Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38421 )
Change subject: commonlib/bsd: Add new CBFS core implementation ......................................................................
Patch Set 13:
(2 comments)
https://review.coreboot.org/c/coreboot/+/38421/11/src/commonlib/bsd/cbfs_pri... File src/commonlib/bsd/cbfs_private.c:
https://review.coreboot.org/c/coreboot/+/38421/11/src/commonlib/bsd/cbfs_pri... PS11, Line 75: offset + sizeof(mdata.h), todo) != todo)
Line 53 guarantees sizeof(mdata) >= data_offset […]
Well, again, I'm trying to go for the general concept of "continue as far as possible". This one in particular would help a bit in the odd chance that someone uses an old version of cbfstool to add some file with more than 256 bytes metadata that's needed by their payload.
The line prevents any of the code that further parses that file entry from running, so I think it still serves the purpose of guaranteeing that invariant across the rest of this CBFS stack? I don't think it makes a difference for safety there if we abort or just go on searching at the next file entry.
https://review.coreboot.org/c/coreboot/+/38421/11/src/commonlib/bsd/include/... File src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h:
https://review.coreboot.org/c/coreboot/+/38421/11/src/commonlib/bsd/include/... PS11, Line 4: PRIVATE
I think having a comment about intention that you provided above, Julius, would be helpful. […]
Sounds good, added comment. (Note that CB:39327 also adds src/include/cbfs_private.h for the coreboot-specific parts of the "unsafe" API. I think I'll need direct access to some of that for program loading so I can't have it all local in lib/cbfs.c. I also have a warning comment there, I may flesh it out a bit more once I have all the use cases implemented and a better idea what APIs need to be exposed for what.)
I agree with Angel that this should also have a page in Documentation/ later, but since I don't have all the answers yet I'd say I'll finish writing the code first, and then document it later when all the design decisions are final.