[U-Boot] [PATCH 1/4] fs: cbfs: remove wrong header validation

[U-Boot] [PATCH 1/4] fs: cbfs: remove wrong header validation

[Bin Meng]

From: Christian Gmeiner <christian.gmeiner@gmail.com>

cbfs_fileheader.len indicates the content size of the file in the
cbfs, and it has nothing to do with cbfs_fileheader.offset which
is the starting address of the file in the cbfs.

Remove such check in file_cbfs_next_file(). Before this change
'cbfsinit' failed with 'Bad CBFS file'. After this change all cbfs
commands are working as expected.

Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
[bmeng: keep the necessary header sanity check]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>

---

 fs/cbfs/cbfs.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index 0dce639..e943325 100644
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -96,8 +96,7 @@ static int file_cbfs_next_file(u8 *start, u32 size, u32 align,
 		}
 
 		swap_file_header(&header, fileHeader);
-		if (header.offset < sizeof(struct cbfs_fileheader) ||
-		    header.offset > header.len) {
+		if (header.offset < sizeof(struct cbfs_fileheader)) {
 			file_cbfs_result = CBFS_BAD_FILE;
 			return -1;
 		}
-- 
2.7.4

[U-Boot] [PATCH 2/4] fs: cbfs: Fix out of bound access during CBFS walking through

[Bin Meng]

The call to file_cbfs_fill_cache() is given with the parameter
'start' pointing to the offset by the CBFS base address, but
with the parameter 'size' that equals to the whole CBFS size.
During CBFS walking through, it checks files one by one and
after it pass over the end of the CBFS which is 4GiB boundary
it tries to check files from address 0 and so on, until the
overall size the codes checked hits to the given 'size'.

Fix this by passing 'start' pointing to the CBFS base address.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
---

 fs/cbfs/cbfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index e943325..7b2513c 100644
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -189,8 +189,8 @@ void file_cbfs_init(uintptr_t end_of_rom)
 
 	start_of_rom = (u8 *)(end_of_rom + 1 - cbfs_header.rom_size);
 
-	file_cbfs_fill_cache(start_of_rom + cbfs_header.offset,
-			     cbfs_header.rom_size, cbfs_header.align);
+	file_cbfs_fill_cache(start_of_rom, cbfs_header.rom_size,
+			     cbfs_header.align);
 	if (file_cbfs_result == CBFS_SUCCESS)
 		initialized = 1;
 }
-- 
2.7.4

[U-Boot] [PATCH 2/4] fs: cbfs: Fix out of bound access during CBFS walking through

[Simon Glass]

On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
>
> The call to file_cbfs_fill_cache() is given with the parameter
> 'start' pointing to the offset by the CBFS base address, but
> with the parameter 'size' that equals to the whole CBFS size.
> During CBFS walking through, it checks files one by one and
> after it pass over the end of the CBFS which is 4GiB boundary
> it tries to check files from address 0 and so on, until the
> overall size the codes checked hits to the given 'size'.
>
> Fix this by passing 'start' pointing to the CBFS base address.
>
> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> ---
>
>  fs/cbfs/cbfs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH 2/4] fs: cbfs: Fix out of bound access during CBFS walking through

[Bin Meng]

On Sat, Dec 29, 2018 at 9:40 PM Simon Glass <sjg@chromium.org> wrote:
>
> On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > The call to file_cbfs_fill_cache() is given with the parameter
> > 'start' pointing to the offset by the CBFS base address, but
> > with the parameter 'size' that equals to the whole CBFS size.
> > During CBFS walking through, it checks files one by one and
> > after it pass over the end of the CBFS which is 4GiB boundary
> > it tries to check files from address 0 and so on, until the
> > overall size the codes checked hits to the given 'size'.
> >
> > Fix this by passing 'start' pointing to the CBFS base address.
> >
> > Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> > ---
> >
> >  fs/cbfs/cbfs.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

applied to u-boot-x86, thanks!

