leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "env: fix potential stack overflow in environment functions"

Browse Source 
Wolfgang requested this be reverted and Rob agreed after further
discussion.  This was a symptom of a larger problem we need to deal
with.

This reverts commit 60d7d5a631.

Signed-off-by: Tom Rini <trini@ti.com>
This commit is contained in:
Tom Rini 2013-04-05 14:55:21 -04:00
parent bc5fd908d9
commit cd0f4fa1ca
8 changed files with 63 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
common/env_dataflash.c
View File

@ -30,7 +30,6 @@ DECLARE_GLOBAL_DATA_PTR;
env_t *env_ptr;
char *env_name_spec = "dataflash";
static char env_buf[CONFIG_ENV_SIZE];
uchar env_get_char_spec(int index)
{
@ -43,9 +42,11 @@ uchar env_get_char_spec(int index)
void env_relocate_spec(void)
{
read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, env_buf);
char buf[CONFIG_ENV_SIZE];
env_import(env_buf, 1);
read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, buf);
env_import(buf, 1);
}
#ifdef CONFIG_ENV_OFFSET_REDUND
@ -54,20 +55,20 @@ void env_relocate_spec(void)
int saveenv(void)
{
env_t *env_new = (env_t *)env_buf;
env_t env_new;
ssize_t len;
char *res;
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
return write_dataflash(CONFIG_ENV_ADDR,
(unsigned long)env_new,
(unsigned long)&env_new,
CONFIG_ENV_SIZE);
}

13
common/env_eeprom.c
View File

@ -38,7 +38,6 @@
DECLARE_GLOBAL_DATA_PTR;
env_t *env_ptr;
static char env_buf[CONFIG_ENV_SIZE];
char *env_name_spec = "EEPROM";
int env_eeprom_bus = -1;
@ -112,7 +111,7 @@ uchar env_get_char_spec(int index)
void env_relocate_spec(void)
{
char *buf = env_buf;
char buf[CONFIG_ENV_SIZE];
unsigned int off = CONFIG_ENV_OFFSET;
#ifdef CONFIG_ENV_OFFSET_REDUND
@ -127,7 +126,7 @@ void env_relocate_spec(void)
int saveenv(void)
{
env_t *env_new = (env_t *)env_buf;
env_t env_new;
ssize_t len;
char *res;
int rc;
@ -139,13 +138,13 @@ int saveenv(void)
BUG_ON(env_ptr != NULL);
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
#ifdef CONFIG_ENV_OFFSET_REDUND
if (gd->env_valid == 1) {
@ -153,11 +152,11 @@ int saveenv(void)
off_red = CONFIG_ENV_OFFSET;
}
env_new->flags = ACTIVE_FLAG;
env_new.flags = ACTIVE_FLAG;
#endif
rc = eeprom_bus_write(CONFIG_SYS_DEF_EEPROM_ADDR,
off, (uchar *)env_new, CONFIG_ENV_SIZE);
off, (uchar *)&env_new, CONFIG_ENV_SIZE);
#ifdef CONFIG_ENV_OFFSET_REDUND
if (rc == 0) {

11
common/env_fat.c
View File

@ -37,7 +37,6 @@
char *env_name_spec = "FAT";
env_t *env_ptr;
static char env_buf[CONFIG_ENV_SIZE];
DECLARE_GLOBAL_DATA_PTR;
@ -53,7 +52,7 @@ int env_init(void)
#ifdef CONFIG_CMD_SAVEENV
int saveenv(void)
{
env_t *env_new = env_buf;
env_t env_new;
ssize_t len;
char *res;
block_dev_desc_t *dev_desc = NULL;
@ -61,7 +60,7 @@ int saveenv(void)
int part = FAT_ENV_PART;
int err;
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
@ -96,8 +95,8 @@ int saveenv(void)
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
err = file_fat_write(FAT_ENV_FILE, (void *)env_new, sizeof(env_t));
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
err = file_fat_write(FAT_ENV_FILE, (void *)&env_new, sizeof(env_t));
if (err == -1) {
printf("\n** Unable to write \"%s\" from %s%d:%d **\n",
FAT_ENV_FILE, FAT_ENV_INTERFACE, dev, part);
@ -111,7 +110,7 @@ int saveenv(void)
void env_relocate_spec(void)
{
char *buf = env_buf;
char buf[CONFIG_ENV_SIZE];
block_dev_desc_t *dev_desc = NULL;
int dev = FAT_ENV_DEVICE;
int part = FAT_ENV_PART;

