From 8c5e4d93db845fc1942438d54eedbdefcfd2bbf9 Mon Sep 17 00:00:00 2001 From: Julius Werner Date: Fri, 10 Oct 2014 14:11:11 -0700 Subject: cbfs: Enforce media->map() result checking, improve error messages If you try to boot a VBOOT2_VERIFY_FIRMWARE with less than 4K CBFS cache right now, your system will try and fail to validate the FMAP signature at (u8 *)0xFFFFFFFF and go into recovery mode. This patch avoids the memcmp() to potentially invalid memory, and also adds an error message to cbfs_simple_buffer_map() to make it explicit that we ran out of CBFS cache space. BUG=None TEST=Booted on Veyron_Pinky with reduced CBFS cache, saw the message. Original-Change-Id: Ic5773b4e0b36dc621513f58fc9bd29c17afbf1b7 Original-Signed-off-by: Julius Werner Original-Reviewed-on: https://chromium-review.googlesource.com/222899 Original-Reviewed-by: Aaron Durbin (cherry picked from commit 0ed3c0c2b63be0d32e8162faf892e41cef1f1f23) Signed-off-by: Aaron Durbin Change-Id: I20ccac83bff4a377caca6327d0e21032efff44c1 Reviewed-on: http://review.coreboot.org/9373 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi --- src/lib/cbfs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/lib/cbfs.c') diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index fc6e88721e..84638dab88 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -175,8 +175,11 @@ void *cbfs_simple_buffer_map(struct cbfs_simple_buffer *buffer, "allocated=%zd, size=%zd, last_allocate=%zd\n", offset, count, buffer->allocated, buffer->size, buffer->last_allocate); - if (buffer->allocated + count > buffer->size) + if (buffer->allocated + count > buffer->size) { + ERROR("simple_buffer: no room to map %zd bytes from %#zx\n", + count, offset); return CBFS_MEDIA_INVALID_MAP_ADDRESS; + } if (media->read(media, address, offset, count) != count) { ERROR("simple_buffer: fail to read %zd bytes from 0x%zx\n", count, offset); -- cgit v1.2.3