Merge changes from topic "sb/fconf" into integration
* changes:
Check for out-of-bound accesses in the platform io policies
Check for out-of-bound accesses in the CoT description
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 6c48124..1dc9ff4 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,8 @@
#include <drivers/auth/auth_common.h>
#include <drivers/auth/img_parser_mod.h>
+#include <lib/utils_def.h>
+
/*
* Image flags
*/
@@ -41,9 +43,11 @@
/* Macro to register a CoT defined as an array of auth_img_desc_t pointers */
#define REGISTER_COT(_cot) \
const auth_img_desc_t *const *const cot_desc_ptr = (_cot); \
+ const size_t cot_desc_size = ARRAY_SIZE(_cot); \
unsigned int auth_img_flags[MAX_NUMBER_IDS]
extern const auth_img_desc_t *const *const cot_desc_ptr;
+extern const size_t cot_desc_size;
extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
#endif /* TRUSTED_BOARD_BOOT */
diff --git a/include/lib/fconf/fconf_tbbr_getter.h b/include/lib/fconf/fconf_tbbr_getter.h
index eddc0c4..db98b68 100644
--- a/include/lib/fconf/fconf_tbbr_getter.h
+++ b/include/lib/fconf/fconf_tbbr_getter.h
@@ -7,10 +7,15 @@
#ifndef FCONF_TBBR_GETTER_H
#define FCONF_TBBR_GETTER_H
+#include <assert.h>
+
#include <lib/fconf/fconf.h>
/* TBBR related getter */
-#define tbbr__cot_getter(id) cot_desc_ptr[id]
+#define tbbr__cot_getter(id) __extension__ ({ \
+ assert((id) < cot_desc_size); \
+ cot_desc_ptr[id]; \
+})
#define tbbr__dyn_config_getter(id) tbbr_dyn_config.id
diff --git a/include/plat/arm/common/arm_fconf_getter.h b/include/plat/arm/common/arm_fconf_getter.h
index 28913a4..8fd8c7a 100644
--- a/include/plat/arm/common/arm_fconf_getter.h
+++ b/include/plat/arm/common/arm_fconf_getter.h
@@ -7,10 +7,15 @@
#ifndef ARM_FCONF_GETTER
#define ARM_FCONF_GETTER
+#include <assert.h>
+
#include <lib/fconf/fconf.h>
/* ARM io policies */
-#define arm__io_policies_getter(id) &policies[id]
+#define arm__io_policies_getter(id) __extension__ ({ \
+ assert((id) < MAX_NUMBER_IDS); \
+ &policies[id]; \
+})
struct plat_io_policy {
uintptr_t *dev_handle;
diff --git a/plat/arm/common/arm_io_storage.c b/plat/arm/common/arm_io_storage.c
index 6fcfbd6..34b4101 100644
--- a/plat/arm/common/arm_io_storage.c
+++ b/plat/arm/common/arm_io_storage.c
@@ -4,8 +4,6 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <assert.h>
-
#include <common/debug.h>
#include <drivers/io/io_driver.h>
#include <drivers/io/io_fip.h>
@@ -116,8 +114,6 @@
int result;
const struct plat_io_policy *policy;
- assert(image_id < MAX_NUMBER_IDS);
-
policy = FCONF_GET_PROPERTY(arm, io_policies, image_id);
result = policy->check(policy->image_spec);
if (result == 0) {