Commit graph

71221 commits

Author SHA1 Message Date
Igor Opaniuk
9d1215be92 test: dm: tee: extend with RPC test
Extend existing DM tee tests adding test coverage for reverse RPC calls.
Currently this commit only adds tests for I2C requests from TEE driver
to TEE supplicant, for instance reading/writing data to emulated i2c
eeprom defines in standard sandbox test device tree
(arch/sandbox/dts/test.dtb):

=> i2c bus
Bus 0:	i2c@0  (active 0)
   2c: eeprom@2c, offset len 1, flags 0
   ...

Running TEE tests:
=> ut dm tee
Test: dm_test_tee: tee.c
Test: dm_test_tee: tee.c (flat tree)
Failures: 0

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
2021-02-16 11:48:20 -05:00
Igor Opaniuk
592b98bb9a drivers: tee: sandbox: add rpc test ta emulation
This adds support for RPC test trusted application emulation, which
permits to test reverse RPC calls to TEE supplicant. Currently it covers
requests to the I2C bus from TEE.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
2021-02-16 11:48:20 -05:00
Igor Opaniuk
f4a60b0363 test: py: add pygit2 and pyelftools to requirements.txt
Add pygit2 and pyelftools to the list of packages for virtualenv
needed to run all sets of pytests.This fixes warnings like:

binman.elf_test.TestElf.testDecodeElf (subunit.RemotedTestCase):
Python elftools not available

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-16 11:48:20 -05:00
Jorge Ramirez-Ortiz
4e96356185 drivers: tee: i2c trampoline driver
This commit gives the secure world access to the I2C bus so it can
communicate with I2C slaves (typically those would be secure elements
like the NXP SE050).

A similar service implementation has been merged in linux:
c05210ab ("drivers: optee: allow op-tee to access devices on the i2c
bus")

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
2021-02-16 11:48:20 -05:00
Andy Shevchenko
eb5fd9e46c usb: kbd: destroy device after console is stopped
In case of IOMUX enabled it assumes that console devices in the list
are available to get them stopped properly via ->stop() callback.
However, the USB keyboard driver violates this assumption and tries
to play tricks so the device get destroyed while being listed as
an active console.

Swap the order of device deregistration and IOMUX update along with
converting to use iomux_replace_device() jelper to avoid the use-after-free.

Fixes: 3cbcb28928 ("usb: Fix usb_kbd_deregister when console-muxing is used")
Fixes: 8a83487030 ("dm: usb: Add a remove() method for USB keyboards")
Reported-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
694cd5618c IOMUX: Introduce iomux_replace_device()
Some console devices may appear or disappear at run time. In order to
support such a hotplug mechanism introduce a new iomux_replace_device()
helper to update the list of devices without altering environment.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
400797cad3 IOMUX: Split out for_each_console_dev() helper macro
It is not only less lines of code, but also better readability
when new macro is being in use. Introduce for_each_console_dev()
helper macro and convert current users to it.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
b672c1619b IOMUX: Split out iomux_match_device() helper
Deduplicate the code used in a few places by splitting out a common helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
658d6c5836 IOMUX: Switch to use stdio_file_to_flags()
Deduplicate code by replacing with stdio_file_to_flags() helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
09d8f07762 console: Set file and devices at one go
Logical continuation of the change that brought console_devices_set() is
to unify console_setfile() with it and replace in the callers.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
20a7d35148 console: Set console device counter in console_devices_set()
console_devices_set() missed the console device counter to be set correctly.

Fixes: 45375adc97 ("console: add function console_devices_set")
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
7b9ca3f89c console: Switch to use stdio_file_to_flags()
Deduplicate code by replacing with stdio_file_to_flags() helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
d9b0ac90ba stdio: Introduce a new helper stdio_file_to_flags()
Let's deduplicate existing copies by splitting off to a new helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
99cb2b996b stdio: Split out nulldev_register() and move it under #if
It's possible that NULLDEV can be disabled while it makes leftovers,
move entire device under #if.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
c090e8f236 stdio: Get rid of dead code, i.e. stdio_deregister()
Nobody is using stdio_deregister(), remove for good.