13
common/env_mmc.c
View File

@ -40,8 +40,6 @@ env_t *env_ptr = &environment;
env_t *env_ptr;
#endif /* ENV_IS_EMBEDDED */
DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE);
DECLARE_GLOBAL_DATA_PTR;
#if !defined(CONFIG_ENV_OFFSET)
@ -114,7 +112,7 @@ static inline int write_env(struct mmc *mmc, unsigned long size,
int saveenv(void)
{
env_t *env_new = (env_t *)env_buf;
ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1);
ssize_t len;
char *res;
struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV);
@ -129,7 +127,7 @@ int saveenv(void)
goto fini;
}
res = (char *)env_new->data;
res = (char *)&env_new->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
@ -137,7 +135,7 @@ int saveenv(void)
goto fini;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new->crc = crc32(0, &env_new->data[0], ENV_SIZE);
printf("Writing to MMC(%d)... ", CONFIG_SYS_MMC_ENV_DEV);
if (write_env(mmc, CONFIG_ENV_SIZE, offset, (u_char *)env_new)) {
puts("failed\n");
@ -171,6 +169,7 @@ static inline int read_env(struct mmc *mmc, unsigned long size,
void env_relocate_spec(void)
{
#if !defined(ENV_IS_EMBEDDED)
ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE);
struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV);
u32 offset;
int ret;
@ -185,12 +184,12 @@ void env_relocate_spec(void)
goto fini;
}
if (read_env(mmc, CONFIG_ENV_SIZE, offset, env_buf)) {
if (read_env(mmc, CONFIG_ENV_SIZE, offset, buf)) {
ret = 1;
goto fini;
}
env_import(env_buf, 1);
env_import(buf, 1);
ret = 0;
fini:

23
common/env_nand.c
View File

@ -64,8 +64,6 @@ env_t *env_ptr = (env_t *)CONFIG_NAND_ENV_DST;
env_t *env_ptr;
#endif /* ENV_IS_EMBEDDED */
DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE);
DECLARE_GLOBAL_DATA_PTR;
/*
@ -175,7 +173,7 @@ static unsigned char env_flags;
int saveenv(void)
{
env_t *env_new = (env_t *)env_buf;
env_t env_new;
ssize_t len;
char *res;
int ret = 0;
@ -187,14 +185,14 @@ int saveenv(void)
if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE)
return 1;
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new->flags = ++env_flags; /* increase the serial */
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
env_new.flags = ++env_flags; /* increase the serial */
if (gd->env_valid == 1) {
puts("Erasing redundant NAND...\n");
@ -203,7 +201,7 @@ int saveenv(void)
return 1;
puts("Writing to redundant NAND... ");
ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)env_new);
ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)&env_new);
} else {
puts("Erasing NAND...\n");
nand_erase_options.offset = CONFIG_ENV_OFFSET;
@ -211,7 +209,7 @@ int saveenv(void)
return 1;
puts("Writing to NAND... ");
ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)env_new);
ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)&env_new);
}
if (ret) {
puts("FAILED!\n");
@ -228,7 +226,7 @@ int saveenv(void)
int saveenv(void)
{
int ret = 0;
env_t *env_new = (env_t *)env_buf;
ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1);
ssize_t len;
char *res;
nand_erase_options_t nand_erase_options;
@ -240,7 +238,7 @@ int saveenv(void)
if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE)
return 1;
res = (char *)env_new->data;
res = (char *)&env_new->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
@ -406,6 +404,7 @@ void env_relocate_spec(void)
{
#if !defined(ENV_IS_EMBEDDED)
int ret;
ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE);
#if defined(CONFIG_ENV_OFFSET_OOB)
ret = get_nand_env_oob(&nand_info[0], &nand_env_oob_offset);
@ -421,13 +420,13 @@ void env_relocate_spec(void)
}
#endif
ret = readenv(CONFIG_ENV_OFFSET, (u_char *)env_buf);
ret = readenv(CONFIG_ENV_OFFSET, (u_char *)buf);
if (ret) {
set_default_env("!readenv() failed");
return;
}
env_import(env_buf, 1);
env_import(buf, 1);
#endif /* ! ENV_IS_EMBEDDED */
}
#endif /* CONFIG_ENV_OFFSET_REDUND */

26
common/env_nvram.c
View File

@ -59,10 +59,6 @@ env_t *env_ptr = (env_t *)CONFIG_ENV_ADDR;
char *env_name_spec = "NVRAM";
#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
static char env_buf[CONFIG_ENV_SIZE];
#endif
#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
uchar env_get_char_spec(int index)
{
@ -76,38 +72,36 @@ uchar env_get_char_spec(int index)
void env_relocate_spec(void)
{
char *buf;
char buf[CONFIG_ENV_SIZE];
#if defined(CONFIG_SYS_NVRAM_ACCESS_ROUTINE)
buf = env_buf;
nvram_read(buf, CONFIG_ENV_ADDR, CONFIG_ENV_SIZE);
#else
buf = (void *)CONFIG_ENV_ADDR;
memcpy(buf, (void *)CONFIG_ENV_ADDR, CONFIG_ENV_SIZE);
#endif
env_import(buf, 1);
}
int saveenv(void)
{
#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
env_t *env_new = (env_t *)env_buf;
#else
env_t *env_new = (env_t *)CONFIG_ENV_ADDR;
#endif
env_t env_new;
ssize_t len;
char *res;
int rcode = 0;
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
nvram_write(CONFIG_ENV_ADDR, env_new, CONFIG_ENV_SIZE);
nvram_write(CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE);
#else
if (memcpy((char *)CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE) == NULL)
rcode = 1;
#endif
return rcode;
}
@ -121,7 +115,7 @@ int env_init(void)
{
#if defined(CONFIG_SYS_NVRAM_ACCESS_ROUTINE)
ulong crc;
uchar *data = env_buf;
uchar data[ENV_SIZE];
nvram_read(&crc, CONFIG_ENV_ADDR, sizeof(ulong));
nvram_read(data, CONFIG_ENV_ADDR + sizeof(ulong), ENV_SIZE);

