mirror of
				https://source.denx.de/u-boot/u-boot.git
				synced 2025-10-24 22:11:26 +02:00 
			
		
		
		
	The hush shell dynamically allocates (and re-allocates) memory for the
argument strings in the "char *argv[]" argument vector passed to
commands.  Any code that modifies these pointers will cause serious
corruption of the malloc data structures and crash U-Boot, so make
sure the compiler can check that no such modifications are being done
by changing the code into "char * const argv[]".
This modification is the result of debugging a strange crash caused
after adding a new command, which used the following argument
processing code which has been working perfectly fine in all Unix
systems since version 6 - but not so in U-Boot:
int main (int argc, char **argv)
{
	while (--argc > 0 && **++argv == '-') {
/* ====> */	while (*++*argv) {
			switch (**argv) {
			case 'd':
				debug++;
				break;
			...
			default:
				usage ();
			}
		}
	}
	...
}
The line marked "====>" will corrupt the malloc data structures and
usually cause U-Boot to crash when the next command gets executed by
the shell.  With the modification, the compiler will prevent this with
an
	error: increment of read-only location '*argv'
N.B.: The code above can be trivially rewritten like this:
	while (--argc > 0 && **++argv == '-') {
		char *arg = *argv;
		while (*++arg) {
			switch (*arg) {
			...
Signed-off-by: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
		
	
			
		
			
				
	
	
		
			209 lines
		
	
	
		
			5.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			209 lines
		
	
	