[U-Boot] [PATCH 3/4] fs: cbfs: Make all CBFS_TYPE_xxx macros consistent

[Bin Meng]

At present there are 2 macros that are named as CBFS_COMPONENT_xxx.
Change them to CBFS_TYPE_xxx for consistency.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
---

 cmd/cbfs.c     | 4 ++--
 include/cbfs.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/cbfs.c b/cmd/cbfs.c
index ece790e..4d3e006 100644
--- a/cmd/cbfs.c
+++ b/cmd/cbfs.c
@@ -136,10 +136,10 @@ static int do_cbfs_ls(cmd_tbl_t *cmdtp, int flag, int argc,
 		case CBFS_TYPE_MICROCODE:
 			type_name = "microcode";
 			break;
-		case CBFS_COMPONENT_CMOS_DEFAULT:
+		case CBFS_TYPE_CMOS_DEFAULT:
 			type_name = "cmos default";
 			break;
-		case CBFS_COMPONENT_CMOS_LAYOUT:
+		case CBFS_TYPE_CMOS_LAYOUT:
 			type_name = "cmos layout";
 			break;
 		case -1:
diff --git a/include/cbfs.h b/include/cbfs.h
index 1b88ec0..dd4b574 100644
--- a/include/cbfs.h
+++ b/include/cbfs.h
@@ -26,8 +26,8 @@ enum cbfs_filetype {
 	CBFS_TYPE_VSA = 0x51,
 	CBFS_TYPE_MBI = 0x52,
 	CBFS_TYPE_MICROCODE = 0x53,
-	CBFS_COMPONENT_CMOS_DEFAULT = 0xaa,
-	CBFS_COMPONENT_CMOS_LAYOUT = 0x01aa
+	CBFS_TYPE_CMOS_DEFAULT = 0xaa,
+	CBFS_TYPE_CMOS_LAYOUT = 0x01aa
 };
 
 struct cbfs_header {
-- 
2.7.4

[U-Boot] [PATCH 3/4] fs: cbfs: Make all CBFS_TYPE_xxx macros consistent

[Simon Glass]

On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
>
> At present there are 2 macros that are named as CBFS_COMPONENT_xxx.
> Change them to CBFS_TYPE_xxx for consistency.
>
> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> ---
>
>  cmd/cbfs.c     | 4 ++--
>  include/cbfs.h | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH 3/4] fs: cbfs: Make all CBFS_TYPE_xxx macros consistent

[Bin Meng]

On Sat, Dec 29, 2018 at 9:40 PM Simon Glass <sjg@chromium.org> wrote:
>
> On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > At present there are 2 macros that are named as CBFS_COMPONENT_xxx.
> > Change them to CBFS_TYPE_xxx for consistency.
> >
> > Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> > ---
> >
> >  cmd/cbfs.c     | 4 ++--
> >  include/cbfs.h | 4 ++--
> >  2 files changed, 4 insertions(+), 4 deletions(-)
> >
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

applied to u-boot-x86, thanks!

[U-Boot] [PATCH 4/4] fs: cbfs: Add missing standard CBFS component types

[Bin Meng]

Current CBFS component type list is incomplete. Add missing ones.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
---

 cmd/cbfs.c     | 30 ++++++++++++++++++++++++++++++
 include/cbfs.h | 10 ++++++++++
 2 files changed, 40 insertions(+)

diff --git a/cmd/cbfs.c b/cmd/cbfs.c
index 4d3e006..c118a95 100644
--- a/cmd/cbfs.c
+++ b/cmd/cbfs.c
@@ -112,12 +112,21 @@ static int do_cbfs_ls(cmd_tbl_t *cmdtp, int flag, int argc,
 		printf(" %8d", file_cbfs_size(file));
 
 		switch (type) {
+		case CBFS_TYPE_BOOTBLOCK:
+			type_name = "bootblock";
+			break;
+		case CBFS_TYPE_CBFSHEADER:
+			type_name = "cbfs header";
+			break;
 		case CBFS_TYPE_STAGE:
 			type_name = "stage";
 			break;
 		case CBFS_TYPE_PAYLOAD:
 			type_name = "payload";
 			break;
+		case CBFS_TYPE_FIT:
+			type_name = "fit";
+			break;
 		case CBFS_TYPE_OPTIONROM:
 			type_name = "option rom";
 			break;
@@ -136,9 +145,30 @@ static int do_cbfs_ls(cmd_tbl_t *cmdtp, int flag, int argc,
 		case CBFS_TYPE_MICROCODE:
 			type_name = "microcode";
 			break;
+		case CBFS_TYPE_FSP:
+			type_name = "fsp";
+			break;
+		case CBFS_TYPE_MRC:
+			type_name = "mrc";
+			break;
+		case CBFS_TYPE_MMA:
+			type_name = "mma";
+			break;
+		case CBFS_TYPE_EFI:
+			type_name = "efi";
+			break;
+		case CBFS_TYPE_STRUCT:
+			type_name = "struct";
+			break;
 		case CBFS_TYPE_CMOS_DEFAULT:
 			type_name = "cmos default";
 			break;
+		case CBFS_TYPE_SPD:
+			type_name = "spd";
+			break;
+		case CBFS_TYPE_MRC_CACHE:
+			type_name = "mrc cache";
+			break;
 		case CBFS_TYPE_CMOS_LAYOUT:
 			type_name = "cmos layout";
 			break;
diff --git a/include/cbfs.h b/include/cbfs.h
index dd4b574..bd1bf75 100644
--- a/include/cbfs.h
+++ b/include/cbfs.h
@@ -18,15 +18,25 @@ enum cbfs_result {
 };
 
