From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org,
masami.hiramatsu@linaro.org, u-boot@lists.denx.de,
agraf@csgraf.de, sjg@chromium.org
Subject: Re: [PATCH v6 02/12] tools: mkeficapsule: rework the code a little bit
Date: Mon, 8 Nov 2021 13:18:28 +0900 [thread overview]
Message-ID: <20211108041828.GB16401@laputa> (raw)
In-Reply-To: <49a84006-ac07-85f2-6dae-3a72312055a4@gmx.de>
On Sun, Nov 07, 2021 at 07:35:04AM +0100, Heinrich Schuchardt wrote:
> On 11/2/21 01:55, AKASHI Takahiro wrote:
> > Abstract common routines to make the code easily understandable.
> > No functional change.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > Reviewed-by: Simon Glass <sjg@chromium.org>
> > ---
> > tools/mkeficapsule.c | 219 ++++++++++++++++++++++++++++++-------------
> > 1 file changed, 155 insertions(+), 64 deletions(-)
> >
> > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> > index 4995ba4e0c2a..8427fedd941c 100644
> > --- a/tools/mkeficapsule.c
> > +++ b/tools/mkeficapsule.c
> > @@ -61,17 +61,117 @@ static void print_usage(void)
> > tool_name);
> > }
> >
> > +/**
> > + * read_bin_file - read a firmware binary file
> > + * @bin: Path to a firmware binary file
> > + * @data: Pointer to pointer of allocated buffer
> > + * @bin_size: Size of allocated buffer
> > + *
> > + * Read out a content of binary, @bin, into @data.
> > + * A caller should free @data.
> > + *
> > + * Return:
> > + * * 0 - on success
> > + * * -1 - on failure
> > + */
> > +static int read_bin_file(char *bin, void **data, off_t *bin_size)
> > +{
> > + FILE *g;
> > + struct stat bin_stat;
> > + void *buf;
> > + size_t size;
> > + int ret = 0;
> > +
> > + g = fopen(bin, "r");
> > + if (!g) {
> > + printf("cannot open %s\n", bin);
> > + return -1;
> > + }
> > + if (stat(bin, &bin_stat) < 0) {
> > + printf("cannot determine the size of %s\n", bin);
> > + ret = -1;
> > + goto err;
> > + }
> > + buf = malloc(bin_stat.st_size);
>
> bin_stat.st_size is of type off_t which is a 64bit type if the operating
> system supports file sizes exceeding 4 GiB.
>
> malloc() expects a size_t argument. You should check for an overflow
> here before casting from 64bit to 32bit on a 32bit system.
OK, will fix it.
-Takahiro Akashi
> > + if (!buf) {
> > + printf("cannot allocate memory: %zx\n",
> > + (size_t)bin_stat.st_size);
> > + ret = -1;
> > + goto err;
> > + }
> > +
> > + size = fread(buf, 1, bin_stat.st_size, g);
> > + if (size < bin_stat.st_size) {
> > + printf("read failed (%zx)\n", size);
> > + ret = -1;
> > + goto err;
> > + }
> > +
> > + *data = buf;
> > + *bin_size = bin_stat.st_size;
> > +err:
> > + fclose(g);
> > +
> > + return ret;
> > +}
> > +
> > +/**
> > + * write_capsule_file - write a capsule file
> > + * @bin: FILE stream
> > + * @data: Pointer to data
> > + * @bin_size: Size of data
> > + *
> > + * Write out data, @data, with the size @bin_size.
> > + *
> > + * Return:
> > + * * 0 - on success
> > + * * -1 - on failure
> > + */
> > +static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)
> > +{
> > + size_t size_written;
> > +
> > + size_written = fwrite(data, 1, size, f);
> > + if (size_written < size) {
> > + printf("%s: write failed (%zx != %zx)\n", msg,
> > + size_written, size);
> > + return -1;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +/**
> > + * create_fwbin - create an uefi capsule file
> > + * @path: Path to a created capsule file
> > + * @bin: Path to a firmware binary to encapsulate
> > + * @guid: GUID of related FMP driver
> > + * @index: Index number in capsule
> > + * @instance: Instance number in capsule
> > + * @mcount: Monotonic count in authentication information
> > + * @private_file: Path to a private key file
> > + * @cert_file: Path to a certificate file
> > + *
> > + * This function actually does the job of creating an uefi capsule file.
> > + * All the arguments must be supplied.
> > + * If either @private_file ror @cert_file is NULL, the capsule file
> > + * won't be signed.
> > + *
> > + * Return:
> > + * * 0 - on success
> > + * * -1 - on failure
> > + */
> > static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
> > unsigned long index, unsigned long instance)
> > {
> > struct efi_capsule_header header;
> > struct efi_firmware_management_capsule_header capsule;
> > struct efi_firmware_management_capsule_image_header image;
> > - FILE *f, *g;
> > - struct stat bin_stat;
> > - u8 *data;
> > - size_t size;
> > + FILE *f;
> > + void *data;
> > + off_t bin_size;
> > u64 offset;
> > + int ret;
> >
> > #ifdef DEBUG
> > printf("For output: %s\n", path);
> > @@ -79,25 +179,28 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
> > printf("\tindex: %ld\n\tinstance: %ld\n", index, instance);
> > #endif
> >
> > - g = fopen(bin, "r");
> > - if (!g) {
> > - printf("cannot open %s\n", bin);
> > - return -1;
> > - }
> > - if (stat(bin, &bin_stat) < 0) {
> > - printf("cannot determine the size of %s\n", bin);
> > - goto err_1;
> > - }
> > - data = malloc(bin_stat.st_size);
>
> Please, check for overflow before casting from off_t to size_t.
>
> Best regards
>
> Heinrich
>
> > - if (!data) {
> > - printf("cannot allocate memory: %zx\n", (size_t)bin_stat.st_size);
> > - goto err_1;
> > - }
> > + f = NULL;
> > + data = NULL;
> > + ret = -1;
> > +
> > + /*
> > + * read a firmware binary
> > + */
> > + if (read_bin_file(bin, &data, &bin_size))
> > + goto err;
> > +
> > + /*
> > + * write a capsule file
> > + */
> > f = fopen(path, "w");
> > if (!f) {
> > printf("cannot open %s\n", path);
> > - goto err_2;
> > + goto err;
> > }
> > +
> > + /*
> > + * capsule file header
> > + */
> > header.capsule_guid = efi_guid_fm_capsule;
> > header.header_size = sizeof(header);
> > /* TODO: The current implementation ignores flags */
> > @@ -105,70 +208,58 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
> > header.capsule_image_size = sizeof(header)
> > + sizeof(capsule) + sizeof(u64)
> > + sizeof(image)
> > - + bin_stat.st_size;
> > -
> > - size = fwrite(&header, 1, sizeof(header), f);
> > - if (size < sizeof(header)) {
> > - printf("write failed (%zx)\n", size);
> > - goto err_3;
> > - }
> > + + bin_size;
> > + if (write_capsule_file(f, &header, sizeof(header),
> > + "Capsule header"))
> > + goto err;
> >
> > + /*
> > + * firmware capsule header
> > + * This capsule has only one firmware capsule image.
