Commit graph

16 commits

Author SHA1 Message Date
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
4d72caa5b9 common: Drop image.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
336d4615f8 dm: core: Create a new header file for 'compat' features
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.

Move the compatibility features into a separate header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-05 19:33:46 -07:00
Simon Goldschmidt
9cc2323fee lmb: handle more than one DRAM BANK
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.

This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.

Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-02-02 08:19:17 -05:00
Simon Goldschmidt
e35d2a7553 lib: lmb: cleanup var names and patman warnings
Change multiple usages of 'j' into 'rgn'; fix whitespace/coding style
reported by patman.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-26 08:13:57 -05:00
Simon Goldschmidt
65304aade8 lib: lmb: rename lmb_get_unreserved_size to lmb_get_free_size
As a follow-up, change the name of the newly introduced function
'lmb_get_unreserved_size' to 'lmb_get_free_size', which is more
appropriate.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fix test/lib/lmb.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
2019-01-26 08:13:57 -05:00
Simon Goldschmidt
aa3c609e2b fs: prevent overwriting reserved memory
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem
image load") by using lmb to check the load size of a file against
reserved memory addresses.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-01-16 16:37:05 -05:00
Simon Goldschmidt
4cc8af8037 lib: lmb: extend lmb for checks at load time
This adds two new functions, lmb_alloc_addr and
lmb_get_unreserved_size.

lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a
pre-specified address range. Unlike lmb_reserve, this address range
must be inside one of the memory ranges that has been set up with
lmb_add.

lmb_get_unreserved_size returns the number of bytes that can be
used up to the next reserved region or the end of valid ram. This
can be 0 if the address passed is reserved.

Added test for these new functions.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16 16:37:04 -05:00
Simon Goldschmidt
0f7c51a676 lib: lmb: reserving overlapping regions should fail
lmb_add_region handles overlapping regions wrong: instead of merging
or rejecting to add a new reserved region that overlaps an existing
one, it just adds the new region.

Since internally the same function is used for lmb_alloc, change
lmb_add_region to reject overlapping regions.

Also, to keep reserved memory correct after 'free', reserved entries
created by allocating memory must not set their size to a multiple
of alignment but to the original size. This ensures the reserved
region is completely removed when the caller calls 'lmb_free', as
this one takes the same size as passed to 'lmb_alloc' etc.

Add test to assert this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16 16:37:00 -05:00
Simon Goldschmidt
d67f33cf4e lmb: fix allocation at end of address range
The lmb code fails if base + size of RAM overflows to zero.

Fix this by calculating end as 'base + size - 1' instead of 'base + size'
where appropriate.

Added tests to assert this is fixed.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16 16:36:48 -05:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Jeroen Hofstee
750a6ff468 lmb: make local functions static
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-10-25 07:02:01 -04:00
Stephen Warren
ad3fda521b lib: lmb: fix overflow in __lmb_alloc_base w/ large RAM
If a 32-bit system has 2GB of RAM, and the base address of that RAM is
2GB, then start+size will overflow a 32-bit value (to a value of 0).

__lmb_alloc_base is affected by this; it calculates the minimum of
(start+size of RAM) and max_addr. However, when start+size is 0, it
is always less than max_addr, which causes the value of max_addr not
to be taken into account when restricting the allocation's location.

Fix this by calculating start+size separately, and if that calculation
underflows, using -1 (interpreted as the max unsigned value) as the
value instead, and then taking the min of that and max_addr. Now that
start+size doesn't overflow, it's typically large, and max_addr
dominates the min() call, and is taken into account.

The user-visible symptom of this bug is that CONFIG_BOOTMAP_SZ is ignored
on Tegra124 systems with 2GB of RAM, which in turn causes the DT to be
relocated at the very end of RAM, which the ARM Linux kernel doesn't map
during early boot, and which causes boot failures. With this fix,
CONFIG_BOOTMAP_SZ correctly restricts the relocated DT to a much lower
address, and everything works.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
2014-08-09 11:17:05 -04:00
Jeroen Hofstee
2c34f3f547 lib:lmb: use __weak
This not only looks a bit better it also prevents a
warning with W=1 (no previous prototype).

Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-07-18 17:53:23 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Peter Tyser
78acc472d9 Rename lib_generic/ to lib/
Now that the other architecture-specific lib directories have been
moved out of the top-level directory there's not much reason to have the
'_generic' suffix on the common lib directory.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
2010-04-13 09:13:04 +02:00
Renamed from lib_generic/lmb.c (Browse further)