 enum cbfs_filetype {
+	CBFS_TYPE_BOOTBLOCK = 0x01,
+	CBFS_TYPE_CBFSHEADER = 0x02,
 	CBFS_TYPE_STAGE = 0x10,
 	CBFS_TYPE_PAYLOAD = 0x20,
+	CBFS_TYPE_FIT = 0x21,
 	CBFS_TYPE_OPTIONROM = 0x30,
 	CBFS_TYPE_BOOTSPLASH = 0x40,
 	CBFS_TYPE_RAW = 0x50,
 	CBFS_TYPE_VSA = 0x51,
 	CBFS_TYPE_MBI = 0x52,
 	CBFS_TYPE_MICROCODE = 0x53,
+	CBFS_TYPE_FSP = 0x60,
+	CBFS_TYPE_MRC = 0x61,
+	CBFS_TYPE_MMA = 0x62,
+	CBFS_TYPE_EFI = 0x63,
+	CBFS_TYPE_STRUCT = 0x70,
 	CBFS_TYPE_CMOS_DEFAULT = 0xaa,
+	CBFS_TYPE_SPD = 0xab,
+	CBFS_TYPE_MRC_CACHE = 0xac,
 	CBFS_TYPE_CMOS_LAYOUT = 0x01aa
 };
 
-- 
2.7.4

[U-Boot] [PATCH 4/4] fs: cbfs: Add missing standard CBFS component types

[Simon Glass]

On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
>
> Current CBFS component type list is incomplete. Add missing ones.
>
> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> ---
>
>  cmd/cbfs.c     | 30 ++++++++++++++++++++++++++++++
>  include/cbfs.h | 10 ++++++++++
>  2 files changed, 40 insertions(+)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH 4/4] fs: cbfs: Add missing standard CBFS component types

[Bin Meng]

On Sat, Dec 29, 2018 at 9:40 PM Simon Glass <sjg@chromium.org> wrote:
>
> On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > Current CBFS component type list is incomplete. Add missing ones.
> >
> > Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> > ---
> >
> >  cmd/cbfs.c     | 30 ++++++++++++++++++++++++++++++
> >  include/cbfs.h | 10 ++++++++++
> >  2 files changed, 40 insertions(+)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

applied to u-boot-x86, thanks!

[U-Boot] [PATCH 1/4] fs: cbfs: remove wrong header validation

[Simon Glass]

On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
>
> From: Christian Gmeiner <christian.gmeiner@gmail.com>
>
> cbfs_fileheader.len indicates the content size of the file in the
> cbfs, and it has nothing to do with cbfs_fileheader.offset which
> is the starting address of the file in the cbfs.
>
> Remove such check in file_cbfs_next_file(). Before this change
> 'cbfsinit' failed with 'Bad CBFS file'. After this change all cbfs
> commands are working as expected.
>
> Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
> [bmeng: keep the necessary header sanity check]
> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
>
> ---
>
>  fs/cbfs/cbfs.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH 1/4] fs: cbfs: remove wrong header validation

[Bin Meng]

On Sat, Dec 29, 2018 at 9:40 PM Simon Glass <sjg@chromium.org> wrote:
>
> On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > From: Christian Gmeiner <christian.gmeiner@gmail.com>
> >
> > cbfs_fileheader.len indicates the content size of the file in the
> > cbfs, and it has nothing to do with cbfs_fileheader.offset which
> > is the starting address of the file in the cbfs.
> >
> > Remove such check in file_cbfs_next_file(). Before this change
> > 'cbfsinit' failed with 'Bad CBFS file'. After this change all cbfs
> > commands are working as expected.
> >
> > Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
> > [bmeng: keep the necessary header sanity check]
> > Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> >
> > ---
> >
> >  fs/cbfs/cbfs.c | 3 +--
> >  1 file changed, 1 insertion(+), 2 deletions(-)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

applied to u-boot-x86, thanks!