Note, even its parameters are not consistent with stdio_register().
So, if anyone want to introduce this again, better with some consistency.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Dario Binacchi
f43d9e904d arm: dts: sync am33xx gpio nodes with Linux 5.9-rc7
Move gpio controller nodes from am33xx.dtsi to am33xx-l4.dtsi. Now both
files are more similar to those found in Linux 5.9-rc7. To be fully
operational as before it was also necessary to fix the am33xx-clock.dtsi
file. It too is now almost the same as the Linux kernel.

Signed-off-by: Dario Binacchi <dariobin@libero.it>
2021-02-16 10:30:11 +05:30
Vignesh Raghavendra
1e8f246563 ARM: dts: k3-j7200-common-proc-board-u-boot: Fix broken ethernet
Since commit 6239cc8c4e ("arm: dts: k3-j7200: Sync Linux v5.11-rc6 dts
into U-Boot") ranges have been added to CPSW node which results in
U-Boot CPSW driver failing to acquire phy_gmii_sel register range and
thus failing to configure GMII mode correctly.

Fix this by deleting ranges in -u-boot-dtsi just like its done for other
K3 platforms.

Fixes: 6239cc8c4e ("arm: dts: k3-j7200: Sync Linux v5.11-rc6 dts into U-Boot")
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
2021-02-16 10:29:57 +05:30
Tom Rini
767582cd4c Prepare v2021.04-rc2
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 22:34:56 -05:00
Tom Rini
b6f4c75795 Merge branch '2021-02-15-fix-CVE-2021-27097-CVE-2021-27138'
Fix CVE-2021-27097 and CVE-2021-27138.  For more details see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27097 and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27138
2021-02-15 22:31:54 -05:00
Simon Glass
3f04db891a image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:54 -05:00
Simon Glass
124c255731 libfdt: Check for multiple/invalid root nodes
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:53 -05:00
Simon Glass
6f3c2d8aa5 image: Add an option to do a full check of the FIT
Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:53 -05:00
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Simon Glass
d5f3aadacb test: Add tests for the 'evil' vboot attacks
Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:33 -05:00
Simon Glass
fafafacb47 test: Add vboot_evil implementation
Add a library which performs two different attacks on a FIT.

Signed-off-by: Julien Lenoir <julien.lenoir@intel.com>
Signed-off-by: Bruce Monroe <bruce.monroe@intel.com>
Signed-off-by: Arie Haenel <arie.haenel@intel.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-02-15 19:17:29 -05:00
Simon Glass
79af75f777 fit: Don't allow verification of images with @ nodes
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:25 -05:00
Simon Glass
8a7d4cf982 fdt_region: Check for a single root node of the correct name
At present fdt_find_regions() assumes that the FIT is a valid devicetree.
If the FIT has two root nodes this is currently not detected in this
function, nor does libfdt's fdt_check_full() notice. Also it is possible
for the root node to have a name even though it should not.

Add checks for these and return -FDT_ERR_BADSTRUCTURE if a problem is
detected.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:18 -05:00
Tom Rini
6144438fb5 configs: Resync with savedefconfig
Rsync all defconfig files using moveconfig.py

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 13:34:30 -05:00
Tom Rini
2ae80437fb Merge branch '2021-02-02-drop-asm_global_data-when-unused'
- Merge the patch to take <asm/global_data.h> out of <common.h>
2021-02-15 10:16:45 -05:00
Tom Rini
76b7936e6f Merge branch '2021-02-14-remove-some-boards'
- Remove some boards that are behind on conversions and have had their
  removal acked or suggested by the relevant maintainers.
2021-02-15 10:16:25 -05:00
Tom Rini
73effc2dca sh: Remove sh7763rdp board
This board has not been converted to CONFIG_DM by the deadline of v2020.01
and is missing other conversions which depend on this as well.  Remove it.

Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:16:24 -05:00
Tom Rini
f0debb2136 sh: Remove sh7757lcr board
This board has not been converted to CONFIG_DM by the deadline of v2020.01
and is missing other conversions which depend on this as well.  Remove it.

As this is the last SH4A board, remove that support as well.

Cc: Marek Vasut <marek.vasut+renesas@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:16:24 -05:00
Tom Rini
0c3cd2443b sh: Remove sh7753evb board
This board has not been converted to CONFIG_DM by the deadline of v2020.01
and is missing other conversions which depend on this as well.  Remove it.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:16:24 -05:00
Tom Rini
da43d96f03 sh: Remove sh7752evb board
This board has not been converted to CONFIG_DM by the deadline of v2020.01
and is missing other conversions which depend on this as well.  Remove it.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:16:23 -05:00
Tom Rini
215386e48c sh: Remove r7780mp board
This board has not been converted to CONFIG_DM by the deadline of v2020.01
and is missing other conversions which depend on this as well.  Remove it.

