[PATCH] spl: spl_legacy: Add extra address checks

Peng Fan peng.fan at nxp.com
Tue Jun 20 03:01:37 CEST 2023 

> Subject: [PATCH] spl: spl_legacy: Add extra address checks
> 
> Check whether the loaded image or entry point does not overlap SPL.
> 
> Signed-off-by: Marek Vasut <marex at denx.de>
> ---
> Cc: "NXP i.MX U-Boot Team" <uboot-imx at nxp.com>
> Cc: Fabio Estevam <festevam at denx.de>
> Cc: Heiko Schocher <hs at denx.de>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Stefano Babic <sbabic at denx.de>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Ye Li <ye.li at nxp.com>
> ---
>  common/spl/spl_legacy.c | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
> 
> diff --git a/common/spl/spl_legacy.c b/common/spl/spl_legacy.c index
> 16851c55eb5..b21173baf55 100644
> --- a/common/spl/spl_legacy.c
> +++ b/common/spl/spl_legacy.c
> @@ -7,6 +7,7 @@
>  #include <image.h>
>  #include <log.h>
>  #include <malloc.h>
> +#include <asm/sections.h>
>  #include <spl.h>
> 
>  #include <lzma/LzmaTypes.h>
> @@ -15,6 +16,22 @@
> 
>  #define LZMA_LEN	(1 << 20)
> 
> +static void spl_parse_legacy_validate(uintptr_t start, uintptr_t size)
> +{
> +	uintptr_t spl_start = (uintptr_t)__image_copy_start;
> +	uintptr_t spl_end = (uintptr_t)__image_copy_end;
> +	uintptr_t end = start + size;
> +
> +	if ((start >= spl_start && start < spl_end) ||
> +	    (end > spl_start && end <= spl_end) ||
> +	    (start < spl_start && end >= spl_end) ||
> +	    (start > end && end > spl_start))
> +		panic("SPL: Image overlaps SPL\n");
> +
> +	if (size > CONFIG_SYS_BOOTM_LEN)
> +		panic("SPL: Image too large\n");
> +}
> +
>  int spl_parse_legacy_header(struct spl_image_info *spl_image,
>  			    const struct legacy_img_hdr *header)  { @@ -58,6
> +75,9 @@ int spl_parse_legacy_header(struct spl_image_info *spl_image,
>  	      "payload image: %32s load addr: 0x%lx size: %d\n",
>  	      spl_image->name, spl_image->load_addr, spl_image->size);
> 
> +	spl_parse_legacy_validate(spl_image->load_addr, spl_image->size);
> +	spl_parse_legacy_validate(spl_image->entry_point, 0);
> +
>  	return 0;

Reviewed-by: Peng Fan <peng.fan at nxp.com>
>  }
> 
> --
> 2.39.2

More information about the U-Boot mailing list