Check for out-of-bound accesses in the platform io policies

The platform io policies array is now always accessed through a fconf getter. This gives us an ideal spot to check for out-of-bound accesses. Remove the assertion in plat_get_image_source(), which is now redundant. Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-04-02 15:52:44 +02:00 · 2020-04-02 15:52:44 +02:00 · afe62624c3
parent 6f8a256559
commit afe62624c3
2 changed files with 6 additions and 5 deletions
--- a/include/plat/arm/common/arm_fconf_getter.h
+++ b/include/plat/arm/common/arm_fconf_getter.h
@ -7,10 +7,15 @@
 #ifndef ARM_FCONF_GETTER
 #define ARM_FCONF_GETTER

+#include <assert.h>
+
 #include <lib/fconf/fconf.h>

 /* ARM io policies */
-#define arm__io_policies_getter(id)	&policies[id]
+#define arm__io_policies_getter(id) __extension__ ({	\
+	assert((id) < MAX_NUMBER_IDS);			\
+	&policies[id];					\
+})

 struct plat_io_policy {
 	uintptr_t *dev_handle;
--- a/plat/arm/common/arm_io_storage.c
+++ b/plat/arm/common/arm_io_storage.c
@ -4,8 +4,6 @@
 * SPDX-License-Identifier: BSD-3-Clause
 */

-#include <assert.h>
-
 #include <common/debug.h>
 #include <drivers/io/io_driver.h>
 #include <drivers/io/io_fip.h>
@ -116,8 +114,6 @@ int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
 	int result;
 	const struct plat_io_policy *policy;

-	assert(image_id < MAX_NUMBER_IDS);
-
 	policy = FCONF_GET_PROPERTY(arm, io_policies, image_id);
 	result = policy->check(policy->image_spec);
 	if (result == 0) {