On Thu, Aug 01, 2019 at 01:13:59PM -0600, Simon Glass wrote:
> This core file provides checks for the header and for traversal of the
> device tree. Allow these checks to be disabled to reduce code size.
>
> Signed-off-by: Simon Glass <sjg@xxxxxxxxxxxx>
Fwiw, these would probably have been easier to review if split up by
check flag, rather than split by file. But I realize it's probably a
big pain to reorganize that way, so I won't insist on it.
> ---
>
> Changes in v2:
> - Correct inverted version checks in a few cases
> - Update to use new check functions
>
> libfdt/fdt.c | 91 ++++++++++++++++++++++++++++++----------------------
> 1 file changed, 53 insertions(+), 38 deletions(-)
>
> diff --git a/libfdt/fdt.c b/libfdt/fdt.c
> index d6ce7c0..805dc89 100644
> --- a/libfdt/fdt.c
> +++ b/libfdt/fdt.c
> @@ -21,10 +21,13 @@ int32_t fdt_ro_probe_(const void *fdt)
>
> if (fdt_magic(fdt) == FDT_MAGIC) {
> /* Complete tree */
> - if (fdt_version(fdt) < FDT_FIRST_SUPPORTED_VERSION)
> - return -FDT_ERR_BADVERSION;
> - if (fdt_last_comp_version(fdt) > FDT_LAST_SUPPORTED_VERSION)
> - return -FDT_ERR_BADVERSION;
> + if (fdt_chk_version()) {
> + if (fdt_version(fdt) < FDT_FIRST_SUPPORTED_VERSION)
> + return -FDT_ERR_BADVERSION;
> + if (fdt_last_comp_version(fdt) >
> + FDT_LAST_SUPPORTED_VERSION)
> + return -FDT_ERR_BADVERSION;
> + }
> } else if (fdt_magic(fdt) == FDT_SW_MAGIC) {
> /* Unfinished sequential-write blob */
> if (fdt_size_dt_struct(fdt) == 0)
> @@ -76,38 +79,47 @@ int fdt_check_header(const void *fdt)
>
> if (fdt_magic(fdt) != FDT_MAGIC)
> return -FDT_ERR_BADMAGIC;
> - hdrsize = fdt_header_size(fdt);
> - if ((fdt_version(fdt) < FDT_FIRST_SUPPORTED_VERSION)
> - || (fdt_last_comp_version(fdt) > FDT_LAST_SUPPORTED_VERSION))
> - return -FDT_ERR_BADVERSION;
> - if (fdt_version(fdt) < fdt_last_comp_version(fdt))
> - return -FDT_ERR_BADVERSION;
> -
> - if ((fdt_totalsize(fdt) < hdrsize)
> - || (fdt_totalsize(fdt) > INT_MAX))
> - return -FDT_ERR_TRUNCATED;
> + if (fdt_chk_version()) {
> + if ((fdt_version(fdt) < FDT_FIRST_SUPPORTED_VERSION)
> + || (fdt_last_comp_version(fdt) >
> + FDT_LAST_SUPPORTED_VERSION))
> + return -FDT_ERR_BADVERSION;
> + if (fdt_version(fdt) < fdt_last_comp_version(fdt))
> + return -FDT_ERR_BADVERSION;
> + }
> + if (fdt_chk_basic()) {
> + hdrsize = fdt_header_size(fdt);
>
> - /* Bounds check memrsv block */
> - if (!check_off_(hdrsize, fdt_totalsize(fdt), fdt_off_mem_rsvmap(fdt)))
> - return -FDT_ERR_TRUNCATED;
> + if ((fdt_totalsize(fdt) < hdrsize)
> + || (fdt_totalsize(fdt) > INT_MAX))
> + return -FDT_ERR_TRUNCATED;
>
> - /* Bounds check structure block */
> - if (fdt_version(fdt) < 17) {
> + /* Bounds check memrsv block */
> if (!check_off_(hdrsize, fdt_totalsize(fdt),
> - fdt_off_dt_struct(fdt)))
> + fdt_off_mem_rsvmap(fdt)))
> return -FDT_ERR_TRUNCATED;
> - } else {
> + }
> +
> + if (fdt_chk_extra()) {
