diff options
Diffstat (limited to 'config/submodule/coreboot/fam15h')
11 files changed, 214 insertions, 0 deletions
diff --git a/config/submodule/coreboot/fam15h/acpica-unix2-20190703.tar.gz/module.cfg b/config/submodule/coreboot/fam15h/acpica-unix2-20190703.tar.gz/module.cfg new file mode 100644 index 00000000..e839b77e --- /dev/null +++ b/config/submodule/coreboot/fam15h/acpica-unix2-20190703.tar.gz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/acpica-unix2-20190703.tar.gz" +subfile_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/acpica-unix2-20190703.tar.gz" +subhash="8445a6d354ce3bcbfb5159f4ec0312b1e910c0b1b2033a2300f892e4ac580abab4e3f5b4ded379f0036299359d307330511ab7053678cfd9031d7df4c365f555" diff --git a/config/submodule/coreboot/fam15h/binutils-2.32.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/binutils-2.32.tar.xz/module.cfg new file mode 100644 index 00000000..b549e139 --- /dev/null +++ b/config/submodule/coreboot/fam15h/binutils-2.32.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.32.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.32.tar.xz" +subhash="d326408f12a03d9a61a9de56584c2af12f81c2e50d2d7e835d51565df8314df01575724afa1e43bd0db45cfc9916b41519b67dfce03232aa4978704492a6994a" diff --git a/config/submodule/coreboot/fam15h/blobs/module.cfg b/config/submodule/coreboot/fam15h/blobs/module.cfg new file mode 100644 index 00000000..215caf4d --- /dev/null +++ b/config/submodule/coreboot/fam15h/blobs/module.cfg @@ -0,0 +1,3 @@ +subrepo="https://review.coreboot.org/blobs.git" +subrepo_bkup="https://github.com/coreboot/blobs" +subhash="034b27818450428f70aa9316c8bd0d65bacd8ee8" diff --git a/config/submodule/coreboot/fam15h/gcc-8.3.0.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/gcc-8.3.0.tar.xz/module.cfg new file mode 100644 index 00000000..6ce00577 --- /dev/null +++ b/config/submodule/coreboot/fam15h/gcc-8.3.0.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz" +subhash="1811337ae3add9680cec64968a2509d085b6dc5b6783fc1e8c295e3e47416196fd1a3ad8dfe7e10be2276b4f62c357659ce2902f239f60a8648548231b4b5802" diff --git a/config/submodule/coreboot/fam15h/gmp-6.1.2.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/gmp-6.1.2.tar.xz/module.cfg new file mode 100644 index 00000000..7caf1845 --- /dev/null +++ b/config/submodule/coreboot/fam15h/gmp-6.1.2.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.1.2.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.1.2.tar.xz" +subhash="9f098281c0593b76ee174b722936952671fab1dae353ce3ed436a31fe2bc9d542eca752353f6645b7077c1f395ab4fdd355c58e08e2a801368f1375690eee2c6" diff --git a/config/submodule/coreboot/fam15h/module.list b/config/submodule/coreboot/fam15h/module.list new file mode 100644 index 00000000..64f09aea --- /dev/null +++ b/config/submodule/coreboot/fam15h/module.list @@ -0,0 +1,9 @@ +3rdparty/blobs +3rdparty/vboot +util/crossgcc/tarballs/acpica-unix2-20190703.tar.gz +util/crossgcc/tarballs/binutils-2.32.tar.xz +util/crossgcc/tarballs/gcc-8.3.0.tar.xz +util/crossgcc/tarballs/gmp-6.1.2.tar.xz +util/crossgcc/tarballs/mpc-1.1.0.tar.gz +util/crossgcc/tarballs/mpfr-4.0.2.tar.xz +util/crossgcc/tarballs/nasm-2.14.02.tar.bz2 diff --git a/config/submodule/coreboot/fam15h/mpc-1.1.0.tar.gz/module.cfg b/config/submodule/coreboot/fam15h/mpc-1.1.0.tar.gz/module.cfg new file mode 100644 index 00000000..34e77772 --- /dev/null +++ b/config/submodule/coreboot/fam15h/mpc-1.1.0.tar.gz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.1.0.tar.gz" +subhash="72d657958b07c7812dc9c7cbae093118ce0e454c68a585bfb0e2fa559f1bf7c5f49b93906f580ab3f1073e5b595d23c6494d4d76b765d16dde857a18dd239628" diff --git a/config/submodule/coreboot/fam15h/mpfr-4.0.2.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/mpfr-4.0.2.tar.xz/module.cfg new file mode 100644 index 00000000..e33b1804 --- /dev/null +++ b/config/submodule/coreboot/fam15h/mpfr-4.0.2.