From 60d7d5a63189c9f77a190c9965861dc15482c2d0 Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Fri, 22 Mar 2013 11:26:21 +0000 Subject: env: fix potential stack overflow in environment functions Most of the various environment functions create CONFIG_ENV_SIZE buffers on the stack. At least on ARM and PPC which have 4KB stacks, this can overflow the stack if we have large environment sizes. So move all the buffers off the stack to static buffers. Signed-off-by: Rob Herring --- common/env_nand.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'common/env_nand.c') diff --git a/common/env_nand.c b/common/env_nand.c index 5b69889c0..8cc2055eb 100644 --- a/common/env_nand.c +++ b/common/env_nand.c @@ -64,6 +64,8 @@ env_t *env_ptr = (env_t *)CONFIG_NAND_ENV_DST; env_t *env_ptr; #endif /* ENV_IS_EMBEDDED */ +DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE); + DECLARE_GLOBAL_DATA_PTR; /* @@ -173,7 +175,7 @@ static unsigned char env_flags; int saveenv(void) { - env_t env_new; + env_t *env_new = (env_t *)env_buf; ssize_t len; char *res; int ret = 0; @@ -185,14 +187,14 @@ int saveenv(void) if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE) return 1; - res = (char *)&env_new.data; + res = (char *)env_new->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); - env_new.flags = ++env_flags; /* increase the serial */ + env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new->flags = ++env_flags; /* increase the serial */ if (gd->env_valid == 1) { puts("Erasing redundant NAND...\n"); @@ -201,7 +203,7 @@ int saveenv(void) return 1; puts("Writing to redundant NAND... "); - ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)&env_new); + ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)env_new); } else { puts("Erasing NAND...\n"); nand_erase_options.offset = CONFIG_ENV_OFFSET; @@ -209,7 +211,7 @@ int saveenv(void) return 1; puts("Writing to NAND... "); - ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)&env_new); + ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)env_new); } if (ret) { puts("FAILED!\n"); @@ -226,7 +228,7 @@ int saveenv(void) int saveenv(void) { int ret = 0; - ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); + env_t *env_new = (env_t *)env_buf; ssize_t len; char *res; nand_erase_options_t nand_erase_options; @@ -238,7 +240,7 @@ int saveenv(void) if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE) return 1; - res = (char *)&env_new->data; + res = (char *)env_new->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); @@ -404,7 +406,6 @@ void env_relocate_spec(void) { #if !defined(ENV_IS_EMBEDDED) int ret; - ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE); #if defined(CONFIG_ENV_OFFSET_OOB) ret = get_nand_env_oob(&nand_info[0], &nand_env_oob_offset); @@ -420,13 +421,13 @@ void env_relocate_spec(void) } #endif - ret = readenv(CONFIG_ENV_OFFSET, (u_char *)buf); + ret = readenv(CONFIG_ENV_OFFSET, (u_char *)env_buf); if (ret) { set_default_env("!readenv() failed"); return; } - env_import(buf, 1); + env_import(env_buf, 1); #endif /* ! ENV_IS_EMBEDDED */ } #endif /* CONFIG_ENV_OFFSET_REDUND */ -- cgit v1.2.3-70-g09d2 From cd0f4fa1ca2901312ae78bc27d4edc8286fcbf1d Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Fri, 5 Apr 2013 14:55:21 -0400 Subject: Revert "env: fix potential stack overflow in environment functions" Wolfgang requested this be reverted and Rob agreed after further discussion. This was a symptom of a larger problem we need to deal with. This reverts commit 60d7d5a63189c9f77a190c9965861dc15482c2d0. Signed-off-by: Tom Rini --- common/env_dataflash.c | 15 ++++++++------- common/env_eeprom.c | 13 ++++++------- common/env_fat.c | 11 +++++------ common/env_mmc.c | 13 ++++++------- common/env_nand.c | 23 +++++++++++------------ common/env_nvram.c | 26 ++++++++++---------------- common/env_onenand.c | 13 ++++++------- common/env_sf.c | 23 +++++++++++------------ 8 files changed, 63 insertions(+), 74 deletions(-) (limited to 'common/env_nand.c') diff --git a/common/env_dataflash.c b/common/env_dataflash.c index 0591b999a..38c96157b 100644 --- a/common/env_dataflash.c +++ b/common/env_dataflash.c @@ -30,7 +30,6 @@ DECLARE_GLOBAL_DATA_PTR; env_t *env_ptr; char *env_name_spec = "dataflash"; -static char env_buf[CONFIG_ENV_SIZE]; uchar env_get_char_spec(int index) { @@ -43,9 +42,11 @@ uchar env_get_char_spec(int index) void env_relocate_spec(void) { - read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, env_buf); + char buf[CONFIG_ENV_SIZE]; - env_import(env_buf, 1); + read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, buf); + + env_import(buf, 1); } #ifdef CONFIG_ENV_OFFSET_REDUND @@ -54,20 +55,20 @@ void env_relocate_spec(void) int saveenv(void) { - env_t *env_new = (env_t *)env_buf; + env_t env_new; ssize_t len; char *res; - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new.crc = crc32(0, env_new.data, ENV_SIZE); return write_dataflash(CONFIG_ENV_ADDR, - (unsigned long)env_new, + (unsigned long)&env_new, CONFIG_ENV_SIZE); } diff --git a/common/env_eeprom.c b/common/env_eeprom.c index b136f04eb..45c935b6d 100644 --- a/common/env_eeprom.c +++ b/common/env_eeprom.c @@ -38,7 +38,6 @@ DECLARE_GLOBAL_DATA_PTR; env_t *env_ptr; -static char env_buf[CONFIG_ENV_SIZE]; char *env_name_spec = "EEPROM"; int env_eeprom_bus = -1; @@ -112,7 +111,7 @@ uchar env_get_char_spec(int index) void env_relocate_spec(void) { - char *buf = env_buf; + char buf[CONFIG_ENV_SIZE]; unsigned int off = CONFIG_ENV_OFFSET; #ifdef CONFIG_ENV_OFFSET_REDUND @@ -127,7 +126,7 @@ void env_relocate_spec(void) int saveenv(void) { - env_t *env_new = (env_t *)env_buf; + env_t env_new; ssize_t len; char *res; int rc; @@ -139,13 +138,13 @@ int saveenv(void) BUG_ON(env_ptr != NULL); - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new.crc = crc32(0, env_new.data, ENV_SIZE); #ifdef CONFIG_ENV_OFFSET_REDUND if (gd->env_valid == 1) { @@ -153,11 +152,11 @@ int saveenv(void) off_red = CONFIG_ENV_OFFSET; } - env_new->flags = ACTIVE_FLAG; + env_new.flags = ACTIVE_FLAG; #endif rc = eeprom_bus_write(CONFIG_SYS_DEF_EEPROM_ADDR, - off, (uchar *)env_new, CONFIG_ENV_SIZE); + off, (uchar *)&env_new, CONFIG_ENV_SIZE); #ifdef CONFIG_ENV_OFFSET_REDUND if (rc == 0) { diff --git a/common/env_fat.c b/common/env_fat.c index dd7139d4d..c0f18ab97 100644 --- a/common/env_fat.c +++ b/common/env_fat.c @@ -37,7 +37,6 @@ char *env_name_spec = "FAT"; env_t *env_ptr; -static char env_buf[CONFIG_ENV_SIZE]; DECLARE_GLOBAL_DATA_PTR; @@ -53,7 +52,7 @@ int env_init(void) #ifdef CONFIG_CMD_SAVEENV int saveenv(void) { - env_t *env_new = env_buf; + env_t env_new; ssize_t len; char *res; block_dev_desc_t *dev_desc = NULL; @@ -61,7 +60,7 @@ int saveenv(void) int part = FAT_ENV_PART; int err; - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); @@ -96,8 +95,8 @@ int saveenv(void) return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); - err = file_fat_write(FAT_ENV_FILE, (void *)env_new, sizeof(env_t)); + env_new.crc = crc32(0, env_new.data, ENV_SIZE); + err = file_fat_write(FAT_ENV_FILE, (void *)&env_new, sizeof(env_t)); if (err == -1) { printf("\n** Unable to write \"%s\" from %s%d:%d **\n", FAT_ENV_FILE, FAT_ENV_INTERFACE, dev, part); @@ -111,7 +110,7 @@ int saveenv(void) void env_relocate_spec(void) { - char *buf = env_buf; + char buf[CONFIG_ENV_SIZE]; block_dev_desc_t *dev_desc = NULL; int dev = FAT_ENV_DEVICE; int part = FAT_ENV_PART; diff --git a/common/env_mmc.c b/common/env_mmc.c index f5680134b..02bd5aed1 100644 --- a/common/env_mmc.c +++ b/common/env_mmc.c @@ -40,8 +40,6 @@ env_t *env_ptr = &environment; env_t *env_ptr; #endif /* ENV_IS_EMBEDDED */ -DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE); - DECLARE_GLOBAL_DATA_PTR; #if !defined(CONFIG_ENV_OFFSET) @@ -114,7 +112,7 @@ static inline int write_env(struct mmc *mmc, unsigned long size, int saveenv(void) { - env_t *env_new = (env_t *)env_buf; + ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); ssize_t len; char *res; struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV); @@ -129,7 +127,7 @@ int saveenv(void) goto fini; } - res = (char *)env_new->data; + res = (char *)&env_new->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); @@ -137,7 +135,7 @@ int saveenv(void) goto fini; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new->crc = crc32(0, &env_new->data[0], ENV_SIZE); printf("Writing to MMC(%d)... ", CONFIG_SYS_MMC_ENV_DEV); if (write_env(mmc, CONFIG_ENV_SIZE, offset, (u_char *)env_new)) { puts("failed\n"); @@ -171,6 +169,7 @@ static inline int read_env(struct mmc *mmc, unsigned long size, void env_relocate_spec(void) { #if !defined(ENV_IS_EMBEDDED) + ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE); struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV); u32 offset; int ret; @@ -185,12 +184,12 @@ void env_relocate_spec(void) goto fini; } - if (read_env(mmc, CONFIG_ENV_SIZE, offset, env_buf)) { + if (read_env(mmc, CONFIG_ENV_SIZE, offset, buf)) { ret = 1; goto fini; } - env_import(env_buf, 1); + env_import(buf, 1); ret = 0; fini: diff --git a/common/env_nand.c b/common/env_nand.c index 8cc2055eb..5b69889c0 100644 --- a/common/env_nand.c +++ b/common/env_nand.c @@ -64,8 +64,6 @@ env_t *env_ptr = (env_t *)CONFIG_NAND_ENV_DST; env_t *env_ptr; #endif /* ENV_IS_EMBEDDED */ -DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE); - DECLARE_GLOBAL_DATA_PTR; /* @@ -175,7 +173,7 @@ static unsigned char env_flags; int saveenv(void) { - env_t *env_new = (env_t *)env_buf; + env_t env_new; ssize_t len; char *res; int ret = 0; @@ -187,14 +185,14 @@ int saveenv(void) if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE) return 1; - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); - env_new->flags = ++env_flags; /* increase the serial */ + env_new.crc = crc32(0, env_new.data, ENV_SIZE); + env_new.flags = ++env_flags; /* increase the serial */ if (gd->env_valid == 1) { puts("Erasing redundant NAND...\n"); @@ -203,7 +201,7 @@ int saveenv(void) return 1; puts("Writing to redundant NAND... "); - ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)env_new); + ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)&env_new); } else { puts("Erasing NAND...\n"); nand_erase_options.offset = CONFIG_ENV_OFFSET; @@ -211,7 +209,7 @@ int saveenv(void) return 1; puts("Writing to NAND... "); - ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)env_new); + ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)&env_new); } if (ret) { puts("FAILED!\n"); @@ -228,7 +226,7 @@ int saveenv(void) int saveenv(void) { int ret = 0; - env_t *env_new = (env_t *)env_buf; + ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); ssize_t len; char *res; nand_erase_options_t nand_erase_options; @@ -240,7 +238,7 @@ int saveenv(void) if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE) return 1; - res = (char *)env_new->data; + res = (char *)&env_new->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); @@ -406,6 +404,7 @@ void env_relocate_spec(void) { #if !defined(ENV_IS_EMBEDDED) int ret; + ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE); #if defined(CONFIG_ENV_OFFSET_OOB) ret = get_nand_env_oob(&nand_info[0], &nand_env_oob_offset); @@ -421,13 +420,13 @@ void env_relocate_spec(void) } #endif - ret = readenv(CONFIG_ENV_OFFSET, (u_char *)env_buf); + ret = readenv(CONFIG_ENV_OFFSET, (u_char *)buf); if (ret) { set_default_env("!readenv() failed"); return; } - env_import(env_buf, 1); + env_import(buf, 1); #endif /* ! ENV_IS_EMBEDDED */ } #endif /* CONFIG_ENV_OFFSET_REDUND */ diff --git a/common/env_nvram.c b/common/env_nvram.c index ff74a6c2c..eab0e7be0 100644 --- a/common/env_nvram.c +++ b/common/env_nvram.c @@ -59,10 +59,6 @@ env_t *env_ptr = (env_t *)CONFIG_ENV_ADDR; char *env_name_spec = "NVRAM"; -#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE -static char env_buf[CONFIG_ENV_SIZE]; -#endif - #ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE uchar env_get_char_spec(int index) { @@ -76,38 +72,36 @@ uchar env_get_char_spec(int index) void env_relocate_spec(void) { - char *buf; + char buf[CONFIG_ENV_SIZE]; #if defined(CONFIG_SYS_NVRAM_ACCESS_ROUTINE) - buf = env_buf; nvram_read(buf, CONFIG_ENV_ADDR, CONFIG_ENV_SIZE); #else - buf = (void *)CONFIG_ENV_ADDR; + memcpy(buf, (void *)CONFIG_ENV_ADDR, CONFIG_ENV_SIZE); #endif env_import(buf, 1); } int saveenv(void) { -#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE - env_t *env_new = (env_t *)env_buf; -#else - env_t *env_new = (env_t *)CONFIG_ENV_ADDR; -#endif + env_t env_new; ssize_t len; char *res; int rcode = 0; - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new.crc = crc32(0, env_new.data, ENV_SIZE); #ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE - nvram_write(CONFIG_ENV_ADDR, env_new, CONFIG_ENV_SIZE); + nvram_write(CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE); +#else + if (memcpy((char *)CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE) == NULL) + rcode = 1; #endif return rcode; } @@ -121,7 +115,7 @@ int env_init(void) { #if defined(CONFIG_SYS_NVRAM_ACCESS_ROUTINE) ulong crc; - uchar *data = env_buf; + uchar data[ENV_SIZE]; nvram_read(&crc, CONFIG_ENV_ADDR, sizeof(ulong)); nvram_read(data, CONFIG_ENV_ADDR + sizeof(ulong), ENV_SIZE); diff --git a/common/env_onenand.c b/common/env_onenand.c index 6fd5613ee..faa903d2f 100644 --- a/common/env_onenand.c +++ b/common/env_onenand.c @@ -42,8 +42,6 @@ char *env_name_spec = "OneNAND"; #define ONENAND_MAX_ENV_SIZE CONFIG_ENV_SIZE #define ONENAND_ENV_SIZE(mtd) (ONENAND_MAX_ENV_SIZE - ENV_HEADER_SIZE) -static char env_buf[CONFIG_ENV_SIZE]; - DECLARE_GLOBAL_DATA_PTR; void env_relocate_spec(void) @@ -58,7 +56,8 @@ void env_relocate_spec(void) char *buf = (char *)&environment; #else loff_t env_addr = CONFIG_ENV_ADDR; - char *buf = env_buf; + char onenand_env[ONENAND_MAX_ENV_SIZE]; + char *buf = (char *)&onenand_env[0]; #endif /* ENV_IS_EMBEDDED */ #ifndef ENV_IS_EMBEDDED @@ -82,7 +81,7 @@ void env_relocate_spec(void) int saveenv(void) { - env_t *env_new = env_buf; + env_t env_new; ssize_t len; char *res; struct mtd_info *mtd = &onenand_mtd; @@ -95,13 +94,13 @@ int saveenv(void) .callback = NULL, }; - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new.crc = crc32(0, env_new.data, ENV_SIZE); instr.len = CONFIG_ENV_SIZE; #ifdef CONFIG_ENV_ADDR_FLEX @@ -120,7 +119,7 @@ int saveenv(void) } if (mtd->write(mtd, env_addr, ONENAND_MAX_ENV_SIZE, &retlen, - (u_char *)env_new)) { + (u_char *)&env_new)) { printf("OneNAND: write failed at 0x%llx\n", instr.addr); return 2; } diff --git a/common/env_sf.c b/common/env_sf.c index 9a592ba95..d9e908546 100644 --- a/common/env_sf.c +++ b/common/env_sf.c @@ -58,12 +58,11 @@ DECLARE_GLOBAL_DATA_PTR; char *env_name_spec = "SPI Flash"; static struct spi_flash *env_flash; -static char env_buf[CONFIG_ENV_SIZE]; #if defined(CONFIG_ENV_OFFSET_REDUND) int saveenv(void) { - env_t *env_new = (env_t *)env_buf; + env_t env_new; ssize_t len; char *res, *saved_buffer = NULL, flag = OBSOLETE_FLAG; u32 saved_size, saved_offset, sector = 1; @@ -79,14 +78,14 @@ int saveenv(void) } } - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); - env_new->flags = ACTIVE_FLAG; + env_new.crc = crc32(0, env_new.data, ENV_SIZE); + env_new.flags = ACTIVE_FLAG; if (gd->env_valid == 1) { env_new_offset = CONFIG_ENV_OFFSET_REDUND; @@ -126,7 +125,7 @@ int