> + /* Bounds check structure block */
> + if (fdt_chk_version() && fdt_version(fdt) < 17) {
> + if (!check_off_(hdrsize, fdt_totalsize(fdt),
> + fdt_off_dt_struct(fdt)))
> + return -FDT_ERR_TRUNCATED;
> + } else {
> + if (!check_block_(hdrsize, fdt_totalsize(fdt),
> + fdt_off_dt_struct(fdt),
> + fdt_size_dt_struct(fdt)))
> + return -FDT_ERR_TRUNCATED;
> + }
> +
> + /* Bounds check strings block */
> if (!check_block_(hdrsize, fdt_totalsize(fdt),
> - fdt_off_dt_struct(fdt),
> - fdt_size_dt_struct(fdt)))
> + fdt_off_dt_strings(fdt),
> + fdt_size_dt_strings(fdt)))
> return -FDT_ERR_TRUNCATED;
> }
>
> - /* Bounds check strings block */
> - if (!check_block_(hdrsize, fdt_totalsize(fdt),
> - fdt_off_dt_strings(fdt), fdt_size_dt_strings(fdt)))
> - return -FDT_ERR_TRUNCATED;
> -
> return 0;
> }
>
> @@ -115,12 +127,13 @@ const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len)
> {
> unsigned absoffset = offset + fdt_off_dt_struct(fdt);
>
> - if ((absoffset < offset)
> - || ((absoffset + len) < absoffset)
> - || (absoffset + len) > fdt_totalsize(fdt))
> - return NULL;
> + if (fdt_chk_basic())
> + if ((absoffset < offset)
> + || ((absoffset + len) < absoffset)
> + || (absoffset + len) > fdt_totalsize(fdt))
> + return NULL;
>
> - if (fdt_version(fdt) >= 0x11)
> + if (!fdt_chk_version() || fdt_version(fdt) >= 0x11)
> if (((offset + len) < offset)
> || ((offset + len) > fdt_size_dt_struct(fdt)))
> return NULL;
> @@ -137,7 +150,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
>
> *nextoffset = -FDT_ERR_TRUNCATED;
> tagp = fdt_offset_ptr(fdt, offset, FDT_TAGSIZE);
> - if (!tagp)
> + if (fdt_chk_basic() && !tagp)
> return FDT_END; /* premature end */
> tag = fdt32_to_cpu(*tagp);
> offset += FDT_TAGSIZE;
> @@ -149,18 +162,19 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
> do {
> p = fdt_offset_ptr(fdt, offset++, 1);
> } while (p && (*p != '\0'));
> - if (!p)
> + if (fdt_chk_basic() && !p)
> return FDT_END; /* premature end */
> break;
>
> case FDT_PROP:
> lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp));
> - if (!lenp)
> + if (fdt_chk_basic() && !lenp)
> return FDT_END; /* premature end */
> /* skip-name offset, length and value */
> offset += sizeof(struct fdt_property) - FDT_TAGSIZE
> + fdt32_to_cpu(*lenp);
> - if (fdt_version(fdt) < 0x10 && fdt32_to_cpu(*lenp) >= 8 &&
> + if (fdt_chk_version() &&
> + fdt_version(fdt) < 0x10 && fdt32_to_cpu(*lenp) >= 8 &&
> ((offset - fdt32_to_cpu(*lenp)) % 8) != 0)
> offset += 4;
> break;
> @@ -174,7 +188,8 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
> return FDT_END;
> }
>
> - if (!fdt_offset_ptr(fdt, startoffset, offset - startoffset))
> + if (fdt_chk_basic() &&
> + !fdt_offset_ptr(fdt, startoffset, offset - startoffset))
> return FDT_END; /* premature end */
>
> *nextoffset = FDT_TAGALIGN(offset);
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
