From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH master 2/2] FIT: do not decompress device trees to find compatible
Date: Fri, 14 Feb 2025 12:23:43 +0100 [thread overview]
Message-ID: <20250214112343.3076535-2-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20250214112343.3076535-1-a.fatoum@pengutronix.de>
Uncompressing all FDTs just to look up the compatible is detrimental to
boot speed and negatively impacts security. Let's thus throw an error
and expect users to specify a compatible property in the configuration
or just refrain from compressing their DTs.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
common/image-fit.c | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index e05161379d04..959384abd275 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -570,18 +570,29 @@ static void fit_uncompress_error_fn(char *x)
pr_err("%s\n", x);
}
+static const char *get_compression_type(struct device_node *image)
+{
+ const char *compression = NULL;
+
+ of_property_read_string(image, "compression", &compression);
+ if (!compression || !strcmp(compression, "none"))
+ return NULL;
+
+ return compression;
+}
+
static int fit_handle_decompression(struct device_node *image,
const char *type,
const void **data,
int *data_len)
{
- const char *compression = NULL;
+ const char *compression;
struct property *pp;
void *uc_data;
int ret;
- of_property_read_string(image, "compression", &compression);
- if (!compression || !strcmp(compression, "none"))
+ compression = get_compression_type(image);
+ if (!compression)
return 0;
if (!strcmp(type, "ramdisk")) {
@@ -723,6 +734,7 @@ static int fit_fdt_is_compatible(struct fit_handle *handle,
struct device_node *child,
const char *machine)
{
+ const char *reason = "malformed";
struct device_node *image;
const char *unit = "fdt";
int data_len;
@@ -742,14 +754,25 @@ static int fit_fdt_is_compatible(struct fit_handle *handle,
if (!data)
goto err;
- ret = fit_handle_decompression(image, "fdt", &data, &data_len);
- if (ret)
+ /* We have three options here:
+ *
+ * 1) Increase our attack surface by all supported compression algos
+ * 2) Verify all configurations in the image as we search for best
+ * OF match score
+ * 3) Blame the user and expect them to supply a compatible property
+ * in the configuration node if they want to compress their FDTs
+ *
+ * We go for option 3.
+ */
+ if (get_compression_type(image)) {
+ reason = "compressed";
goto err;
+ }
return fdt_machine_is_compatible(data, data_len, machine);
err:
- pr_warn("skipping malformed configuration \"%pOF\"\n",
- child);
+ pr_warn("skipping %s configuration \"%pOF\"\n",
+ reason, child);
return 0;
}
--
2.39.5
next prev parent reply other threads:[~2025-02-14 11:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-14 11:23 [PATCH master 1/2] FIT: factor out fit_fdt_is_compatible for readability Ahmad Fatoum
2025-02-14 11:23 ` Ahmad Fatoum [this message]
2025-02-17 9:00 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250214112343.3076535-2-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox