diff options
author | Evan Lojewski <meklort@meklort.com> | 2016-04-18 20:19:03 -0600 |
---|---|---|
committer | Duncan Laurie <dlaurie@google.com> | 2016-05-04 16:33:24 +0200 |
commit | aa431c0e1774a34b0b6dacd9b0d44de3c82d4922 (patch) | |
tree | 75e2506746afb17f0f62f56001bb8190948b37bb /src | |
parent | a41e030fbc8281ea1f76e6f0f0cdea4e33c2fc6c (diff) | |
download | coreboot-aa431c0e1774a34b0b6dacd9b0d44de3c82d4922.tar.xz |
broadwell/me: Fix out-of-bounds array access error
Fix an issue where a broadwell machine without the ME
installed could result in an invalid status code being
reported. For certain values, this would result in the
intel_me_status function never returning. Fix has been
tested on a samus board w and w/o the ME blob installed.
Change-Id: I96667d3b89393f161e4d4efe0544efac98367e6c
Signed-off-by: Evan Lojewski <meklort@gmail.com>
Reviewed-on: https://review.coreboot.org/14409
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@google.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/soc/intel/broadwell/me_status.c | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/src/soc/intel/broadwell/me_status.c b/src/soc/intel/broadwell/me_status.c index b98be70f23..819e94ce3c 100644 --- a/src/soc/intel/broadwell/me_status.c +++ b/src/soc/intel/broadwell/me_status.c @@ -23,6 +23,12 @@ #include <soc/me.h> #include <delay.h> +#define ARRAY_TO_ELEMENT(__array__, __index__, __default__) \ + (((__index__) < ARRAY_SIZE((__array__))) ? \ + (__array__)[(__index__)] : \ + (__default__)) + + static inline void me_read_dword_ptr(void *ptr, int offset) { u32 dword = pci_read_config32(PCH_DEV_ME, offset); @@ -225,23 +231,37 @@ void intel_me_status(void) printk(BIOS_DEBUG, "ME: Update In Progress : %s\n", hfs->update_in_progress ? "YES" : "NO"); printk(BIOS_DEBUG, "ME: Current Working State : %s\n", - me_cws_values[hfs->working_state]); + ARRAY_TO_ELEMENT(me_cws_values, + hfs->working_state, + "Unknown (OOB)")); printk(BIOS_DEBUG, "ME: Current Operation State : %s\n", - me_opstate_values[hfs->operation_state]); + ARRAY_TO_ELEMENT(me_opstate_values, + hfs->operation_state, + "Unknown (OOB)")); printk(BIOS_DEBUG, "ME: Current Operation Mode : %s\n", - me_opmode_values[hfs->operation_mode]); + ARRAY_TO_ELEMENT(me_opmode_values, + hfs->operation_mode, + "Unknown (OOB)")); printk(BIOS_DEBUG, "ME: Error Code : %s\n", - me_error_values[hfs->error_code]); + ARRAY_TO_ELEMENT(me_error_values, + hfs->error_code, + "Unknown (OOB)")); printk(BIOS_DEBUG, "ME: Progress Phase : %s\n", - me_progress_values[hfs2->progress_code]); + ARRAY_TO_ELEMENT(me_progress_values, + hfs2->progress_code, + "Unknown (OOB)")); printk(BIOS_DEBUG, "ME: Power Management Event : %s\n", - me_pmevent_values[hfs2->current_pmevent]); + ARRAY_TO_ELEMENT(me_pmevent_values, + hfs2->current_pmevent, + "Unknown (OOB)")); printk(BIOS_DEBUG, "ME: Progress Phase State : "); switch (hfs2->progress_code) { case ME_HFS2_PHASE_ROM: /* ROM Phase */ printk(BIOS_DEBUG, "%s", - me_progress_rom_values[hfs2->current_state]); + ARRAY_TO_ELEMENT(me_progress_rom_values, + hfs2->current_state, + "Unknown (OOB)")); break; case ME_HFS2_PHASE_UKERNEL: /* uKernel Phase */ @@ -249,19 +269,23 @@ void intel_me_status(void) break; case ME_HFS2_PHASE_BUP: /* Bringup Phase */ - if (hfs2->current_state < ARRAY_SIZE(me_progress_bup_values) - && me_progress_bup_values[hfs2->current_state]) + if (ARRAY_TO_ELEMENT(me_progress_bup_values, + hfs2->current_state, NULL)) printk(BIOS_DEBUG, "%s", - me_progress_bup_values[hfs2->current_state]); + ARRAY_TO_ELEMENT(me_progress_bup_values, + hfs2->current_state, + NULL)); else printk(BIOS_DEBUG, "0x%02x", hfs2->current_state); break; case ME_HFS2_PHASE_POLICY: /* Policy Module Phase */ - if (hfs2->current_state < ARRAY_SIZE(me_progress_policy_values) - && me_progress_policy_values[hfs2->current_state]) + if (ARRAY_TO_ELEMENT(me_progress_policy_values, + hfs2->current_state, NULL)) printk(BIOS_DEBUG, "%s", - me_progress_policy_values[hfs2->current_state]); + ARRAY_TO_ELEMENT(me_progress_policy_values, + hfs2->current_state, + NULL)); else printk(BIOS_DEBUG, "0x%02x", hfs2->current_state); break; |