:03.0 30 <- [0x00fe000000 - 0x00fe03ffff] size 0x00040000 gran 0x12 romem
> > Done setting resources.
> > Done allocating resources.
> > Enabling resources...
> > PCI: 00:00.0 cmd <- 00
> > PCI: 00:01.0 cmd <- 00
> > PCI: 00:01.1 cmd <- 01
> > PCI: 00:01.3 cmd <- 00
> > PCI: 00:02.0 cmd <- 03
> > PCI: 00:03.0 cmd <- 03
> > done.
> > Initializing devices...
> > Root Device init ...
> > CPU_CLUSTER: 0 init ...
> > Initializing CPU #0
> > CPU: vendor Intel device 663
> > CPU: family 06, model 06, stepping 03
> > Setting up local APIC... apic_id: 0x00 done.
> > CPU #0 initialized
> > PCI: 00:00.0 init ...
> > Assigning IRQ 10 to 0:1.3
> > Assigning IRQ 11 to 0:3.0
> > PCI: 00:01.0 init ...
> > RTC Init
> > PCI: 00:01.1 init ...
> > IDE: Primary IDE interface: on
> > IDE: Secondary IDE interface: on
> > IDE: Access to legacy IDE ports: off
> > PCI: 00:02.0 init ...
> > PCI: 00:03.0 init ...
> > Devices initialized
> > Finalize devices...
> > Devices finalized
> > Copying Interrupt Routing Table to 0x000f0000... done.
> > Copying Interrupt Routing Table to 0x07fb3000... done.
> > PIRQ table: 128 bytes.
> > QEMU: found ACPI tables in fw_cfg.
> > QEMU: loading "etc/acpi/rsdp" to 0x7f8f000 (len 36)
> > QEMU: loading "etc/acpi/tables" to 0x7f8f040 (len 131072)
> > QEMU: loaded ACPI tables from fw_cfg.
> > ACPI tables: 131136 bytes.
> > smbios_write_tables: 07f8e000
> > DOMAIN: 0000 (QEMU Northbridge i440fx)
> > QEMU: found smbios tables in fw_cfg (len 320).
> > QEMU: coreboot type0 table found at 0x7f8e020.
> > QEMU: loading smbios tables to 0x7f8e062
> > SMBIOS tables: 418 bytes.
> > Writing table forward entry at 0x00000500
> > Wrote coreboot table at: 00000500, 0x10 bytes, checksum b7e3
> > Writing coreboot table at 0x07fb4000
> >  0. 0000000000000000-0000000000000fff: CONFIGURATION TABLES
> >  1. 0000000000001000-000000000009ffff: RAM
> >  2. 00000000000c0000-0000000007f8dfff: RAM
> >  3. 0000000007f8e000-0000000007fbcfff: CONFIGURATION TABLES
> >  4. 0000000007fbd000-0000000007fdcfff: RAMSTAGE
> >  5. 0000000007fdd000-0000000007ffffff: CONFIGURATION TABLES
> >  6. 00000000ff800000-00000000ffffffff: RESERVED
> > CBFS: 'Master Header Locator' located CBFS at [1fa0200:2000000)
> > FMAP: Found "FLASH" version 1.1 at 1fa0000.
> > FMAP: base = fe000000 size = 2000000 #areas = 3
> > Wrote coreboot table at: 07fb4000, 0x264 bytes, checksum f4f2
> > coreboot table: 636 bytes.
> > IMD ROOT    0. 07fff000 00001000
> > IMD SMALL   1. 07ffe000 00001000
> > CONSOLE     2. 07fde000 00020000
> > TIME STAMP  3. 07fdd000 00000910
> > RAMSTAGE    4. 07fbc000 00021000
> > COREBOOT    5. 07fb4000 00008000
> > IRQ TABLE   6. 07fb3000 00001000
> > ACPI        7. 07f8f000 00024000
> > SMBIOS      8. 07f8e000 00000800
> > IMD small region:
> >   IMD ROOT    0. 07ffec00 00000400
> >   CAR GLOBALS 1. 07ffe9c0 00000240
> >   COREBOOTFWD 2. 07ffe980 00000028
> > CBFS: 'Master Header Locator' located CBFS at [1fa0200:2000000)
> > CBFS: Locating 'fallback/payload'
> > CBFS: Found @ offset 10000 size 354b5
> > Checking segment from ROM address 0xfffb0238
> > Checking segment from ROM address 0xfffb0254
> > Loading segment from ROM address 0xfffb0238
> >   code (compression=1)
> >   New segment dstaddr 0x01110000 memsize 0x793df srcaddr 0xfffb0270
> > filesize 0x3547d
> > Loading Segment: addr: 0x01110000 memsz: 0x00000000000793df filesz:
> > 0x000000000003547d
> > using LZMA
> > Loading segment from ROM address 0xfffb0254
> >   Entry Point 0x01110015
> > Jumping to boot code at 01110015(07fb4000)
> >
> >
> > U-Boot 2019.01-rc1-00277-gee168783ae (Dec 12 2018 - 15:10:41 +0100)
> >
> > CPU: x86, vendor Intel, device 663h
> > DRAM:  127.4 MiB
> > MMC:
> > Video: No video mode configured in coreboot!
> > Video: No video mode configured in coreboot!
> > Model: coreboot x86 payload
> > Net:   e1000: 52:54:00:12:34:56
> >
> > Warning: e1000#0 using MAC address from ROM
> > eth0: e1000#0
> > No controllers found
> > Finalizing coreboot
> > Hit any key to stop autoboot:  0
> > => cbfsinit
> > Bad CBFS file.
> > =>
> >
> >
> > So lets try to connect u-boot and coreboot sources in that area.
> >
> > file_cbfs_next_file(..):
> > https://git.denx.de/?p=u-boot.git;a=blob;f=fs/cbfs/cbfs.c;h=0dce639b49ce095ac3eede2ee9c3138f1e0af3bb;hb=HEAD#l76
> > cbfs_for_each_file(..):
> > https://github.com/coreboot/coreboot/blob/eeb4e20b2f6d786c92fe3efb30817e90389a2bfe/src/commonlib/cbfs.c#L64
> >
> > Both ot these two functions do more or less the same: look for files
> > in cbfs with the only difference that u-boots impl. does some
> > validations that
> > are not done in coreboot:
> > https://git.denx.de/?p=u-boot.git;a=blob;f=fs/cbfs/cbfs.c;h=0dce639b49ce095ac3eede2ee9c3138f1e0af3bb;hb=HEAD#l99
> >
> > With this patch cbfsinit works and cbfsinfo shows the expected output:
> > => cbfsinfo
> >
> > CBFS version: 0x31313132
> > ROM size: 0x2000000
> > Boot block size: 0x4
> > CBFS size: 0x5fdfc
> > Alignment: 64
> > Offset: 0x1fa0200
> >
> >
> > What is needed to get further with this patch?
> >
>
> ping

Sorry, I meant to take some time to have a look at this. Will do this week.

Regards,
Bin

More information about the U-Boot mailing list