[coreboot-gerrit] [S] Change in coreboot[master]: [RFC] drivers/intel/fsp2_0/hand_off_block: limit number of

14 Nov 2022

Felix Held has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/69580 )
Change subject: [RFC] drivers/intel/fsp2_0/hand_off_block: limit number of
......................................................................
[RFC] drivers/intel/fsp2_0/hand_off_block: limit number of
Limit the number of HOBs fsp_hob_iterator_get_next will process to avoid
a more or less infinite loop in case the HOB list in memory is broken.
A relatively large number is chosen for HOB_PROCESSING_LIMIT, so that
this check won't be run into during normal operation.
Signed-off-by: Felix Held felix-coreboot@felixheld.de
Change-Id: Ie89c5b7e0aff7926e819aca455554370afd36f43
---
M src/drivers/intel/fsp2_0/hand_off_block.c
1 file changed, 29 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/80/69580/1

diff --git a/src/drivers/intel/fsp2_0/hand_off_block.c b/src/drivers/intel/fsp2_0/hand_off_block.c
index 2ded33699..573cbc9 100644
--- a/src/drivers/intel/fsp2_0/hand_off_block.c
+++ b/src/drivers/intel/fsp2_0/hand_off_block.c
@@ -11,6 +11,11 @@
#define HOB_HEADER_LEN		8
+/* Only process HOB_PROCESSING_LIMIT HOBs in fsp_hob_iterator_get_next to avoid an inifinite
+   loops in case of a broken HOB list in memory. This number should be large enough to not run
+   into this during normal operation */
+#define HOB_PROCESSING_LIMIT	1000
+
 /* GUIDs in little-endian, so they can be used with memcmp() */
 const uint8_t fsp_bootloader_tolum_guid[16] = {
    0x56, 0x4f, 0xff, 0x73, 0x8e, 0xaa, 0x51, 0x44,
@@ -137,13 +142,22 @@
    				     const struct hob_header **hob)
 {
    const struct hob_header *current_hob;
+	size_t hobs_processed = 0;
    while ((*hob_iterator)->type != HOB_TYPE_END_OF_HOB_LIST) {
    	current_hob = *hob_iterator;
    	*hob_iterator = fsp_next_hob(*hob_iterator);
+		hobs_processed++;
    	if (current_hob->type == hob_type) {
    		*hob = current_hob;
    		return CB_SUCCESS;
    	}
+		if (hobs_processed >= HOB_PROCESSING_LIMIT) {
+			printk(BIOS_ERR, "Processed more than %u HOBs; not proessing any "
+			       "further HOBs. There's likely somthing wrong with the HOB data "
+			       "structure in memory.\n",
+			       HOB_PROCESSING_LIMIT);
+			return CB_ERR;
+		}
    }
    return CB_ERR;
 }
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/69580
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ie89c5b7e0aff7926e819aca455554370afd36f43
Gerrit-Change-Number: 69580
Gerrit-PatchSet: 1
Gerrit-Owner: Felix Held felix-coreboot@felixheld.de
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] [S] Change in coreboot[master]: [RFC] drivers/intel/fsp2_0/hand_off_block: limit number of