leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lmb: handle more than one DRAM BANK

Browse Source 
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.

This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.

Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Goldschmidt 2019-01-26 22:13:04 +01:00 committed by Tom Rini
parent e3b4fc9598
commit 9cc2323fee
5 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common/bootm.c
View File

@ -59,8 +59,8 @@ static void boot_start_lmb(bootm_headers_t *images)
mem_start = env_get_bootm_low();
mem_size = env_get_bootm_size();
lmb_init_and_reserve(&images->lmb, (phys_addr_t)mem_start, mem_size,
NULL);
lmb_init_and_reserve_range(&images->lmb, (phys_addr_t)mem_start,
mem_size, NULL);
}
#else
#define lmb_reserve(lmb, base, size)

3
fs/fs.c
View File

@ -454,8 +454,7 @@ static int fs_read_lmb_check(const char *filename, ulong addr, loff_t offset,
if (len && len < read_len)
read_len = len;
lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start,
gd->bd->bi_dram[0].size, (void *)gd->fdt_blob);
lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob);
lmb_dump_all(&lmb);
if (lmb_alloc_addr(&lmb, addr, read_len) == addr)

7
include/lmb.h
View File

@ -4,6 +4,8 @@
#ifdef __KERNEL__
#include <asm/types.h>
#include <asm/u-boot.h>
/*
* Logical memory blocks.
*
@ -29,8 +31,9 @@ struct lmb {
};
extern void lmb_init(struct lmb *lmb);
extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base,
phys_size_t size, void *fdt_blob);
extern void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob);
extern void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base,
phys_size_t size, void *fdt_blob);
extern long lmb_add(struct lmb *lmb, phys_addr_t base, phys_size_t size);
extern long lmb_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size);
extern phys_addr_t lmb_alloc(struct lmb *lmb, phys_size_t size, ulong align);

37
lib/lmb.c
View File

@ -98,12 +98,8 @@ void lmb_init(struct lmb *lmb)
lmb->reserved.size = 0;
}
/* Initialize the struct, add memory and call arch/board reserve functions */
void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
void *fdt_blob)
static void lmb_reserve_common(struct lmb *lmb, void *fdt_blob)
{
lmb_init(lmb);
lmb_add(lmb, base, size);
arch_lmb_reserve(lmb);
board_lmb_reserve(lmb);
@ -111,6 +107,37 @@ void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
boot_fdt_add_mem_rsv_regions(lmb, fdt_blob);
}
/* Initialize the struct, add memory and call arch/board reserve functions */
void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob)
{
#ifdef CONFIG_NR_DRAM_BANKS
int i;
#endif
lmb_init(lmb);
#ifdef CONFIG_NR_DRAM_BANKS
for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
if (bd->bi_dram[i].size) {
lmb_add(lmb, bd->bi_dram[i].start,
bd->bi_dram[i].size);
}
}
#else
if (bd->bi_memsize)
lmb_add(lmb, bd->bi_memstart, bd->bi_memsize);
#endif
lmb_reserve_common(lmb, fdt_blob);
}
/* Initialize the struct, add memory and call arch/board reserve functions */
void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base,
phys_size_t size, void *fdt_blob)
{
lmb_init(lmb);
lmb_add(lmb, base, size);
lmb_reserve_common(lmb, fdt_blob);
}
/* This routine called with relocation disabled. */
static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size)
{

3
net/tftp.c
View File

@ -606,8 +606,7 @@ static int tftp_init_load_addr(void)
struct lmb lmb;
phys_size_t max_size;
lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start,
gd->bd->bi_dram[0].size, (void *)gd->fdt_blob);
lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob);
max_size = lmb_get_free_size(&lmb, load_addr);
if (!max_size)