From 9cc2323feebdde500f50f7abb855045dbde765cb Mon Sep 17 00:00:00 2001
From: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Date: Sat, 26 Jan 2019 22:13:04 +0100
Subject: lmb: handle more than one DRAM BANK

This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.

This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.

Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 lib/lmb.c | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/lmb.c b/lib/lmb.c
index 7aff2c248f..b3b84e4d37 100644
--- a/lib/lmb.c
+++ b/lib/lmb.c
@@ -98,12 +98,8 @@ void lmb_init(struct lmb *lmb)
 	lmb->reserved.size = 0;
 }
 
-/* Initialize the struct, add memory and call arch/board reserve functions */
-void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
-			  void *fdt_blob)
+static void lmb_reserve_common(struct lmb *lmb, void *fdt_blob)
 {
-	lmb_init(lmb);
-	lmb_add(lmb, base, size);
 	arch_lmb_reserve(lmb);
 	board_lmb_reserve(lmb);
 
@@ -111,6 +107,37 @@ void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
 		boot_fdt_add_mem_rsv_regions(lmb, fdt_blob);
 }
 
+/* Initialize the struct, add memory and call arch/board reserve functions */
+void lmb_init_and_reserve(struct lmb *lmb, bd_t *bd, void *fdt_blob)
+{
+#ifdef CONFIG_NR_DRAM_BANKS
+	int i;
+#endif
+
+	lmb_init(lmb);
+#ifdef CONFIG_NR_DRAM_BANKS
+	for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
+		if (bd->bi_dram[i].size) {
+			lmb_add(lmb, bd->bi_dram[i].start,
+				bd->bi_dram[i].size);
+		}
+	}
+#else
+	if (bd->bi_memsize)
+		lmb_add(lmb, bd->bi_memstart, bd->bi_memsize);
+#endif
+	lmb_reserve_common(lmb, fdt_blob);
+}
+
+/* Initialize the struct, add memory and call arch/board reserve functions */
+void lmb_init_and_reserve_range(struct lmb *lmb, phys_addr_t base,
+				phys_size_t size, void *fdt_blob)
+{
+	lmb_init(lmb);
+	lmb_add(lmb, base, size);
+	lmb_reserve_common(lmb, fdt_blob);
+}
+
 /* This routine called with relocation disabled. */
 static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size)
 {
-- 
cgit v1.2.3