fs: prevent overwriting reserved memory

This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Simon Goldschmidt 2019-01-14 22:38:19 +0100
committer: Tom Rini 2019-01-16 16:37:05 -0500
commit: aa3c609e2be5a837e7b81e308d47f55b67666bd6 (patch)
tree: 4e1e3090b5ec43ed88cc2790c080b2a790679d78 /include/lmb.h
parent: 4cc8af8037ebabd674d0a6bed202b0c711dc7699 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/lmb.h b/include/lmb.h
index 7d7e2a78dc0..62da85e716e 100644
--- a/include/lmb.h
+++ b/include/lmb.h
@@ -31,6 +31,8 @@ struct lmb {
 extern struct lmb lmb;
 
 extern void lmb_init(struct lmb *lmb);
+extern void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base,
+				 phys_size_t size, void *fdt_blob);
 extern long lmb_add(struct lmb *lmb, phys_addr_t base, phys_size_t size);
 extern long lmb_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size);
 extern phys_addr_t lmb_alloc(struct lmb *lmb, phys_size_t size, ulong align);
author	Simon Goldschmidt	2019-01-14 22:38:19 +0100
committer	Tom Rini	2019-01-16 16:37:05 -0500
commit	aa3c609e2be5a837e7b81e308d47f55b67666bd6 (patch)
tree	4e1e3090b5ec43ed88cc2790c080b2a790679d78 /include/lmb.h
parent	4cc8af8037ebabd674d0a6bed202b0c711dc7699 (diff)