[U-Boot] [PATCH] drivers: dfu: ram: fix a crash with dfu ram with invalid dfu_alt_info env
U-Boot crashes when an invalid dfu_alt_info is set and tried using dfu command. Fixing this as it is handled in dfu-mmc.
=> dfu 0 ram 0 data abort pc : [<9ff893d6>] lr : [<9ff6edb9>] reloc pc : [<808323d6>] lr : [<80817db9>] sp : 9ef36cf0 ip : 00000158 fp : 9ffbc0b8 r10: 9ffbc0b8 r9 : 9ef36ed8 r8 : 00000000 r7 : 00000000 r6 : 9ffbc0c8 r5 : 9ef36cfc r4 : 9ef392c8 r3 : 00000004 r2 : 00000000 r1 : 9ff9a985 r0 : ffffffff Flags: Nzcv IRQs off FIQs on Mode SVC_32 Resetting CPU ...
resetting ...
Signed-off-by: Mugunthan V N mugunthanvnm@ti.com ---
Verified this on AM335x BBB, added logs [1] without fix and with fix
[1]: http://pastebin.ubuntu.com/15978003/
--- drivers/dfu/dfu_ram.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/dfu/dfu_ram.c b/drivers/dfu/dfu_ram.c index e094a94..1391a0d 100644 --- a/drivers/dfu/dfu_ram.c +++ b/drivers/dfu/dfu_ram.c @@ -54,19 +54,26 @@ static int dfu_read_medium_ram(struct dfu_entity *dfu, u64 offset,
int dfu_fill_entity_ram(struct dfu_entity *dfu, char *devstr, char *s) { - char *st; + const char *argv[3]; + const char **parg = argv; + + for (; parg < argv + sizeof(argv) / sizeof(*argv); ++parg) { + *parg = strsep(&s, " "); + if (*parg == NULL) { + error("Invalid number of arguments.\n"); + return -ENODEV; + } + }
dfu->dev_type = DFU_DEV_RAM; - st = strsep(&s, " "); - if (strcmp(st, "ram")) { - error("unsupported device: %s\n", st); + if (strcmp(argv[0], "ram")) { + error("unsupported device: %s\n", argv[0]); return -ENODEV; }
dfu->layout = DFU_RAM_ADDR; - dfu->data.ram.start = (void *)simple_strtoul(s, &s, 16); - s++; - dfu->data.ram.size = simple_strtoul(s, &s, 16); + dfu->data.ram.start = (void *)simple_strtoul(argv[1], NULL, 0); + dfu->data.ram.size = simple_strtoul(argv[2], NULL, 0);
dfu->write_medium = dfu_write_medium_ram; dfu->get_medium_size = dfu_get_medium_size_ram;
Hi Mugunthan,
U-Boot crashes when an invalid dfu_alt_info is set and tried using dfu command. Fixing this as it is handled in dfu-mmc.
=> dfu 0 ram 0 data abort pc : [<9ff893d6>] lr : [<9ff6edb9>] reloc pc : [<808323d6>] lr : [<80817db9>] sp : 9ef36cf0 ip : 00000158 fp : 9ffbc0b8 r10: 9ffbc0b8 r9 : 9ef36ed8 r8 : 00000000 r7 : 00000000 r6 : 9ffbc0c8 r5 : 9ef36cfc r4 : 9ef392c8 r3 : 00000004 r2 : 00000000 r1 : 9ff9a985 r0 : ffffffff Flags: Nzcv IRQs off FIQs on Mode SVC_32 Resetting CPU ...
resetting ...
Signed-off-by: Mugunthan V N mugunthanvnm@ti.com
Verified this on AM335x BBB, added logs [1] without fix and with fix
drivers/dfu/dfu_ram.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/dfu/dfu_ram.c b/drivers/dfu/dfu_ram.c index e094a94..1391a0d 100644 --- a/drivers/dfu/dfu_ram.c +++ b/drivers/dfu/dfu_ram.c @@ -54,19 +54,26 @@ static int dfu_read_medium_ram(struct dfu_entity *dfu, u64 offset, int dfu_fill_entity_ram(struct dfu_entity *dfu, char *devstr, char *s) {
- char *st;
const char *argv[3];
const char **parg = argv;
for (; parg < argv + sizeof(argv) / sizeof(*argv); ++parg) {
*parg = strsep(&s, " ");if (*parg == NULL) {error("Invalid number of arguments.\n");return -ENODEV;}}
dfu->dev_type = DFU_DEV_RAM;
- st = strsep(&s, " ");
- if (strcmp(st, "ram")) {
error("unsupported device: %s\n", st);
if (strcmp(argv[0], "ram")) {
error("unsupported device: %s\n", argv[0]);return -ENODEV; }
dfu->layout = DFU_RAM_ADDR;
- dfu->data.ram.start = (void *)simple_strtoul(s, &s, 16);
- s++;
- dfu->data.ram.size = simple_strtoul(s, &s, 16);
- dfu->data.ram.start = (void *)simple_strtoul(argv[1], NULL,
0);
dfu->data.ram.size = simple_strtoul(argv[2], NULL, 0);
dfu->write_medium = dfu_write_medium_ram; dfu->get_medium_size = dfu_get_medium_size_ram;
Acked-by: Lukasz Majewski l.majewski@samsung.com
Build tested with buildman: ./tools/buildman/buildman.py --branch=HEAD ti --detail --verbose --show_errors --force-build --count=9 --output-dir=./BUILD/
On Fri, Apr 22, 2016 at 02:19:25PM +0530, Mugunthan V N wrote:
U-Boot crashes when an invalid dfu_alt_info is set and tried using dfu command. Fixing this as it is handled in dfu-mmc.
=> dfu 0 ram 0 data abort pc : [<9ff893d6>] lr : [<9ff6edb9>] reloc pc : [<808323d6>] lr : [<80817db9>] sp : 9ef36cf0 ip : 00000158 fp : 9ffbc0b8 r10: 9ffbc0b8 r9 : 9ef36ed8 r8 : 00000000 r7 : 00000000 r6 : 9ffbc0c8 r5 : 9ef36cfc r4 : 9ef392c8 r3 : 00000004 r2 : 00000000 r1 : 9ff9a985 r0 : ffffffff Flags: Nzcv IRQs off FIQs on Mode SVC_32 Resetting CPU ...
resetting ...
Signed-off-by: Mugunthan V N mugunthanvnm@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
participants (3)
-
Lukasz Majewski -
Mugunthan V N -
Tom Rini