On 1/26/19 10:56 AM, Heinrich Schuchardt wrote:
On 1/26/19 9:46 AM, Simon Goldschmidt wrote:
Am 26.01.2019 um 04:20 schrieb Heinrich Schuchardt:
TheOn 1/14/19 10:38 PM, Simon Goldschmidt wrote:
This fixes CVE-2018-18439 ("insufficient boundary checks in network image boot") by using lmb to check for a valid range to store received blocks.
Signed-off-by: Simon Goldschmidt simon.k.r.goldschmidt@gmail.com Acked-by: Joe Hershberger joe.hershberger@ni.com
Hello Simon,
due to this patch merged as a156c47e39ad7d00 on vexpress_ca15_tc2_defconfig the command 'dhcp filename' always fails. It was working in v2019.01
Same is true for other platforms, e.g. vexpress_ca9x4_defconfig.
OK, that's probably not expected ;-)
I'd appreciate it if you could continue to track this down to get it fixed.
Let's see how far I get.
bdinfo shows:
DRAM bank = 0x00000000 -> start = 0x80000000 -> size = 0x20000000 DRAM bank = 0x00000001 -> start = 0xa0000000 -> size = 0x20000000
printenv: loadaddr=0xa0008000
So the load address is in the second DRAM bank.
I guess we need changes in the following places:
t/tftp.c:609: lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start, fs/fs.c:456: lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start, common/bootm.c:62: lmb_init_and_reserve(&images->lmb, (phys_addr_t)mem_start, mem_size,
I wonder why bootm.c is different and why isn't the fdt considered?
I would suggest the following:
Remove parameter lmb from lmb_get_unreserved_size(). Instead let lmb_get_unreserved_size() check if a static struct lmb in lib/lmb.c is initialized. If not use the different DRAM banks and the fdt for initialization.
Best regards
Heinrich