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.0.2.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.0.2.tar.xz" +subhash="d583555d08863bf36c89b289ae26bae353d9a31f08ee3894520992d2c26e5683c4c9c193d7ad139632f71c0a476d85ea76182702a98bf08dde7b6f65a54f8b88" diff --git a/config/submodule/coreboot/fam15h/nasm-2.14.02.tar.bz2/module.cfg b/config/submodule/coreboot/fam15h/nasm-2.14.02.tar.bz2/module.cfg new file mode 100644 index 00000000..fecb3cba --- /dev/null +++ b/config/submodule/coreboot/fam15h/nasm-2.14.02.tar.bz2/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.nasm.us/pub/nasm/releasebuilds/2.14.02/nasm-2.14.02.tar.bz2" +subfile_bkup="https://coreboot.org/releases/crossgcc-sources/nasm-2.14.02.tar.bz2" +subhash="71e3d44736493b1a56d4230bc2e5519e858aaadde5d89a692f1472fad6755084460e36b42852707f4c862eff75d3f2c232aedcc4e61e9d9ffcc8c9ca6498292b" diff --git a/config/submodule/coreboot/fam15h/vboot/module.cfg b/config/submodule/coreboot/fam15h/vboot/module.cfg new file mode 100644 index 00000000..5fac75c3 --- /dev/null +++ b/config/submodule/coreboot/fam15h/vboot/module.cfg @@ -0,0 +1,3 @@ +subrepo="https://review.coreboot.org/vboot.git" +subrepo_bkup="https://github.com/coreboot/vboot" +subhash="ecdca931ae0637d1a9498f64862939bd5bb99e0b" diff --git a/config/submodule/coreboot/fam15h/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/fam15h/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch new file mode 100644 index 00000000..1ac41de6 --- /dev/null +++ b/config/submodule/coreboot/fam15h/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch @@ -0,0 +1,178 @@ +From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 +From: "Luke T. Shumaker" <lukeshu@lukeshu.com> +Date: Thu, 30 May 2024 14:08:33 -0600 +Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on + vmlinuz_header_{offset,size} + +The check on vmlinuz_header_offset and vmlinuz_header_size is obviously +wrong: + + if (!vmlinuz_header_size || + kpart_data + vmlinuz_header_offset + vmlinuz_header_size > + kpart_data) { + return 1; + } + +`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, +unless something has overflowed! And `vmlinuz_header_offset` hasn't even +been set yet (besides being initialized to zero)! + +GCC will deduce that if the check didn't cause the function to bail, then +vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range +[2GiB,4GiB). + +On platforms where size_t is 32-bits, this is *especially* broken. +memcpy's size argument must be in the range [0,2GiB). Because GCC has +proved that vmlinuz_header_size is higher than that, it will fail to +compile: + + host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] + +So, fix the check. + +I can now say that what I suspect the original author meant to write would +be the following patch, if `vmlinuz_header_offset` were already set: + + -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data + +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size + +This hypothesis is supported by `now` not getting incremented by +`kblob_size` the way it is for the keyblock and preamble sizes. + +However, we can also see that even this "corrected" bounds check is +insufficient: it does not detect the vmlinuz_header overflowing into +kblob_data. + +OK, so let's describe the fix: + +Have a `*vmlinuz_header` pointer instead of a +`uint64_t vmlinuz_header_offset`, to be more similar to all the other +regions. With this change, the correct check becomes a simple + + vmlinuz_header + vmlinuz_header_size > kblob_data + +While we're at it, make some changes that could have helped avoid this in +the first place: + + - Add comments. + - Calculate the vmlinuz_header offset right away, instead of waiting. + - Go ahead and increment `now` by `kblob_size`, to increase regularity. + +Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 +--- + host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- + 1 file changed, 51 insertions(+), 21 deletions(-) + +diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c +index 4ccfcf33..d2c09443 100644 +--- a/host/lib/extract_vmlinuz.c ++++ b/host/lib/extract_vmlinuz.c +@@ -15,16 +15,44 @@ + + int ExtractVmlinuz(void *kpart_data, size_t kpart_size, + void **vmlinuz_out, size_t *vmlinuz_size) { ++ // We're going to be extracting `vmlinuz_header` and ++ // `kblob_data`, and returning the concatenation of them. ++ // ++ // kpart_data = +-[kpart_size]------------------------------------+ ++ // | | ++ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | ++ // | | struct vb2_keyblock keyblock | | ++ // | | char [] ...data... | | ++ // | +---------------------------------------------+ | ++ // | | ++ // preamble = | +-[preamble->preamble_size]-------------------+ | ++ // | | struct vb2_kernel_preamble preamble | | ++ // | | char [] ...data... | | ++ // | | char [] vmlinuz_header | | ++ // | | char [] ...data... | | ++ // | +---------------------------------------------+ | ++ // | | ++ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | ++ // | | char [] ...data... | | ++ // | +---------------------------------------------+ | ++ // | | ++ // +-------------------------------------------------+ ++ + size_t now = 0; ++ // The 3 sections of kpart_data. ++ struct vb2_keyblock *keyblock = NULL; + struct vb2_kernel_preamble *preamble = NULL; + uint8_t *kblob_data = NULL; + uint32_t kblob_size = 0; ++ // vmlinuz_header ++ uint8_t *vmlinuz_header = NULL; + uint32_t vmlinuz_header_size = 0; +- uint64_t vmlinuz_header_address = 0; +- uint64_t vmlinuz_header_offset = 0; ++ // The concatenated result. + void *vmlinuz = NULL; + +- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; ++ // Isolate the 3 sections of kpart_data. ++ ++ keyblock = (struct vb2_keyblock *)kpart_data; + now += keyblock->keyblock_size; + if (now > kpart_size) + return 1; +@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, + + kblob_data = kpart_data + now; + kblob_size = preamble->body_signature.data_size; +- +- if (!kblob_data || (now + kblob_size) > kpart_size) ++ now += kblob_size; ++ if (now > kpart_size) + return 1; + ++ // Find `vmlinuz_header` within `preamble`. ++ + if (preamble->header_version_minor > 0) { +- vmlinuz_header_address = preamble->vmlinuz_header_address; ++ // calculate the vmlinuz_header offset from ++ // the beginning of the kpart_data. The kblob doesn't ++ // include the body_load_offset, but does include ++ // the keyblock and preamble sections. ++ size_t vmlinuz_header_offset = ++ preamble->vmlinuz_header_address - ++ preamble->body_load_address + ++ keyblock->keyblock_size + ++ preamble->preamble_size; ++ ++ vmlinuz_header = kpart_data + vmlinuz_header_offset; + vmlinuz_header_size = preamble->vmlinuz_header_size; + } + +- if (!vmlinuz_header_size || +- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > +- kpart_data) { ++ if (!vmlinuz_header || ++ !vmlinuz_header_size || ++ vmlinuz_header + vmlinuz_header_size > kblob_data) { + return 1; + } + +- // calculate the vmlinuz_header offset from +- // the beginning of the kpart_data. The kblob doesn't +- // include the body_load_offset, but does include +- // the keyblock and preamble sections. +- vmlinuz_header_offset = vmlinuz_header_address - +- preamble->body_load_address + +- keyblock->keyblock_size + +- preamble->preamble_size; ++ // Concatenate and return. + + vmlinuz = malloc(vmlinuz_header_size + kblob_size); + if (vmlinuz == NULL) + return 1; +- +- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, +- vmlinuz_header_size); +- ++ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); + memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); + + *vmlinuz_out = vmlinuz; +-- +2.45.1 + |