From: Denis Zalevskiy denis.zalevskiy@ge.com
Bootcount driver should verify size against the maximum available space. New configuration parameter adds this capability and keeps backward compatibility by providing default value.
Signed-off-by: Denis Zalevskiy denis.zalevskiy@ge.com Signed-off-by: Fabien Lahoudere fabien.lahoudere@collabora.com --- drivers/bootcount/Kconfig | 6 ++++++ drivers/bootcount/bootcount_i2c.c | 10 ++++++---- 2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/bootcount/Kconfig b/drivers/bootcount/Kconfig index f67f518..3eccd5b 100644 --- a/drivers/bootcount/Kconfig +++ b/drivers/bootcount/Kconfig @@ -140,4 +140,10 @@ config SYS_BOOTCOUNT_I2C_ADDR depends on BOOTCOUNT_I2C help I2C address of the device used to store bootcounter + +config BOOTCOUNT_I2C_LEN + int "Maximum length of bootcounter in bytes" + default 2 + depends on BOOTCOUNT_I2C + endif diff --git a/drivers/bootcount/bootcount_i2c.c b/drivers/bootcount/bootcount_i2c.c index a1fc219..73c920a 100644 --- a/drivers/bootcount/bootcount_i2c.c +++ b/drivers/bootcount/bootcount_i2c.c @@ -54,14 +54,15 @@ void bootcount_store(ulong a) if (prev_i2c_bus < 0) return;
- unsigned char buf[3]; + unsigned char buf[2]; int ret;
+ BUILD_BUG_ON(sizeof(buf) > CONFIG_BOOTCOUNT_I2C_LEN); buf[0] = BC_MAGIC; buf[1] = (a & 0xff); ret = i2c_write(CONFIG_SYS_BOOTCOUNT_I2C_ADDR, CONFIG_SYS_BOOTCOUNT_ADDR, - CONFIG_BOOTCOUNT_ALEN, buf, 2); + CONFIG_BOOTCOUNT_ALEN, buf, sizeof(buf)); if (ret != 0) puts("Error writing bootcount\n");
@@ -77,12 +78,13 @@ ulong bootcount_load(void) if (prev_i2c_bus < 0) return count;
- unsigned char buf[3]; + unsigned char buf[2]; int ret;
+ BUILD_BUG_ON(sizeof(buf) > CONFIG_BOOTCOUNT_I2C_LEN); ret = i2c_read(CONFIG_SYS_BOOTCOUNT_I2C_ADDR, CONFIG_SYS_BOOTCOUNT_ADDR, - CONFIG_BOOTCOUNT_ALEN, buf, 2); + CONFIG_BOOTCOUNT_ALEN, buf, sizeof(buf)); if (ret != 0) { puts("Error loading bootcount\n"); goto out;