Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-26 06:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
arm-trusted-firmware/include/lib/utils.h
Sandrine Bailleux 7b6d330c92 Ensure addresses in is_mem_free() don't overflow 
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.

If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().

This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.

This patch also introduces 2 slight changes to the reserve_mem()
function:

 - It fixes the end addresses passed to choose_mem_pos(). It was
   incorrectly passing (base + size) instead of (base + size - 1).

 - When the requested allocation size is 0, the function now exits
   straight away and says so using a warning message.
   Previously, it used to actually reserve some memory. A zero-byte
   allocation was not considered as a special case so the function
   was using the same top/bottom allocation mechanism as for any
   other allocation. As a result, the smallest area of memory starting
   from the requested base address within the free region was
   reserved.

Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
2016-07-25 12:57:42 +01:00

65 lines
2.5 KiB
C
Raw Blame History

/*
* Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __UTILS_H__
#define __UTILS_H__
/* Compute the number of elements in the given array */
#define ARRAY_SIZE(a) \
(sizeof(a) / sizeof((a)[0]))
#define IS_POWER_OF_TWO(x) \
(((x) & ((x) - 1)) == 0)
/*
* The round_up() macro rounds up a value to the given boundary in a
* type-agnostic yet type-safe manner. The boundary must be a power of two.
* In other words, it computes the smallest multiple of boundary which is
* greater than or equal to value.
*
* round_down() is similar but rounds the value down instead.
*/
#define round_boundary(value, boundary) \
((__typeof__(value))((boundary) - 1))
#define round_up(value, boundary) \
((((value) - 1) | round_boundary(value, boundary)) + 1)
#define round_down(value, boundary) \
((value) & ~round_boundary(value, boundary))
/*
* Evaluates to 1 if (ptr + inc) overflows, 0 otherwise.
* Both arguments must be unsigned pointer values (i.e. uintptr_t).
*/
#define check_uptr_overflow(ptr, inc) \
(((ptr) > UINTPTR_MAX - (inc)) ? 1 : 0)
#endif /* __UTILS_H__ */
Reference in a new issue View git blame Copy permalink