Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / trini / u-boot / c5819701a3de61e2ba2ef7ad0b616565b32305e5^! / . / include
commitc5819701a3de61e2ba2ef7ad0b616565b32305e5[log] [tgz]
authorSimon Glass <sjg@chromium.org>Mon Feb 15 17:08:09 2021 -0700
committerTom Rini <trini@konsulko.com>Mon Feb 15 22:31:52 2021 -0500
tree2d78afc29b784d5477102dabfc94215781126ae0
parentd5f3aadacbc63df3b690d6fd9f0aa3f575b43356 [diff]
image: Adjust the workings of fit_check_format()

At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

diff --git a/include/image.h b/include/image.h
index 856bc3e..d5a9403 100644
--- a/include/image.h
+++ b/include/image.h

@@ -134,6 +134,9 @@
 extern ulong image_save_addr;		/* Default Save Address */
 extern ulong image_save_size;		/* Default Save Size */
 
+/* An invalid size, meaning that the image size is not known */
+#define IMAGE_SIZE_INVAL	(-1UL)
+
 enum ih_category {
 	IH_ARCH,
 	IH_COMP,
@@ -1142,7 +1145,23 @@
 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);
 int fit_image_check_type(const void *fit, int noffset, uint8_t type);
 int fit_image_check_comp(const void *fit, int noffset, uint8_t comp);
-int fit_check_format(const void *fit);
+
+/**
+ * fit_check_format() - Check that the FIT is valid
+ *
+ * This performs various checks on the FIT to make sure it is suitable for
+ * use, looking for mandatory properties, nodes, etc.
+ *
+ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make
+ * sure that there are no strange tags or broken nodes in the FIT.
+ *
+ * @fit: pointer to the FIT format image header
+ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check
+ *	failed (e.g. due to bad structure), -ENOMSG if the description is
+ *	missing, -ENODATA if the timestamp is missing, -ENOENT if the /images
+ *	path is missing
+ */
+int fit_check_format(const void *fit, ulong size);
 
 int fit_conf_find_compat(const void *fit, const void *fdt);