Subject: [PATCH] spl: spl_legacy: Add extra address checks
Check whether the loaded image or entry point does not overlap SPL.
Signed-off-by: Marek Vasut marex@denx.de
Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@denx.de Cc: Heiko Schocher hs@denx.de Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Rasmus Villemoes rasmus.villemoes@prevas.dk Cc: Simon Glass sjg@chromium.org Cc: Stefano Babic sbabic@denx.de Cc: Tom Rini trini@konsulko.com Cc: Ye Li ye.li@nxp.com
common/spl/spl_legacy.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
diff --git a/common/spl/spl_legacy.c b/common/spl/spl_legacy.c index 16851c55eb5..b21173baf55 100644 --- a/common/spl/spl_legacy.c +++ b/common/spl/spl_legacy.c @@ -7,6 +7,7 @@ #include <image.h> #include <log.h> #include <malloc.h> +#include <asm/sections.h> #include <spl.h>
#include <lzma/LzmaTypes.h> @@ -15,6 +16,22 @@
#define LZMA_LEN (1 << 20)
+static void spl_parse_legacy_validate(uintptr_t start, uintptr_t size) +{
- uintptr_t spl_start = (uintptr_t)__image_copy_start;
- uintptr_t spl_end = (uintptr_t)__image_copy_end;
- uintptr_t end = start + size;
- if ((start >= spl_start && start < spl_end) ||
(end > spl_start && end <= spl_end) ||(start < spl_start && end >= spl_end) ||(start > end && end > spl_start))panic("SPL: Image overlaps SPL\n");- if (size > CONFIG_SYS_BOOTM_LEN)
panic("SPL: Image too large\n");+}
int spl_parse_legacy_header(struct spl_image_info *spl_image, const struct legacy_img_hdr *header) { @@ -58,6 +75,9 @@ int spl_parse_legacy_header(struct spl_image_info *spl_image, "payload image: %32s load addr: 0x%lx size: %d\n", spl_image->name, spl_image->load_addr, spl_image->size);
- spl_parse_legacy_validate(spl_image->load_addr, spl_image->size);
- spl_parse_legacy_validate(spl_image->entry_point, 0);
- return 0;
Reviewed-by: Peng Fan peng.fan@nxp.com
}
-- 2.39.2