Merge changes from topic "sb/fconf" into integration

* changes: Check for out-of-bound accesses in the platform io policies Check for out-of-bound accesses in the CoT description

Merge changes from topic "sb/fconf" into integration
* changes: Check for out-of-bound accesses in the platform io policies Check for out-of-bound accesses in the CoT description
8a53445e · Olivier Deprez · TrustedFirmware Code Review · cb2e35b5 · afe62624 · 8a53445e
Commit 8a53445e authored Apr 03, 2020 by Olivier Deprez Committed by TrustedFirmware Code Review Apr 03, 2020
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@@ -14,6 +14,8 @@
 #include <drivers/auth/auth_common.h>
 #include <drivers/auth/img_parser_mod.h>

+#include <lib/utils_def.h>
+
 /*
 * Image flags
 */
@@ -41,9 +43,11 @@ int auth_mod_verify_img(unsigned int img_id,
 /* Macro to register a CoT defined as an array of auth_img_desc_t pointers */
 #define REGISTER_COT(_cot) \
 	const auth_img_desc_t *const *const cot_desc_ptr = (_cot); \
+	const size_t cot_desc_size = ARRAY_SIZE(_cot);		   \
 	unsigned int auth_img_flags[MAX_NUMBER_IDS]

 extern const auth_img_desc_t *const *const cot_desc_ptr;
+extern const size_t cot_desc_size;
 extern unsigned int auth_img_flags[MAX_NUMBER_IDS];

 #endif /* TRUSTED_BOARD_BOOT */

--- a/include/lib/fconf/fconf_tbbr_getter.h
+++ b/include/lib/fconf/fconf_tbbr_getter.h
@@ -7,10 +7,15 @@
 #ifndef FCONF_TBBR_GETTER_H
 #define FCONF_TBBR_GETTER_H

+#include <assert.h>
+
 #include <lib/fconf/fconf.h>

 /* TBBR related getter */
-#define tbbr__cot_getter(id)	cot_desc_ptr[id]
+#define tbbr__cot_getter(id) __extension__ ({	\
+	assert((id) < cot_desc_size);		\
+	cot_desc_ptr[id];			\
+})

 #define tbbr__dyn_config_getter(id)	tbbr_dyn_config.id


--- a/include/plat/arm/common/arm_fconf_getter.h
+++ b/include/plat/arm/common/arm_fconf_getter.h
@@ -7,10 +7,15 @@
 #ifndef ARM_FCONF_GETTER
 #define ARM_FCONF_GETTER

+#include <assert.h>
+
 #include <lib/fconf/fconf.h>

 /* ARM io policies */
-#define arm__io_policies_getter(id)	&policies[id]
+#define arm__io_policies_getter(id) __extension__ ({	\
+	assert((id) < MAX_NUMBER_IDS);			\
+	&policies[id];					\
+})

 struct plat_io_policy {
 	uintptr_t *dev_handle;

--- a/plat/arm/common/arm_io_storage.c
+++ b/plat/arm/common/arm_io_storage.c
@@ -4,8 +4,6 @@
 * SPDX-License-Identifier: BSD-3-Clause
 */

-#include <assert.h>
-
 #include <common/debug.h>
 #include <drivers/io/io_driver.h>
 #include <drivers/io/io_fip.h>
@@ -116,8 +114,6 @@ int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
 	int result;
 	const struct plat_io_policy *policy;

-	assert(image_id < MAX_NUMBER_IDS);
-
 	policy = FCONF_GET_PROPERTY(arm, io_policies, image_id);
 	result = policy->check(policy->image_spec);
 	if (result == 0) {