region: Introduce region_create() functions

We introduce two new functions to create region objects. They allow us to check for integer overflows (region_create_untrusted()) or assert their absence (region_create()). This fixes potential overflows in region_overlap() checks in SMI handlers, where we would wrongfully report MMIO as *not* overlapping SMRAM. Also, two cases of strtol() in parse_region() (cbfstool), where the results were implicitly converted to `size_t`, are replaced with the unsigned strtoul(). FIT payload support is left out, as it doesn't use the region API (only the struct). Change-Id: I4ae3e6274c981c9ab4fb1263c2a72fa68ef1c32b Ticket: https://ticket.coreboot.org/issues/522 Found-by: Vadim Zaliva <lord@digamma.ai> Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79905 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2024-01-11 18:59:24 +01:00
parent 0e9830884c
commit af0d4bce65
12 changed files with 95 additions and 75 deletions
--- a/util/cbfstool/cse_serger.c
+++ b/util/cbfstool/cse_serger.c
@@ -820,15 +820,22 @@ static int cmd_add(void)
 	return 0;
 }

-static void parse_region(struct region *r, char *arg)
+static int parse_region(struct region *r, char *arg)
 {
 	char *tok;

 	tok = strtok(arg, ":");
-	r->offset = strtol(tok, NULL, 0);
+	unsigned long offset = strtoul(tok, NULL, 0);

 	tok = strtok(NULL, ":");
-	r->size = strtol(tok, NULL, 0);
+	unsigned long size = strtoul(tok, NULL, 0);
+
+	if (region_create_untrusted(r, offset, size) != CB_SUCCESS) {
+		ERROR("Invalid region: %lx:%lx\n", offset, size);
+		return -1;
+	}
+
+	return 0;
 }

 static struct command {
@@ -991,19 +998,24 @@ int main(int argc, char **argv)
 				params.partition_type = atoi(optarg);
 				break;
 			case LONGOPT_BP1:
-				parse_region(&params.layout_regions[BP1], optarg);
+				if (parse_region(&params.layout_regions[BP1], optarg))
+					return 1;
 				break;
 			case LONGOPT_BP2:
-				parse_region(&params.layout_regions[BP2], optarg);
+				if (parse_region(&params.layout_regions[BP2], optarg))
+					return 1;
 				break;
 			case LONGOPT_BP3:
-				parse_region(&params.layout_regions[BP3], optarg);
+				if (parse_region(&params.layout_regions[BP3], optarg))
+					return 1;
 				break;
 			case LONGOPT_BP4:
-				parse_region(&params.layout_regions[BP4], optarg);
+				if (parse_region(&params.layout_regions[BP4], optarg))
+					return 1;
 				break;
 			case LONGOPT_DATA:
-				parse_region(&params.layout_regions[DP], optarg);
+				if (parse_region(&params.layout_regions[DP], optarg))
+					return 1;
 				break;
 			case LONGOPT_BP1_FILE:
 				params.layout_files[BP1] = optarg;