saveenv(void) puts("Writing to SPI flash..."); ret = spi_flash_write(env_flash, env_new_offset, - CONFIG_ENV_SIZE, env_new); + CONFIG_ENV_SIZE, &env_new); if (ret) goto done; @@ -138,7 +137,7 @@ int saveenv(void) } ret = spi_flash_write(env_flash, env_offset + offsetof(env_t, flags), - sizeof(env_new->flags), &flag); + sizeof(env_new.flags), &flag); if (ret) goto done; @@ -244,7 +243,7 @@ int saveenv(void) u32 saved_size, saved_offset, sector = 1; char *res, *saved_buffer = NULL; int ret = 1; - env_t *env_new = (env_t *)env_buf; + env_t env_new; ssize_t len; if (!env_flash) { @@ -277,13 +276,13 @@ int saveenv(void) sector++; } - res = (char *)env_new->data; + res = (char *)&env_new.data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); goto done; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + env_new.crc = crc32(0, env_new.data, ENV_SIZE); puts("Erasing SPI flash..."); ret = spi_flash_erase(env_flash, CONFIG_ENV_OFFSET, @@ -293,7 +292,7 @@ int saveenv(void) puts("Writing to SPI flash..."); ret = spi_flash_write(env_flash, CONFIG_ENV_OFFSET, - CONFIG_ENV_SIZE, env_new); + CONFIG_ENV_SIZE, &env_new); if (ret) goto done; @@ -316,7 +315,7 @@ int saveenv(void) void env_relocate_spec(void) { - char *buf = env_buf; + char buf[CONFIG_ENV_SIZE]; int ret; env_flash = spi_flash_probe(CONFIG_ENV_SPI_BUS, CONFIG_ENV_SPI_CS, -- cgit v1.2.3-70-g09d2 From c39d6a0ea57d57b53bd7fb8933874e1640e47888 Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Thu, 14 Mar 2013 05:32:50 +0000 Subject: nand: Extend nand_(read|write)_skip_bad with *actual and limit parameters We make these two functions take a size_t pointer to how much space was used on NAND to read or write the buffer (when reads/writes happen) so that bad blocks can be accounted for. We also make them take an loff_t limit on how much data can be read or written. This means that we can now catch the case of when writing to a partition would exceed the partition size due to bad blocks. To do this we also need to make check_skip_len count not just complete blocks used but partial ones as well. All callers of nand_(read|write)_skip_bad are adjusted to call these with the most sensible limits available. The changes were started by Pantelis and finished by Tom. Signed-off-by: Pantelis Antoniou Signed-off-by: Tom Rini --- board/cm_t35/cm_t35.c | 2 ++ common/cmd_nand.c | 53 ++++++++++++++++++++-------------- common/env_nand.c | 3 +- drivers/mtd/nand/nand_util.c | 68 ++++++++++++++++++++++++++++++++++++++------ include/nand.h | 4 +-- 5 files changed, 97 insertions(+), 33 deletions(-) (limited to 'common/env_nand.c') diff --git a/board/cm_t35/cm_t35.c b/board/cm_t35/cm_t35.c index 629ce4a50..84c36bafb 100644 --- a/board/cm_t35/cm_t35.c +++ b/board/cm_t35/cm_t35.c @@ -91,6 +91,7 @@ static int splash_load_from_nand(u32 bmp_load_addr) res = nand_read_skip_bad(&nand_info[nand_curr_device], splash_screen_nand_offset, &bmp_header_size, + NULL, nand_info[nand_curr_device].size, (u_char *)bmp_load_addr); if (res < 0) return res; @@ -103,6 +104,7 @@ static int splash_load_from_nand(u32 bmp_load_addr) return nand_read_skip_bad(&nand_info[nand_curr_device], splash_screen_nand_offset, &bmp_size, + NULL, nand_info[nand_curr_device].size, (u_char *)bmp_load_addr); splash_address_too_high: diff --git a/common/cmd_nand.c b/common/cmd_nand.c index 32348f377..110c78c18 100644 --- a/common/cmd_nand.c +++ b/common/cmd_nand.c @@ -137,7 +137,8 @@ static inline int str2long(const char *p, ulong *num) return *p != '\0' && *endptr == '\0'; } -static int get_part(const char *partname, int *idx, loff_t *off, loff_t *size) +static int get_part(const char *partname, int *idx, loff_t *off, loff_t *size, + loff_t *maxsize) { #ifdef CONFIG_CMD_MTDPARTS struct mtd_device *dev; @@ -160,6 +161,7 @@ static int get_part(const char *partname, int *idx, loff_t *off, loff_t *size) *off = part->offset; *size = part->size; + *maxsize = part->size; *idx = dev->id->num; ret = set_dev(*idx); @@ -173,10 +175,11 @@ static int get_part(const char *partname, int *idx, loff_t *off, loff_t *size) #endif } -static int arg_off(const char *arg, int *idx, loff_t *off, loff_t *maxsize) +static int arg_off(const char *arg, int *idx, loff_t *off, loff_t *size, + loff_t *maxsize) { if (!str2off(arg, off)) - return get_part(arg, idx, off, maxsize); + return get_part(arg, idx, off, size, maxsize); if (*off >= nand_info[*idx].size) { puts("Offset exceeds device limit\n"); @@ -184,36 +187,35 @@ static int arg_off(const char *arg, int *idx, loff_t *off, loff_t *maxsize) } *maxsize = nand_info[*idx].size - *off; + *size = *maxsize; return 0; } static int arg_off_size(int argc, char *const argv[], int *idx, - loff_t *off, loff_t *size) + loff_t *off, loff_t *size, loff_t *maxsize) { int ret; - loff_t maxsize = 0; if (argc == 0) { *off = 0; *size = nand_info[*idx].size; + *maxsize = *size; goto print; } - ret = arg_off(argv[0], idx, off, &maxsize); + ret = arg_off(argv[0], idx, off, size, maxsize); if (ret) return ret; - if (argc == 1) { - *size = maxsize; + if (argc == 1) goto print; - } if (!str2off(argv[1], size)) { printf("'%s' is not a number\n", argv[1]); return -1; } - if (*size > maxsize) { + if (*size > *maxsize) { puts("Size exceeds partition or device limit\n"); return -1; } @@ -307,7 +309,8 @@ int do_nand_env_oob(cmd_tbl_t *cmdtp, int argc, char *const argv[]) if (argc < 3) goto usage; - if (arg_off(argv[2], &idx, &addr, &maxsize)) { + /* We don't care about size, or maxsize. */ + if (arg_off(argv[2], &idx, &addr, &maxsize, &maxsize)) { puts("Offset or partition name expected\n"); return 1; } @@ -426,7 +429,7 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { int i, ret = 0; ulong addr; - loff_t off, size; + loff_t off, size, maxsize; char *cmd, *s; nand_info_t *nand; #ifdef CONFIG_SYS_NAND_QUIET @@ -551,7 +554,8 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) printf("\nNAND %s: ", cmd); /* skip first two or three arguments, look for offset and size */ - if (arg_off_size(argc - o, argv + o, &dev, &off, &size) != 0) + if (arg_off_size(argc - o, argv + o, &dev, &off, &size, + &maxsize) != 0) return 1; nand = &nand_info[dev]; @@ -619,7 +623,7 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) if (s && !strcmp(s, ".raw")) { raw = 1; - if (arg_off(argv[3], &dev, &off, &size)) + if (arg_off(argv[3], &dev, &off, &size, &maxsize)) return 1; if (argc > 4 && !str2long(argv[4], &pagecount)) { @@ -635,7 +639,7 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) rwsize = pagecount * (nand->writesize + nand->oobsize); } else { if (arg_off_size(argc - 3, argv + 3, &dev, - &off, &size) != 0) + &off, &size, &maxsize) != 0) return 1; rwsize = size; @@ -645,9 +649,11 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) !strcmp(s, ".e") || !strcmp(s, ".i")) { if (read) ret = nand_read_skip_bad(nand, off, &rwsize, + NULL, maxsize, (u_char *)addr); else ret = nand_write_skip_bad(nand, off, &rwsize, + NULL, maxsize, (u_char *)addr, 0); #ifdef CONFIG_CMD_NAND_TRIMFFS } else if (!strcmp(s, ".trimffs")) { @@ -655,8 +661,8 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) printf("Unknown nand command suffix '%s'\n", s); return 1; } - ret = nand_write_skip_bad(nand, off, &rwsize, - (u_char *)addr, + ret = nand_write_skip_bad(nand, off, &rwsize, NULL, + maxsize, (u_char *)addr, WITH_DROP_FFS); #endif #ifdef CONFIG_CMD_NAND_YAFFS @@ -665,8 +671,8 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) printf("Unknown nand command suffix '%s'.\n", s); return 1; } - ret = nand_write_skip_bad(nand, off, &rwsize, - (u_char *)addr, + ret = nand_write_skip_bad(nand, off, &rwsize, NULL, + maxsize, (u_char *)addr, WITH_INLINE_OOB); #endif } else if (!strcmp(s, ".oob")) { @@ -775,7 +781,8 @@ static int do_nand(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) if (s && !strcmp(s, ".allexcept")) allexcept = 1; - if (arg_off_size(argc - 2, argv + 2, &dev, &off, &size) < 0) + if (arg_off_size(argc - 2, argv + 2, &dev, &off, &size, + &maxsize) < 0) return 1; if (!nand_unlock(&nand_info[dev], off, size, allexcept)) { @@ -873,7 +880,8 @@ static int nand_load_image(cmd_tbl_t *cmdtp, nand_info_t *nand, printf("\nLoading from %s, offset 0x%lx\n", nand->name, offset); cnt = nand->writesize; - r = nand_read_skip_bad(nand, offset, &cnt, (u_char *) addr); + r = nand_read_skip_bad(nand, offset, &cnt, NULL, nand->size, + (u_char *)addr); if (r) { puts("** Read error\n"); bootstage_error(BOOTSTAGE_ID_NAND_HDR_READ); @@ -905,7 +913,8 @@ static int nand_load_image(cmd_tbl_t *cmdtp, nand_info_t *nand, } bootstage_mark(BOOTSTAGE_ID_NAND_TYPE); - r = nand_read_skip_bad(nand, offset, &cnt, (u_char *) addr); + r = nand_read_skip_bad(nand, offset, &cnt, NULL, nand->size, + (u_char *)addr); if (r) { puts("** Read error\n"); bootstage_error(BOOTSTAGE_ID_NAND_READ); diff --git a/common/env_nand.c b/common/env_nand.c index 5b69889c0..b745822be 100644 --- a/common/env_nand.c +++ b/common/env_nand.c @@ -281,7 +281,8 @@ int readenv(size_t offset, u_char *buf) } else { char_ptr = &buf[amount_loaded]; if (nand_read_skip_bad(&nand_info[0], offset, - &len, char_ptr)) + &len, NULL, + nand_info[0].size, char_ptr)) return 1; offset += blocksize; diff --git a/drivers/mtd/nand/nand_util.c b/drivers/mtd/nand/nand_util.c index ff2d34830..4727f9c98 100644 --- a/drivers/mtd/nand/nand_util.c +++ b/drivers/mtd/nand/nand_util.c @@ -416,11 +416,13 @@ int nand_unlock(struct mtd_info *mtd, loff_t start, size_t length, * @param nand NAND device * @param offset offset in flash * @param length image length + * @param used length of flash needed for the requested length * @return 0 if the image fits and there are no bad blocks * 1 if the image fits, but there are bad blocks * -1 if the image does not fit */ -static int check_skip_len(nand_info_t *nand, loff_t offset, size_t length) +static int check_skip_len(nand_info_t *nand, loff_t offset, size_t length, + size_t *used) { size_t len_excl_bad = 0; int ret = 0; @@ -442,8 +444,13 @@ static int check_skip_len(nand_info_t *nand, loff_t offset, size_t length) ret = 1; offset += block_len; + *used += block_len; } + /* If the length is not a multiple of block_len, adjust. */ + if (len_excl_bad > length) + *used -= (len_excl_bad - length); + return ret; } @@ -476,23 +483,36 @@ static size_t drop_ffs(const nand_info_t *nand, const u_char *buf, * Write image to NAND flash. * Blocks that are marked bad are skipped and the is written to the next * block instead as long as the image is short enough to fit even after - * skipping the bad blocks. + * skipping the bad blocks. Due to bad blocks we may not be able to + * perform the requested write. In the case where the write would + * extend beyond the end of the NAND device, both length and actual (if + * not NULL) are set to 0. In the case where the write would extend + * beyond the limit we are passed, length is set to 0 and actual is set + * to the required length. * * @param nand NAND device * @param offset offset in flash * @param length buffer length + * @param actual set to size required to write length worth of + * buffer or 0 on error, if not NULL + * @param lim maximum size that actual may be in order to not + * exceed the buffer * @param buffer buffer to read from * @param flags flags modifying the behaviour of the write to NAND * @return 0 in case of success */ int nand_write_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, - u_char *buffer, int flags) + size_t *actual, loff_t lim, u_char *buffer, int flags) { int rval = 0, blocksize; size_t left_to_write = *length; + size_t used_for_write = 0; u_char *p_buffer = buffer; int need_skip; + if (actual) + *actual = 0; + #ifdef CONFIG_CMD_NAND_YAFFS if (flags & WITH_YAFFS_OOB) { if (flags & ~WITH_YAFFS_OOB) @@ -529,13 +549,23 @@ int nand_write_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, return -EINVAL; } - need_skip = check_skip_len(nand, offset, *length); + need_skip = check_skip_len(nand, offset, *length, &used_for_write); + + if (actual) + *actual = used_for_write; + if (need_skip < 0) { printf("Attempt to write outside the flash area\n"); *length = 0; return -EINVAL; } + if (used_for_write > lim) { + puts("Size of write exceeds partition or device limit\n"); + *length = 0; + return -EFBIG; + } + if (!need_skip && !(flags & WITH_DROP_FFS)) { rval = nand_write(nand, offset, length, buffer); if (rval == 0) @@ -626,36 +656,58 @@ int nand_write_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, * * Read image from NAND flash. * Blocks that are marked bad are skipped and the next block is read - * instead as long as the image is short enough to fit even after skipping the - * bad blocks. + * instead as long as the image is short enough to fit even after + * skipping the bad blocks. Due to bad blocks we may not be able to + * perform the requested read. In the case where the read would extend + * beyond the end of the NAND device, both length and actual (if not + * NULL) are set to 0. In the case where the read would extend beyond + * the limit we are passed, length is set to 0 and actual is set to the + * required length. * * @param nand NAND device * @param offset offset in flash * @param length buffer length, on return holds number of read bytes + * @param actual set to size required to read length worth of buffer or 0 + * on error, if not NULL + * @param lim maximum size that actual may be in order to not exceed the + * buffer * @param buffer buffer to write to * @return 0 in case of success */ int nand_read_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, - u_char *buffer) + size_t *actual, loff_t lim, u_char *buffer) { int rval; size_t left_to_read = *length; + size_t used_for_read = 0; u_char *p_buffer = buffer; int need_skip; if ((offset & (nand->writesize - 1)) != 0) { printf("Attempt to read non page-aligned data\n"); *length = 0; + if (actual) + *actual = 0; return -EINVAL; } - need_skip = check_skip_len(nand, offset, *length); + need_skip = check_skip_len(nand, offset, *length, &used_for_read); + + if (actual) + *actual = used_for_read; + if (need_skip < 0) { printf("Attempt to read outside the flash area\n"); *length = 0; return -EINVAL; } + if (used_for_read > lim) { + puts("Size of read exceeds partition or device limit\n"); + *length = 0; + return -EFBIG; + } + if (!need_skip) { rval = nand_read(nand, offset, length, buffer); if (!rval || rval == -EUCLEAN) diff --git a/include/nand.h b/include/nand.h index dded4e27f..f0f3bf94b 100644 --- a/include/nand.h +++ b/include/nand.h @@ -129,7 +129,7 @@ struct nand_erase_options { typedef struct nand_erase_options nand_erase_options_t; int nand_read_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, - u_char *buffer); + size_t *actual, loff_t lim, u_char *buffer); #define WITH_YAFFS_OOB (1 << 0) /* whether write with yaffs format. This flag * is a 'mode' meaning it cannot be mixed with @@ -137,7 +137,7 @@ int nand_read_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, #define WITH_DROP_FFS (1 << 1) /* drop trailing all-0xff pages */ int nand_write_skip_bad(nand_info_t *nand, loff_t offset, size_t *length, - u_char *buffer, int flags); + size_t *actual, loff_t lim, u_char *buffer, int flags); int nand_erase_opts(nand_info_t *meminfo, const nand_erase_options_t *opts); int nand_torture(nand_info_t *nand, loff_t offset); -- cgit v1.2.3-70-g09d2