From patchwork Tue Apr 9 13:08:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Opaniuk X-Patchwork-Id: 1082249 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=toradex.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44dnf53dTyz9sSQ for ; Tue, 9 Apr 2019 23:08:11 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 027A6C21E1D; Tue, 9 Apr 2019 13:08:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id B65D7C21D74; Tue, 9 Apr 2019 13:08:04 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E2728C21D74; Tue, 9 Apr 2019 13:08:02 +0000 (UTC) Received: from mail-ed1-f68.google.com (mail-ed1-f68.google.com [209.85.208.68]) by lists.denx.de (Postfix) with ESMTPS id 918ACC21C4A for ; Tue, 9 Apr 2019 13:08:02 +0000 (UTC) Received: by mail-ed1-f68.google.com with SMTP id h22so14873603edw.7 for ; Tue, 09 Apr 2019 06:08:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=PipPDM0UXRa3R5pz4kHqQTX++yN7F3QY08ru3/0IJSc=; b=BofVANVozwwTkGfXxVOFlAvPuJTl944wCA1pwAo1V3Rll0OfuCW5DVPWr1VUfE7wJ3 WqKb7Z6mDitlFfcdCF+yDX9KjeRpvpUTK8JpBclwGyJUQBN0papddIF/8YX3kUnSt/fr ebuSIVtJgHlpgZPk/89D9MDtAgW8v3q97L5aV5z2L5yigdb2A4DlONXHZ5NUaq9YQ2Qp pxqCWTcGX9dsFpAqeBfRcBkKORGqb8dEAWBKrUfSLbitjRiJqSiIwsEnAodvRsgY/LAs jJviv2Dx5EACl1/+Vjrx3hH2LK4yVQTuFHpucOEKSr6DqpNLs4it4lPzn3rWY32Z08Pa dLmw== X-Gm-Message-State: APjAAAXKCdtIM87YkuQbV2TwtKoJHn7sUjQBa0I3EyuOTNOYtGkBa/cx fQwZFzUvAf5P+ip+TXIMQ6/6kRpt X-Google-Smtp-Source: APXvYqyg5DMP7j8WsyW1oFllUwzyZzq1ATU3dDJOUjYrBllbbjUnTZlZTVf8BterZszJ3X25FMRKPg== X-Received: by 2002:a17:906:708d:: with SMTP id b13mr20707214ejk.120.1554815281915; Tue, 09 Apr 2019 06:08:01 -0700 (PDT) Received: from localhost ([46.140.72.82]) by smtp.gmail.com with ESMTPSA id j12sm126823eds.29.2019.04.09.06.08.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Apr 2019 06:08:01 -0700 (PDT) From: Igor Opaniuk To: u-boot@lists.denx.de Date: Tue, 9 Apr 2019 15:08:00 +0200 Message-Id: <20190409130800.32310-1-igor.opaniuk@toradex.com> X-Mailer: git-send-email 2.17.1 Cc: marcel.ziswiler@toradex.com, xypron.glpk@gmx.de, agraf@csgraf.de, marcel@ziswiler.com, max.krummenacher@toradex.com Subject: [U-Boot] [RFC 1/1] cmd: fs: fix data abort in load cmd X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" With CONFIG_CMD_BOOTEFI=y, load command causes data abort when path_to_uefi(fp->str, path) tries to write uefi path out of bounds of u16 str[] array (check efi_device_path_file_path struct for details). This is caused by unproper handling of void *buf pointer in efi_dp_from_file(), particularly when the buf pointer value is changed after dp_part_fill() invocation. > load usb 0:1 0x12000000 imx6dl-colibri-eval-v3.dtb pc : [<2fab48ae>] lr : [<2fab4339>] reloc pc : [<178338ae>] lr : [<17833339>] sp : 2da77120 ip : 00000003 fp : 00000005 r10: 2daa31d0 r9 : 2da80ea8 r8 : 00000001 r7 : 2daa3098 r6 : 2ca75040 r5 : 2da77148 r4 : 0000003a r3 : 00000069 r2 : 2ca750a3 r1 : 2daa3104 r0 : 2ca7509f Flags: nzCv IRQs off FIQs off Mode SVC_32 Code: 4630fb31 81f0e8bd e7d84606 bf082b2f (f822235c) Resetting CPU ... With the change suggested: > load usb 0:1 0x12000000 imx6dl-colibri-eval-v3.dtb 5675440 bytes read in 188 ms (28.8 MiB/s) Signed-off-by: Igor Opaniuk --- lib/efi_loader/efi_device_path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 53b40c8c3c..97b4356167 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -829,7 +829,7 @@ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part, buf = dp_part_fill(buf, desc, part); /* add file-path: */ - fp = buf; + fp = start; fp->dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE; fp->dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH; fp->dp.length = fpsize;