13
common/env_onenand.c
View File

@ -42,8 +42,6 @@ char *env_name_spec = "OneNAND";
#define ONENAND_MAX_ENV_SIZE CONFIG_ENV_SIZE
#define ONENAND_ENV_SIZE(mtd) (ONENAND_MAX_ENV_SIZE - ENV_HEADER_SIZE)
static char env_buf[CONFIG_ENV_SIZE];
DECLARE_GLOBAL_DATA_PTR;
void env_relocate_spec(void)
@ -58,7 +56,8 @@ void env_relocate_spec(void)
char *buf = (char *)&environment;
#else
loff_t env_addr = CONFIG_ENV_ADDR;
char *buf = env_buf;
char onenand_env[ONENAND_MAX_ENV_SIZE];
char *buf = (char *)&onenand_env[0];
#endif /* ENV_IS_EMBEDDED */
#ifndef ENV_IS_EMBEDDED
@ -82,7 +81,7 @@ void env_relocate_spec(void)
int saveenv(void)
{
env_t *env_new = env_buf;
env_t env_new;
ssize_t len;
char *res;
struct mtd_info *mtd = &onenand_mtd;
@ -95,13 +94,13 @@ int saveenv(void)
.callback = NULL,
};
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
instr.len = CONFIG_ENV_SIZE;
#ifdef CONFIG_ENV_ADDR_FLEX
@ -120,7 +119,7 @@ int saveenv(void)
}
if (mtd->write(mtd, env_addr, ONENAND_MAX_ENV_SIZE, &retlen,
(u_char *)env_new)) {
(u_char *)&env_new)) {
printf("OneNAND: write failed at 0x%llx\n", instr.addr);
return 2;
}

23
common/env_sf.c
View File

@ -58,12 +58,11 @@ DECLARE_GLOBAL_DATA_PTR;
char *env_name_spec = "SPI Flash";
static struct spi_flash *env_flash;
static char env_buf[CONFIG_ENV_SIZE];
#if defined(CONFIG_ENV_OFFSET_REDUND)
int saveenv(void)
{
env_t *env_new = (env_t *)env_buf;
env_t env_new;
ssize_t len;
char *res, *saved_buffer = NULL, flag = OBSOLETE_FLAG;
u32 saved_size, saved_offset, sector = 1;
@ -79,14 +78,14 @@ int saveenv(void)
}
}
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new->flags = ACTIVE_FLAG;
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
env_new.flags = ACTIVE_FLAG;
if (gd->env_valid == 1) {
env_new_offset = CONFIG_ENV_OFFSET_REDUND;
@ -126,7 +125,7 @@ int saveenv(void)
puts("Writing to SPI flash...");
ret = spi_flash_write(env_flash, env_new_offset,
CONFIG_ENV_SIZE, env_new);
CONFIG_ENV_SIZE, &env_new);
if (ret)
goto done;
@ -138,7 +137,7 @@ int saveenv(void)
}
ret = spi_flash_write(env_flash, env_offset + offsetof(env_t, flags),
sizeof(env_new->flags), &flag);
sizeof(env_new.flags), &flag);
if (ret)
goto done;
@ -244,7 +243,7 @@ int saveenv(void)
u32 saved_size, saved_offset, sector = 1;
char *res, *saved_buffer = NULL;
int ret = 1;
env_t *env_new = (env_t *)env_buf;
env_t env_new;
ssize_t len;
if (!env_flash) {
@ -277,13 +276,13 @@ int saveenv(void)
sector++;
}
res = (char *)env_new->data;
res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
goto done;
}
env_new->crc = crc32(0, env_new->data, ENV_SIZE);
env_new.crc = crc32(0, env_new.data, ENV_SIZE);
puts("Erasing SPI flash...");
ret = spi_flash_erase(env_flash, CONFIG_ENV_OFFSET,
@ -293,7 +292,7 @@ int saveenv(void)
puts("Writing to SPI flash...");
ret = spi_flash_write(env_flash, CONFIG_ENV_OFFSET,
CONFIG_ENV_SIZE, env_new);
CONFIG_ENV_SIZE, &env_new);
if (ret)
goto done;
@ -316,7 +315,7 @@ int saveenv(void)
void env_relocate_spec(void)
{
char *buf = env_buf;
char buf[CONFIG_ENV_SIZE];
int ret;
env_flash = spi_flash_probe(CONFIG_ENV_SPI_BUS, CONFIG_ENV_SPI_CS,