This series fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by adding restrictions to the 'load' command. The functions from lmb.c are used to setup regions of allowed and reserved memory. Then, the file size to load is checked against these addresses and loading the file is aborted if it would overwrite reserved memory.
The memory reservation code is reused from bootm/image.
Note that this doesn't yet fix CVE-2018-18439 ("insufficient boundary checks in network image boot"), which is somewhat similar.
Note that patman warnings are in old code only or due to adopting the file's coding style.
Simon Goldschmidt (4): lib: lmb: reserving overlapping regions should fail lib: lmb: add function lmb_alloc_addr fs: prevent overwriting reserved memory bootm: use new common function lmb_init_and_reserve
common/bootm.c | 8 ++------ fs/fs.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++--- include/lmb.h | 3 +++ lib/lmb.c | 42 +++++++++++++++++++++++++++++++++++++ 4 files changed, 100 insertions(+), 9 deletions(-)