summaryrefslogtreecommitdiffstats
path: root/lib/lmb.c
Commit message (Collapse)AuthorAgeFilesLines
* lmb: handle more than one DRAM BANKSimon Goldschmidt2019-02-021-5/+32
| | | | | | | | | | | | | This fixes the automatic lmb initialization and reservation for boards with more than one DRAM bank. This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load files into the firs DRAM bank from fs and via tftp. Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: lmb: cleanup var names and patman warningsSimon Goldschmidt2019-01-261-44/+42
| | | | | | | Change multiple usages of 'j' into 'rgn'; fix whitespace/coding style reported by patman. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
* lib: lmb: rename lmb_get_unreserved_size to lmb_get_free_sizeSimon Goldschmidt2019-01-261-1/+1
| | | | | | | | | | As a follow-up, change the name of the newly introduced function 'lmb_get_unreserved_size' to 'lmb_get_free_size', which is more appropriate. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> [trini: Fix test/lib/lmb.c] Signed-off-by: Tom Rini <trini@konsulko.com>
* fs: prevent overwriting reserved memorySimon Goldschmidt2019-01-161-0/+13
| | | | | | | | | This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: lmb: extend lmb for checks at load timeSimon Goldschmidt2019-01-161-0/+53
| | | | | | | | | | | | | | | | | | | This adds two new functions, lmb_alloc_addr and lmb_get_unreserved_size. lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a pre-specified address range. Unlike lmb_reserve, this address range must be inside one of the memory ranges that has been set up with lmb_add. lmb_get_unreserved_size returns the number of bytes that can be used up to the next reserved region or the end of valid ram. This can be 0 if the address passed is reserved. Added test for these new functions. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
* lib: lmb: reserving overlapping regions should failSimon Goldschmidt2019-01-161-7/+4
| | | | | | | | | | | | | | | | | | | | lmb_add_region handles overlapping regions wrong: instead of merging or rejecting to add a new reserved region that overlaps an existing one, it just adds the new region. Since internally the same function is used for lmb_alloc, change lmb_add_region to reject overlapping regions. Also, to keep reserved memory correct after 'free', reserved entries created by allocating memory must not set their size to a multiple of alignment but to the original size. This ensures the reserved region is completely removed when the caller calls 'lmb_free', as this one takes the same size as passed to 'lmb_alloc' etc. Add test to assert this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
* lmb: fix allocation at end of address rangeSimon Goldschmidt2019-01-161-17/+12
| | | | | | | | | | | | The lmb code fails if base + size of RAM overflows to zero. Fix this by calculating end as 'base + size - 1' instead of 'base + size' where appropriate. Added tests to assert this is fixed. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
* SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini2018-05-071-2/+1
| | | | | | | | | | | | | | | | | | | | When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
* lmb: make local functions staticJeroen Hofstee2014-10-251-1/+1
| | | | Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
* lib: lmb: fix overflow in __lmb_alloc_base w/ large RAMStephen Warren2014-08-091-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | If a 32-bit system has 2GB of RAM, and the base address of that RAM is 2GB, then start+size will overflow a 32-bit value (to a value of 0). __lmb_alloc_base is affected by this; it calculates the minimum of (start+size of RAM) and max_addr. However, when start+size is 0, it is always less than max_addr, which causes the value of max_addr not to be taken into account when restricting the allocation's location. Fix this by calculating start+size separately, and if that calculation underflows, using -1 (interpreted as the max unsigned value) as the value instead, and then taking the min of that and max_addr. Now that start+size doesn't overflow, it's typically large, and max_addr dominates the min() call, and is taken into account. The user-visible symptom of this bug is that CONFIG_BOOTMAP_SZ is ignored on Tegra124 systems with 2GB of RAM, which in turn causes the DT to be relocated at the very end of RAM, which the ARM Linux kernel doesn't map during early boot, and which causes boot failures. With this fix, CONFIG_BOOTMAP_SZ correctly restricts the relocated DT to a much lower address, and everything works. Signed-off-by: Stephen Warren <swarren@nvidia.com>
* lib:lmb: use __weakJeroen Hofstee2014-07-181-4/+2
| | | | | | | This not only looks a bit better it also prevents a warning with W=1 (no previous prototype). Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
* Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk2013-07-241-4/+1
| | | | | | Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
* Rename lib_generic/ to lib/Peter Tyser2010-04-131-0/+348
Now that the other architecture-specific lib directories have been moved out of the top-level directory there's not much reason to have the '_generic' suffix on the common lib directory. Signed-off-by: Peter Tyser <ptyser@xes-inc.com>