From patchwork Sat Jan 26 21:13:04 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
X-Patchwork-Id: 1031501
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="oL50Nxvs"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 43n7sb3KSbz9s7h
	for <incoming@patchwork.ozlabs.org>;
	Sun, 27 Jan 2019 08:13:19 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 5A723C21DD7; Sat, 26 Jan 2019 21:13:15 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_MSPIKE_H2,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 0CFA7C21C8B;
	Sat, 26 Jan 2019 21:13:13 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id C32D7C21C8B; Sat, 26 Jan 2019 21:13:11 +0000 (UTC)
Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com
	[209.85.128.67])
	by lists.denx.de (Postfix) with ESMTPS id 55606C21C51
	for <u-boot@lists.denx.de>; Sat, 26 Jan 2019 21:13:11 +0000 (UTC)
Received: by mail-wm1-f67.google.com with SMTP id t200so9951481wmt.0
	for <u-boot@lists.denx.de>; Sat, 26 Jan 2019 13:13:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=pH7CbmqGmD/Bl9ZHDMKVkIo+QrfBzUL+xPz8fZdl4OU=;
	b=oL50Nxvsm7wD1U59oIJp7mqw+RxIFoZ8Uo+PCP1fRWaKVyWOHf/Qh3HzMEczRinBEa
	il628/aYy+gbbeRJE15ozR6DVAmNA7fdbO8yQ7/KerD3lF2LC56avaiirZrgGrxKTOYQ
	kHg1eGpOn4dVeOVEJwJhOCqQy5Pj9T+DTQRlZZF74dgdrf1L9mlOs9YEIaevXNI4pf0n
	EC+g5l+u1a7CDYhoxz33MCX7KH1Y2ZP5CEjk5gjcIcIqWJNcQk90mKiDVnAceBuDVxEh
	oKXxUnZQhFtFE/onh4LHAD2Kkvbci0RF2+f8C75t2thdw/ZeB725m9gbMt7RIPZxuQcq
	rlIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=pH7CbmqGmD/Bl9ZHDMKVkIo+QrfBzUL+xPz8fZdl4OU=;
	b=imW0NL1RILceO4Ie6EMn1l2h2UnTUfXx1gTFm0k3qkU+cXldqhu5R8XHceXkGKRd4T
	zPMOu26lDZ+T8IIqOhfXpnvxtoPBvSzmY8C16p/ED9NE8PVPYL0r8G33y9ZY4dLcg1x8
	XnrLEFkOtEB/HpDx1U6pHC2RFpv5b8Lq/zVx+qPMIGn4UvHuBLMwbLTBcj8xZUKF4aDJ
	9qDvz30tj7kFUKjF90iwyFi/UFLzXDIPwUqw54ouwoOtAsNPTgFHc+UjfELYgh8iti+V
	/Vr4qSCoYKQ2hOMPAfbsSNAwWXEJ3mSsASTv6+dc89zdLE57vnzRV2OLdN+dBqsO3ZLl
	UAAg==
X-Gm-Message-State: AJcUukfO4pqghpL1wYiB0OowP0ztlc+eQcp8IFzMpI4scKn1d4P6+GT6
	3L/JxN2YOOA28wxxXaFnEIE=
X-Google-Smtp-Source: 
 ALg8bN4wxgiV+pDrRaox3Ujr+aj9cl9B2pcwQaltS6IE7J9gjWFSpYk5fKEAQhrblILnAzAH5TTmJg==
X-Received: by 2002:a1c:ca15:: with SMTP id
	a21mr10723603wmg.132.1548537190797;
	Sat, 26 Jan 2019 13:13:10 -0800 (PST)
Received: from ubuntu.home ([2a02:8071:6a3:700:8c22:ee0c:efc8:ed86])
	by smtp.gmail.com with ESMTPSA id
	k135sm72073963wmd.42.2019.01.26.13.13.09
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 26 Jan 2019 13:13:09 -0800 (PST)
From: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
To: Tom Rini <trini@konsulko.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sat, 26 Jan 2019 22:13:04 +0100
Message-Id: <20190126211304.17356-1-simon.k.r.goldschmidt@gmail.com>
X-Mailer: git-send-email 2.17.1
Cc: u-boot@lists.denx.de, Joe Hershberger <joe.hershberger@ni.com>,
	Alexander Graf <agraf@suse.de>
Subject: [U-Boot] [PATCH] lmb: handle more than one DRAM BANK
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.

This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.

Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
---

 common/bootm.c |  4 ++--
 fs/fs.c        |  3 +--
 include/lmb.h  |  7 +++++--
 lib/lmb.c      | 37 ++++++++++++++++++++++++++++++++-----
 net/tftp.c     |  3 +--
 5 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/common/bootm.c b/common/bootm.c
index a4618b6d2e..7c7505f092 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -59,8 +59,8 @@ static void boot_start_lmb(bootm_headers_t *images)
 	mem_start = env_get_bootm_low();
 	mem_size = env_get_bootm_size();
 
-	lmb_init_and_reserve(&images->lmb, (phys_addr_t)mem_start, mem_size,
-			     NULL);
+	lmb_init_and_reserve_range(&images->lmb, (phys_addr_t)mem_start,
+				   mem_size, NULL);
 }
 #else
 #define lmb_reserve(lmb, base, size)
diff --git a/fs/fs.c b/fs/fs.c
index 7fd22101ef..9a411c04e2 100644
--- a/fs/fs.c
+++ b/fs/fs.c
@@ -453,8 +453,7 @@ static int fs_read_lmb_check(const char *filename, ulong addr, loff_t offset,
 	if (len && len < read_len)
 		read_len = len;
 
-	lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start,
-			     gd->bd->bi_dram[0].size, (void *)gd->fdt_blob);
+	lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob);
 	lmb_dump_all(&lmb);
 
 	if (lmb_alloc_addr(&lmb, addr, read_len) == addr)
diff --git a/include/lmb.h b/include/lmb.h
index 1bb003e35e..ca235d7d9d 100644
--- a/include/lmb.h
+++ b/include/lmb.h
@@ -4,6 +4,8 @@
 #ifdef __KERNEL__
 
 #include <asm/types.h>
+#include <asm/u-boot.h>
+
 /*
  * Logical memory blocks.
  *
@@ -29,8 +31,9 @@ struct lmb {
 };
 
 extern void lmb_init(struct lmb *lmb);
-extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base,
-				 phys_size_t size, void *fdt_blob);
+extern void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob);
+extern void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base,
+				       phys_size_t size, void *fdt_blob);
 extern long lmb_add(struct lmb *lmb, phys_addr_t base, phys_size_t size);
 extern long lmb_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size);
 extern phys_addr_t lmb_alloc(struct lmb *lmb, phys_size_t size, ulong align);
diff --git a/lib/lmb.c b/lib/lmb.c
index 3407705fa7..b210c2adaa 100644
--- a/lib/lmb.c
+++ b/lib/lmb.c
@@ -98,12 +98,8 @@ void lmb_init(struct lmb *lmb)
 	lmb->reserved.size = 0;
 }
 
-/* Initialize the struct, add memory and call arch/board reserve functions */
-void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
-			  void *fdt_blob)
+static void lmb_reserve_common(struct lmb *lmb, void *fdt_blob)
 {
-	lmb_init(lmb);
-	lmb_add(lmb, base, size);
 	arch_lmb_reserve(lmb);
 	board_lmb_reserve(lmb);
 
@@ -111,6 +107,37 @@ void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
 		boot_fdt_add_mem_rsv_regions(lmb, fdt_blob);
 }
 
+/* Initialize the struct, add memory and call arch/board reserve functions */
+void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob)
+{
+#ifdef CONFIG_NR_DRAM_BANKS
+	int i;
+#endif
+
+	lmb_init(lmb);
+#ifdef CONFIG_NR_DRAM_BANKS
+	for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
+		if (bd->bi_dram[i].size) {
+			lmb_add(lmb, bd->bi_dram[i].start,
+				bd->bi_dram[i].size);
+		}
+	}
+#else
+	if (bd->bi_memsize)
+		lmb_add(lmb, bd->bi_memstart, bd->bi_memsize);
+#endif
+	lmb_reserve_common(lmb, fdt_blob);
+}
+
+/* Initialize the struct, add memory and call arch/board reserve functions */
+void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base,
+				phys_size_t size, void *fdt_blob)
+{
+	lmb_init(lmb);
+	lmb_add(lmb, base, size);
+	lmb_reserve_common(lmb, fdt_blob);
+}
+
 /* This routine called with relocation disabled. */
 static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size)
 {
diff --git a/net/tftp.c b/net/tftp.c
index 8fab6d2650..75f3a7c141 100644
--- a/net/tftp.c
+++ b/net/tftp.c
@@ -606,8 +606,7 @@ static int tftp_init_load_addr(void)
 	struct lmb lmb;
 	phys_size_t max_size;
 
-	lmb_init_and_reserve(&lmb, gd->bd->bi_dram[0].start,
-			     gd->bd->bi_dram[0].size, (void *)gd->fdt_blob);
+	lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob);
 
 	max_size = lmb_get_unreserved_size(&lmb, load_addr);
 	if (!max_size)