On Thu, Jan 31, 2019 at 12:34 PM Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 1/31/19 11:04 AM, Simon Glass wrote:
Hi Simon,
On Sat, 26 Jan 2019 at 14:13, Simon Goldschmidt simon.k.r.goldschmidt@gmail.com wrote:
This fixes the automatic lmb initialization and reservation for boards with more than one DRAM bank.
This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load files into the firs DRAM bank from fs and via tftp.
Found-by: Heinrich Schuchardt xypron.glpk@gmx.de Signed-off-by: Simon Goldschmidt simon.k.r.goldschmidt@gmail.com
common/bootm.c | 4 ++-- fs/fs.c | 3 +-- include/lmb.h | 7 +++++-- lib/lmb.c | 37 ++++++++++++++++++++++++++++++++----- net/tftp.c | 3 +-- 5 files changed, 41 insertions(+), 13 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
Do we need a test update to cover this?
- Simon
Currently in Travis we only check that loading to allowable regions works. This is where I experienced trouble that led to this patch.
A test checking that loading to disallowed regions fails is not yet available. Unfortunately such a test would have to be board specific. Maybe we should just do a sandbox test.
It would be helpful for such a test if the sandbox were using multiple DRAM banks.
Currently the sandbox shows only a single DRAM bank of *zero* size:
=> bdinfo boot_params = 0x0000000000000000 DRAM bank = 0x0000000000000000 -> start = 0x0000000000000000 -> size = 0x0000000008000000
But size is *not* zero here?
ethaddr = 00:00:11:22:33:44 IP addr = 1.2.3.4
@Simon
Which Simon? ;-)
Regards, Simon
Is this a display bug?
Best regards
Heinrich