core/flash: Validate secure boot content size

Currently we don't check if the secure boot payload size fits within the partition that we are reading it from. This results in strange failures later on in boot if we cross the boundary between an ECCed and a non-ECCed partition since libflash does not support reading from regions with mixed ECC status. Without this patch: blocklevel_read: Can't cope with partial ecc FLASH: failed to read content size 15728640 BOOTKERNEL partition, rc 3 With: FLASH: Cannot load BOOTKERNEL. Content is larger than the partition Cc: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Oliver O'Halloran <oohall@gmail.com> Acked-by: Stewart Smith <stewart@flamingspork.com>
open-power · Aug 23, 2019 · e2018d2 · e2018d2
1 parent a1fced2
commit e2018d2
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/core/flash.c b/core/flash.c
@@ -631,6 +631,10 @@ static int flash_load_resource(enum resource_id id, uint32_t subid,
 	prlog(PR_DEBUG,"FLASH: %s partition %s ECC\n",
 	      name, ecc  ? "has" : "doesn't have");
 
+	/*
+	 * FIXME: Make the fact we don't support partitions smaller than 4K
+	 *  	  more explicit.
+	 */
 	if (ffs_part_size < SECURE_BOOT_HEADERS_SIZE) {
 		prerror("FLASH: secboot headers bigger than "
 			"partition size 0x%x\n", ffs_part_size);
@@ -668,6 +672,13 @@ static int flash_load_resource(enum resource_id id, uint32_t subid,
 			goto out_free_ffs;
 		}
 
+		if (*len > ffs_part_size) {
+			prerror("FLASH: Cannot load %s. Content is larger than the partition\n",
+					name);
+			rc = OPAL_PARAMETER;
+			goto out_free_ffs;
+		}
+
 		ffs_part_start += SECURE_BOOT_HEADERS_SIZE;
 
 		rc = blocklevel_read(flash->bl, ffs_part_start, bufp,