Patch-cc: Nobuhiro Iwamatsu <iwamatsu.nobuhiro@renesas.com>
Patch-cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:16:23 -05:00
Tom Rini
5617351532 sh: Remove MigoR board
This board has not been converted to CONFIG_DM by the deadline of v2020.01
and is missing other conversions which depend on this as well.  Remove it.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:16:23 -05:00
Tom Rini
865acad78f ppc: Remove MPC8641HPCN board
This board relies on using CONFIG_LIBATA but does not enable CONFIG_AHCI.  The
deadline for this conversion was the v2019.07 release.  The use of CONFIG_AHCI
requires CONFIG_DM.  The deadline for this conversion was v2020.01.  Remove
this board.

Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-02-15 10:16:21 -05:00
Tom Rini
41bacbe142 ppc: Remove MPC8610HPCD board
This board relies on using CONFIG_LIBATA but does not enable CONFIG_AHCI.  The
deadline for this conversion was the v2019.07 release.  The use of CONFIG_AHCI
requires CONFIG_DM.  The deadline for this conversion was v2020.01.  Remove
this board.

Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-02-15 10:15:48 -05:00
Tom Rini
2dce449801 ppc: Remove MPC8572DS board
This board relies on using CONFIG_LIBATA but does not enable CONFIG_AHCI.  The
deadline for this conversion was the v2019.07 release.  The use of CONFIG_AHCI
requires CONFIG_DM.  The deadline for this conversion was v2020.01.  Remove
this board.

Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-02-15 10:15:13 -05:00
Tom Rini
23397775bc ppc: Remove MPC8544DS board
This board relies on using CONFIG_LIBATA but does not enable CONFIG_AHCI.  The
deadline for this conversion was the v2019.07 release.  The use of CONFIG_AHCI
requires CONFIG_DM.  The deadline for this conversion was v2020.01.  Remove
this board.

Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-02-15 10:14:03 -05:00
Tom Rini
22924317be arm: Remove db-88f6281-bp board
This board has not been converted to CONFIG_DM_MMC by the deadline of
v2019.04, which is almost two years ago.  In addition there are other DM
migrations it is also missing.  Remove it.

Cc: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Chris Packham <judge.packham@gmail.com>
2021-02-15 10:11:38 -05:00
Tom Rini
2ce7b65d6d arm: Remove ls2080a_simu board
This board has not been converted to CONFIG_DM_MMC by the deadline of
v2019.04, which is almost two years ago.  In addition there are other DM
migrations it is also missing.  Remove it.

Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-02-15 10:11:38 -05:00
Tom Rini
a1361f4581 arm: Remove mx35pdk board
This board has not been converted to CONFIG_DM_MMC by the deadline of
v2019.04, which is almost two years ago.  In addition there are other DM
migrations it is also missing.  Remove it.

Cc: Stefano Babic <sbabic@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Stefano Babic <sbabic@denx.de>
2021-02-15 10:11:38 -05:00
Tom Rini
8444860ca0 arm: Remove apx4devkit board
This board has not been converted to CONFIG_DM_MMC by the deadline of
v2019.04, which is almost two years ago.  In addition there are other DM
migrations it is also missing.  Remove it.

Cc: Lauri Hintsala <lauri.hintsala@bluegiga.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Lauri Hintsala <lauri.hintsala@silabs.com<mailto:lauri.hintsala@silabs.com>>
Signed-off-by: Tom Rini <trini@konsulko.com<mailto:trini@konsulko.com>>
2021-02-15 10:11:37 -05:00
Tom Rini
e31350c3c4 Revert "fdtdec: Use CONFIG_IS_ENABLED in board_fdt_blob_setup()"
On Rockchip platforms we need this area of code in TPL, but there is no
TPL_SEPARATE_BSS symbol.

This reverts commit 0a2aaab0b6.

