From patchwork Tue May 5 14:48:31 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 48039 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wg0-f70.google.com (mail-wg0-f70.google.com [74.125.82.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id BA10120553 for ; Tue, 5 May 2015 14:49:01 +0000 (UTC) Received: by wghm4 with SMTP id m4sf54173745wgh.2 for ; Tue, 05 May 2015 07:49:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:subject:precedence:reply-to:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version :content-type:content-transfer-encoding:errors-to:x-original-sender :x-original-authentication-results:mailing-list; bh=Syz+Qg5sSy9T4fhbn/lYYXk28xZWFejCNgwnZMRmfwk=; b=DduHhoxWYaRl11SBLAe3Upl2o2zqhMxXAg+Tw2IgS5Dj64U2aDTtMSZkjJlsa+Hu0R Zt/LeIWVgD7TlU2nxGDOKmwtd/zS5fWdOt+Tkybp+agBXm0CYsEFL2l3+o7Qy4MVbZQF JGg0ubvZu+Pe2ckFbUWobZEhHi/9GZ8qqdX/gL8M7QPaeu6lIz7pfV0ILe3pa+TWGsYR zBbSMveTojOhfARkMVETLgFCh574OJCA0JEcyyIut8fT6uBLba8JoA931aAXmEYP2A7v /TNyxz1+xHzIcbiu6VTXOnbttUz7JL9ZXp25W2kU/bfbw/evXt/8y30kflNiUIBIK0cc WEFg== X-Gm-Message-State: ALoCoQkHKB2u6Ql2XjuvDjzX7bGH5TFNBoMir9jGycXQg6PfHhfvkkAtSGbpkjEYJkhNtnywhwl3 X-Received: by 10.113.11.3 with SMTP id ee3mr22599421lbd.9.1430837340851; Tue, 05 May 2015 07:49:00 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.37.40 with SMTP id v8ls831347laj.88.gmail; Tue, 05 May 2015 07:49:00 -0700 (PDT) X-Received: by 10.152.36.136 with SMTP id q8mr23780740laj.96.1430837340667; Tue, 05 May 2015 07:49:00 -0700 (PDT) Received: from mail-la0-f45.google.com (mail-la0-f45.google.com. [209.85.215.45]) by mx.google.com with ESMTPS id ur11si12630394lac.39.2015.05.05.07.49.00 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 May 2015 07:49:00 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.45 as permitted sender) client-ip=209.85.215.45; Received: by lagv1 with SMTP id v1so129309805lag.3 for ; Tue, 05 May 2015 07:49:00 -0700 (PDT) X-Received: by 10.152.37.228 with SMTP id b4mr23967092lak.117.1430837340384; Tue, 05 May 2015 07:49:00 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.67.65 with SMTP id l1csp2294616lbt; Tue, 5 May 2015 07:48:59 -0700 (PDT) X-Received: by 10.50.97.105 with SMTP id dz9mr2178333igb.49.1430837338854; Tue, 05 May 2015 07:48:58 -0700 (PDT) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id h38si12728052ioi.92.2015.05.05.07.48.58 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 05 May 2015 07:48:58 -0700 (PDT) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Ype9R-0001yo-GF; Tue, 05 May 2015 14:48:49 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Ype9Q-0001yf-6N for edk2-devel@lists.sourceforge.net; Tue, 05 May 2015 14:48:48 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of linaro.org designates 74.125.82.49 as permitted sender) client-ip=74.125.82.49; envelope-from=ard.biesheuvel@linaro.org; helo=mail-wg0-f49.google.com; Received: from mail-wg0-f49.google.com ([74.125.82.49]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Ype9P-0002CT-7E for edk2-devel@lists.sourceforge.net; Tue, 05 May 2015 14:48:48 +0000 Received: by wgiu9 with SMTP id u9so22603325wgi.3 for ; Tue, 05 May 2015 07:48:41 -0700 (PDT) X-Received: by 10.180.14.135 with SMTP id p7mr4814329wic.8.1430837321221; Tue, 05 May 2015 07:48:41 -0700 (PDT) Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net. [83.153.85.71]) by mx.google.com with ESMTPSA id fs9sm25926124wjc.34.2015.05.05.07.48.39 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 05 May 2015 07:48:40 -0700 (PDT) From: Ard Biesheuvel To: olivier.martin@arm.com, edk2-devel@lists.sourceforge.net, ronald.cron@arm.com Date: Tue, 5 May 2015 16:48:31 +0200 Message-Id: <1430837315-7388-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1430837315-7388-1-git-send-email-ard.biesheuvel@linaro.org> References: <1430837315-7388-1-git-send-email-ard.biesheuvel@linaro.org> X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1Ype9P-0002CT-7E Subject: [edk2] [PATCH 1/5] EmbeddedPkg: do not ASSERT() on valid external input X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: edk2-devel@lists.sourceforge.net List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ard.biesheuvel@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.45 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Since ASSERT()s are enabled even on all ArmPlatformPkg RELEASE builds, ASSERT()ing on a valid FDT header will crash the firmware if the user selects an incorrect file. Since ASSERT() is meant to catch internal inconsistencies in the firmware, its use here is inappropriate. Instead, handle it as a normal error condition. Contributed-under: TianoCore Contribution Agreement 1.0 Reviewed-by: Olivier Martin Signed-off-by: Ard Biesheuvel --- EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c index e777b0f7f7ed..90ac9d36d5e9 100644 --- a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c +++ b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c @@ -404,15 +404,16 @@ InstallFdt ( goto Error; } - // Check the FDT header is valid. We only make this check in DEBUG mode in - // case the FDT header change on production device and this ASSERT() becomes - // not valid. - ASSERT (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) == 0); - // - // Ensure the Size of the Device Tree is smaller than the size of the read file + // Ensure that the FDT header is valid and that the Size of the Device Tree + // is smaller than the size of the read file // - ASSERT ((UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) <= FdtBlobSize); + if (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) != 0 || + (UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) > FdtBlobSize) { + DEBUG ((EFI_D_ERROR, "InstallFdt() - loaded FDT binary image seems corrupt\n")); + Status = EFI_LOAD_ERROR; + goto Error; + } // // Store the FDT as Runtime Service Data to prevent the Kernel from