[U-Boot] [PATCH 3/3] cbfs: add support for cbfs header components
Alexander Graf
agraf at suse.de
Thu Feb 22 00:15:29 UTC 2018
On 15.02.18 07:40, Andre Heider wrote:
> This fixes walking the cbfs file list because the bound checks do not
> apply to header components.
>
> Output of coreboot's cbfstool:
> Name Offset Type Size Comp
> cbfs master header 0x0 cbfs header 32 none
> fallback/romstage 0x80 stage 21344 none
> fallback/ramstage 0x5440 stage 36848 none
> config 0xe480 raw 310 none
> revision 0xe600 raw 575 none
> fallback/bl31 0xe880 payload 15931 none
> fallback/payload 0x12700 payload 205449 none
> (empty) 0x44a00 null 111768 none
> header pointer 0x5fec0 cbfs header 4 none
>
> Output of u-boot's cbfsls:
> size type name
> ------------------------------------------
> 32 cbfs header cbfs master header
> 21344 stage fallback/romstage
> 36848 stage fallback/ramstage
> 310 raw config
> 575 raw revision
> 15931 payload fallback/bl31
> 205449 payload fallback/payload
> 111768 null (empty)
> 4 cbfs header header pointer
I don't see a before/after comparison? What output exactly did get fixed?
I don't quite understand what case exactly this fixes. The bounds check
seems to try to find out whether the header is within the master header
range, right?
So doesn't this just mean we're reading beyond the expected fs size?
Alex
>
> Signed-off-by: Andre Heider <a.heider at gmail.com>
> ---
> cmd/cbfs.c | 3 +++
> fs/cbfs/cbfs.c | 10 ++++++----
> include/cbfs.h | 1 +
> 3 files changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/cmd/cbfs.c b/cmd/cbfs.c
> index 736f8c4527..f5ad04c45a 100644
> --- a/cmd/cbfs.c
> +++ b/cmd/cbfs.c
> @@ -113,6 +113,9 @@ static int do_cbfs_ls(cmd_tbl_t *cmdtp, int flag, int argc,
> printf(" %8d", file_cbfs_size(file));
>
> switch (type) {
> + case CBFS_COMPONENT_CBFSHEADER:
> + type_name = "cbfs header";
> + break;
> case CBFS_TYPE_STAGE:
> type_name = "stage";
> break;
> diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
> index 46da8f134f..389f60702b 100644
> --- a/fs/cbfs/cbfs.c
> +++ b/fs/cbfs/cbfs.c
> @@ -97,10 +97,12 @@ static int file_cbfs_next_file(u8 *start, u32 size, u32 align,
> }
>
> swap_file_header(&header, fileHeader);
> - if (header.offset < sizeof(struct cbfs_fileheader) ||
> - header.offset > header.len) {
> - file_cbfs_result = CBFS_BAD_FILE;
> - return -1;
> + if (header.type != CBFS_COMPONENT_CBFSHEADER) {
> + if (header.offset < sizeof(struct cbfs_fileheader) ||
> + header.offset > header.len) {
> + file_cbfs_result = CBFS_BAD_FILE;
> + return -1;
> + }
> }
> newNode->next = NULL;
> newNode->type = header.type;
> diff --git a/include/cbfs.h b/include/cbfs.h
> index f50280107b..d5d9d8ce97 100644
> --- a/include/cbfs.h
> +++ b/include/cbfs.h
> @@ -19,6 +19,7 @@ enum cbfs_result {
> };
>
> enum cbfs_filetype {
> + CBFS_COMPONENT_CBFSHEADER = 0x02,
> CBFS_TYPE_STAGE = 0x10,
> CBFS_TYPE_PAYLOAD = 0x20,
> CBFS_TYPE_OPTIONROM = 0x30,
>
More information about the U-Boot
mailing list