		
			5.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #include <exports.h>
 | |
| 
 | |
| #ifndef GCC_VERSION
 | |
| #define GCC_VERSION (__GNUC__ * 1000 + __GNUC_MINOR__)
 | |
| #endif /* GCC_VERSION */
 | |
| 
 | |
| #if defined(CONFIG_I386)
 | |
| /*
 | |
|  * x86 does not have a dedicated register to store the pointer to
 | |
|  * the global_data. Thus the jump table address is stored in a
 | |
|  * global variable, but such approach does not allow for execution
 | |
|  * from flash memory. The global_data address is passed as argv[-1]
 | |
|  * to the application program.
 | |
|  */
 | |
| static void **jt;
 | |
| gd_t *global_data;
 | |
| 
 | |
| #define EXPORT_FUNC(x) \
 | |
| 	asm volatile (			\
 | |
| "	.globl " #x "\n"		\
 | |
| #x ":\n"				\
 | |
| "	movl	%0, %%eax\n"		\
 | |
| "	movl	jt, %%ecx\n"		\
 | |
| "	jmp	*(%%ecx, %%eax)\n"	\
 | |
| 	: : "i"(XF_ ## x * sizeof(void *)) : "eax", "ecx");
 | |
| #elif defined(CONFIG_PPC)
 | |
| /*
 | |
|  * r2 holds the pointer to the global_data, r11 is a call-clobbered
 | |
|  * register
 | |
|  */
 | |
| #define EXPORT_FUNC(x) \
 | |
| 	asm volatile (			\
 | |
| "	.globl " #x "\n"		\
 | |
| #x ":\n"				\
 | |
| "	lwz	%%r11, %0(%%r2)\n"	\
 | |
| "	lwz	%%r11, %1(%%r11)\n"	\
 | |
| "	mtctr	%%r11\n"		\
 | |
| "	bctr\n"				\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "r11");
 | |
| #elif defined(CONFIG_ARM)
 | |
| /*
 | |
|  * r8 holds the pointer to the global_data, ip is a call-clobbered
 | |
|  * register
 | |
|  */
 | |
| #define EXPORT_FUNC(x) \
 | |
| 	asm volatile (			\
 | |
| "	.globl " #x "\n"		\
 | |
| #x ":\n"				\
 | |
| "	ldr	ip, [r8, %0]\n"		\
 | |
| "	ldr	pc, [ip, %1]\n"		\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "ip");
 | |
| #elif defined(CONFIG_MIPS)
 | |
| /*
 | |
|  * k0 ($26) holds the pointer to the global_data; t9 ($25) is a call-
 | |
|  * clobbered register that is also used to set gp ($26). Note that the
 | |
|  * jr instruction also executes the instruction immediately following
 | |
|  * it; however, GCC/mips generates an additional `nop' after each asm
 | |
|  * statement
 | |
|  */
 | |
| #define EXPORT_FUNC(x) \
 | |
| 	asm volatile (			\
 | |
| "	.globl " #x "\n"		\
 | |
| #x ":\n"				\
 | |
| "	lw	$25, %0($26)\n"		\
 | |
| "	lw	$25, %1($25)\n"		\
 | |
| "	jr	$25\n"			\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "t9");
 | |
| #elif defined(CONFIG_NIOS2)
 | |
| /*
 | |
|  * gp holds the pointer to the global_data, r8 is call-clobbered
 | |
|  */
 | |
| #define EXPORT_FUNC(x) \
 | |
| 	asm volatile (			\
 | |
| "	.globl " #x "\n"		\
 | |
| #x ":\n"				\
 | |
| "	movhi	r8, %%hi(%0)\n"		\
 | |
| "	ori	r8, r0, %%lo(%0)\n"	\
 | |
| "	add	r8, r8, gp\n"		\
 | |
| "	ldw	r8, 0(r8)\n"		\
 | |
| "	ldw	r8, %1(r8)\n"		\
 | |
| "	jmp	r8\n"			\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "gp");
 | |
| #elif defined(CONFIG_M68K)
 | |
| /*
 | |
|  * d7 holds the pointer to the global_data, a0 is a call-clobbered
 | |
|  * register
 | |
|  */
 | |
| #define EXPORT_FUNC(x) \
 | |
| 	asm volatile (			\
 | |
| "	.globl " #x "\n"		\
 | |
| #x ":\n"				\
 | |
| "	move.l	%%d7, %%a0\n"		\
 | |
| "	adda.l	%0, %%a0\n"		\
 | |
| "	move.l	(%%a0), %%a0\n"		\
 | |
| "	adda.l	%1, %%a0\n"		\
 | |
| "	move.l	(%%a0), %%a0\n"		\
 | |
| "	jmp	(%%a0)\n"			\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "a0");
 | |
| #elif defined(CONFIG_MICROBLAZE)
 | |
| /*
 | |
|  * r31 holds the pointer to the global_data. r5 is a call-clobbered.
 | |
|  */
 | |
| #define EXPORT_FUNC(x)				\
 | |
| 	asm volatile (				\
 | |
| "	.globl " #x "\n"			\
 | |
| #x ":\n"					\
 | |
| "	lwi	r5, r31, %0\n"			\
 | |
| "	lwi	r5, r5, %1\n"			\
 | |
| "	bra	r5\n"				\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "r5");
 | |
| #elif defined(CONFIG_BLACKFIN)
 | |
| /*
 | |
|  * P3 holds the pointer to the global_data, P0 is a call-clobbered
 | |
|  * register
 | |
|  */
 | |
| #define EXPORT_FUNC(x)			\
 | |
| 	asm volatile (			\
 | |
| "	.globl _" #x "\n_"		\
 | |
| #x ":\n"				\
 | |
| "	P0 = [P3 + %0]\n"		\
 | |
| "	P0 = [P0 + %1]\n"		\
 | |
| "	JUMP (P0)\n"			\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "P0");
 | |
| #elif defined(CONFIG_AVR32)
 | |
| /*
 | |
|  * r6 holds the pointer to the global_data. r8 is call clobbered.
 | |
|  */
 | |
| #define EXPORT_FUNC(x)					\
 | |
| 	asm volatile(					\
 | |
| 		"	.globl\t" #x "\n"		\
 | |
| 		#x ":\n"				\
 | |
| 		"	ld.w	r8, r6[%0]\n"		\
 | |
| 		"	ld.w	pc, r8[%1]\n"		\
 | |
| 		:					\
 | |
| 		: "i"(offsetof(gd_t, jt)), "i"(XF_ ##x)	\
 | |
| 		: "r8");
 | |
| #elif defined(CONFIG_SH)
 | |
| /*
 | |
|  * r13 holds the pointer to the global_data. r1 is a call clobbered.
 | |
|  */
 | |
| #define EXPORT_FUNC(x)					\
 | |
| 	asm volatile (					\
 | |
| 		"	.align	2\n"			\
 | |
| 		"	.globl " #x "\n"		\
 | |
| 		#x ":\n"				\
 | |
| 		"	mov	r13, r1\n"		\
 | |
| 		"	add	%0, r1\n"		\
 | |
| 		"	mov.l @r1, r2\n"	\
 | |
| 		"	add	%1, r2\n"		\
 | |
| 		"	mov.l @r2, r1\n"	\
 | |
| 		"	jmp	@r1\n"			\
 | |
| 		"	nop\n"				\
 | |
| 		"	nop\n"				\
 | |
| 		: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "r1", "r2");
 | |
| #elif defined(CONFIG_SPARC)
 | |
| /*
 | |
|  * g7 holds the pointer to the global_data. g1 is call clobbered.
 | |
|  */
 | |
| #define EXPORT_FUNC(x)					\
 | |
| 	asm volatile(					\
 | |
| "	.globl\t" #x "\n"				\
 | |
| #x ":\n"						\
 | |
| "	set %0, %%g1\n"					\
 | |
| "	or %%g1, %%g7, %%g1\n"				\
 | |
| "	ld [%%g1], %%g1\n"				\
 | |
| "	ld [%%g1 + %1], %%g1\n"				\
 | |
| "	jmp %%g1\n"					\
 | |
| "	nop\n"						\
 | |
| 	: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "g1" );
 | |
| 
 | |
| #else
 | |
| #error stubs definition missing for this architecture
 | |
| #endif
 | |
| 
 | |
| /* This function is necessary to prevent the compiler from
 | |
|  * generating prologue/epilogue, preparing stack frame etc.
 | |
|  * The stub functions are special, they do not use the stack
 | |
|  * frame passed to them, but pass it intact to the actual
 | |
|  * implementation. On the other hand, asm() statements with
 | |
|  * arguments can be used only inside the functions (gcc limitation)
 | |
|  */
 | |
| #if GCC_VERSION < 3004
 | |
| static
 | |
| #endif /* GCC_VERSION */
 | |
| void __attribute__((unused)) dummy(void)
 | |
| {
 | |
| #include <_exports.h>
 | |
| }
 | |
| 
 | |
| extern unsigned long __bss_start, _end;
 | |
| 
 | |
| void app_startup(char * const *argv)
 | |
| {
 | |
| 	unsigned char * cp = (unsigned char *) &__bss_start;
 | |
| 
 | |
| 	/* Zero out BSS */
 | |
| 	while (cp < (unsigned char *)&_end) {
 | |
| 		*cp++ = 0;
 | |
| 	}
 | |
| 
 | |
| #if defined(CONFIG_I386)
 | |
| 	/* x86 does not have a dedicated register for passing global_data */
 | |
| 	global_data = (gd_t *)argv[-1];
 | |
| 	jt = global_data->jt;
 | |
| #endif
 | |
| }
 | |
| 
 | |
| #undef EXPORT_FUNC
 |