> > + */
> > capsule.version = 0x00000001;
> > capsule.embedded_driver_count = 0;
> > capsule.payload_item_count = 1;
> > - size = fwrite(&capsule, 1, sizeof(capsule), f);
> > - if (size < (sizeof(capsule))) {
> > - printf("write failed (%zx)\n", size);
> > - goto err_3;
> > - }
> > + if (write_capsule_file(f, &capsule, sizeof(capsule),
> > + "Firmware capsule header"))
> > + goto err;
> > +
> > offset = sizeof(capsule) + sizeof(u64);
> > - size = fwrite(&offset, 1, sizeof(offset), f);
> > - if (size < sizeof(offset)) {
> > - printf("write failed (%zx)\n", size);
> > - goto err_3;
> > - }
> > + if (write_capsule_file(f, &offset, sizeof(offset),
> > + "Offset to capsule image"))
> > + goto err;
> >
> > + /*
> > + * firmware capsule image header
> > + */
> > image.version = 0x00000003;
> > memcpy(&image.update_image_type_id, guid, sizeof(*guid));
> > image.update_image_index = index;
> > image.reserved[0] = 0;
> > image.reserved[1] = 0;
> > image.reserved[2] = 0;
> > - image.update_image_size = bin_stat.st_size;
> > + image.update_image_size = bin_size;
> > image.update_vendor_code_size = 0; /* none */
> > image.update_hardware_instance = instance;
> > image.image_capsule_support = 0;
> > + if (write_capsule_file(f, &image, sizeof(image),
> > + "Firmware capsule image header"))
> > + goto err;
> >
> > - size = fwrite(&image, 1, sizeof(image), f);
> > - if (size < sizeof(image)) {
> > - printf("write failed (%zx)\n", size);
> > - goto err_3;
> > - }
> > - size = fread(data, 1, bin_stat.st_size, g);
> > - if (size < bin_stat.st_size) {
> > - printf("read failed (%zx)\n", size);
> > - goto err_3;
> > - }
> > - size = fwrite(data, 1, bin_stat.st_size, f);
> > - if (size < bin_stat.st_size) {
> > - printf("write failed (%zx)\n", size);
> > - goto err_3;
> > - }
> > -
> > - fclose(f);
> > - fclose(g);
> > - free(data);
> > -
> > - return 0;
> > + /*
> > + * firmware binary
> > + */
> > + if (write_capsule_file(f, data, bin_size, "Firmware binary"))
> > + goto err;
> >
> > -err_3:
> > - fclose(f);
> > -err_2:
> > + ret = 0;
> > +err:
> > + if (f)
> > + fclose(f);
> > + free_sig_data(&auth_context);
> > free(data);
> > -err_1:
> > - fclose(g);
> >
> > - return -1;
> > + return ret;
> > }
> >
> > /*
> >
next prev parent reply other threads:[~2021-11-08 4:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 0:55 [PATCH v6 00/12] efi_loader: capsule: improve capsule authentication support AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 01/12] efi_loader: capsule: drop __weak from efi_get_public_key_data() AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 02/12] tools: mkeficapsule: rework the code a little bit AKASHI Takahiro
2021-11-02 14:57 ` Simon Glass
2021-11-07 6:35 ` Heinrich Schuchardt
2021-11-08 4:18 ` AKASHI Takahiro [this message]
2021-11-02 0:55 ` [PATCH v6 03/12] tools: mkeficapsule: add firmwware image signing AKASHI Takahiro
2021-11-07 6:53 ` Heinrich Schuchardt
2021-11-08 4:38 ` AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 04/12] tools: mkeficapsule: add man page AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 05/12] doc: update UEFI document for usage of mkeficapsule AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 06/12] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2021-11-02 14:58 ` Simon Glass
2021-11-02 16:15 ` Ilias Apalodimas
2021-11-02 0:55 ` [PATCH v6 07/12] tools: mkeficapsule: allow for specifying GUID explicitly AKASHI Takahiro
2021-11-02 14:58 ` Simon Glass
2021-11-04 2:12 ` AKASHI Takahiro
2021-11-04 2:49 ` Simon Glass
2021-11-02 0:55 ` [PATCH v6 08/12] test/py: efi_capsule: align with the syntax change of mkeficapsule AKASHI Takahiro
2021-11-02 14:58 ` Simon Glass
2021-11-02 0:55 ` [PATCH v6 09/12] test/py: efi_capsule: add a test for "--guid" option AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 10/12] test/py: efi_capsule: check the results in case of CAPSULE_AUTHENTICATE AKASHI Takahiro
2021-11-02 14:58 ` Simon Glass
2021-11-02 0:55 ` [PATCH v6 11/12] (RFC) tools: add fdtsig.sh AKASHI Takahiro
2021-11-02 0:55 ` [PATCH v6 12/12] (RFC) efi_loader, dts: add public keys for capsules to device tree AKASHI Takahiro
2021-11-02 14:58 ` Simon Glass
2021-11-04 2:17 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211108041828.GB16401@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agraf@csgraf.de \
--cc=ilias.apalodimas@linaro.org \
--cc=masami.hiramatsu@linaro.org \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.