Reported-by: Markus Reichl <m.reichl@fivetechno.de>
Reported-by: Jesper Schmitz Mouridsen <jesper@schmitz.computer>
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:06:23 -05:00
Tom Rini
a6ba59583a Pull request for UEFI sub-system for efi-2021-04-rc2-2
Bug fixes:
 * fix stack smashing in UEFI capsule updates
 * correct loading of UEFI binaries where Virtual size is not a
   multiple of FileAlignment
 * simplify detection of capsule files.
 * buildman: use threading.is_alive() instead of removed method IsAlive()
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmApIc4ACgkQxIHbvCwF
 GsRQpQ//Zk4eJAHeibV4whdjyWpVXEnRR1fMFDgD7WUq3jTZmUvNp99ME5UJv+6J
 9R3WHZGfYIS+SypEe1BhzaSOfeS8GPkuk6bkEeM8MRA5L5vAdnONmUAa5TGp+xaq
 0V//k9U7raeWD+pdo7WA3GA8wQ4BoOgbCVNJfePfO2bD3okJZOT4S5qjFWD7Thfj
 TgiN6L44he5MrY9rKF0ZJcijtKpKBbwf5AYSurafgEJJJWkaEDynt2H5aJiIJ67v
 8LiomMPmvke7owft7JxntScvxNfcKagFojtSB3zShJ7Fbx0EMJFyGHfdBQHNiqgA
 7GbQyhdk6FFlhlAwanTjxMfPfpLBjeTZhv5UtIpEDU8gv7PHEgVAT2NAQjcEbU6G
 TssHzaWvpA/fNlV/s7b+uoW4pyvuvbeCtdxj7WB8O+j7uW5Z6APzMAxJZJ6RoCx/
 GDtsvkUUKpLwpPXQwsi/+BS6FNZGqY/GnijZmFdQZkUieXVLqCmuyu83UKfa8jMH
 6Q9yjSH9jDEWe4xS3XwfLY49k6qeKNjOZbB1aYQPqZallfvXx9qOYzQi1HHSx6Z5
 FngAYj3c6lxHp0p726m2Vjgceg02O3AmMaVHOkIh4TpLoRzR2msJAgpOghNtAi49
 vV47rr0HpvhBwfgVuJ+uVf7lFDbondoX5t9OuptUFxmyEZH5b5o=
 =Na9Y
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-04-rc2-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2021-04-rc2-2

Bug fixes:
* fix stack smashing in UEFI capsule updates
* correct loading of UEFI binaries where Virtual size is not a
  multiple of FileAlignment
* simplify detection of capsule files.
* buildman: use threading.is_alive() instead of removed method IsAlive()
2021-02-14 09:27:46 -05:00
Heinrich Schuchardt
fd434f47d4 buildman: 'Thread' object has no attribute 'isAlive'
The isAlive() method was deprecated in Python 3.8 and has been removed in
Python 3.9. See https://bugs.python.org/issue37804. Use is_alive() instead.

Since Python 2.6 is_alive() has been a synonym for isAlive(). So there
should be no problems for users using elder Python 3 versions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-14 11:32:04 +01:00
Heinrich Schuchardt
15bbcafab1 efi_loader: fix get_last_capsule()
fix get_last_capsule() leads to writes beyond the stack allocated buffer.
This was indicated when enabling the stack protector.

utf16_utf8_strcpy() only stops copying when reaching '\0'. The current
invocation always writes beyond the end of value[].

The output length of utf16_utf8_strcpy() may be longer than the number of
UTF-16 tokens. E.g has "CapsuleКиев" has 11 UTF-16 tokens but 15 UTF-8
tokens. Hence, using utf16_utf8_strcpy() without checking the input may
lead to further writes beyond value[].

The current invocation of strict_strtoul() reads beyond the end of value[].

A non-hexadecimal value after "Capsule" (e.g. "CapsuleZZZZ") must result in
an error. We cat catch this by checking the return value of strict_strtoul().

A value that is too short after "Capsule" (e.g. "Capsule0") must result in
an error. We must check the string length of value[].

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00
Heinrich Schuchardt
841f7a4ebb efi_loader: '.' and '..' are directories
'.' and '..' are directories. So when looking for capsule files it is
sufficient to check that the attribute EFI_FILE_DIRECTORY is not set. We
don't have to check for these special names.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00
Asherah Connor
9d30a941cc efi_loader: don't load beyond VirtualSize
PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.

We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00