u-boot.git/cmd/i2c.c, branch v2022.07 Unnamed repository; edit this file 'description' to name the repository. i2c: fix stack buffer overflow vulnerability in i2c md command 2022-06-28T19:51:56+00:00 Nicolas Iooss nicolas.iooss+uboot@ledger.fr 2022-06-10T14:50:25+00:00 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 When running "i2c md 0 0 80000100", the function do_i2c_md parses the length into an unsigned int variable named length. The value is then moved to a signed variable: int nbytes = length; #define DISP_LINE_LEN 16 int linebytes = (nbytes > DISP_LINE_LEN) ? DISP_LINE_LEN : nbytes; ret = dm_i2c_read(dev, addr, linebuf, linebytes); On systems where integers are 32 bits wide, 0x80000100 is a negative value to "nbytes > DISP_LINE_LEN" is false and linebytes gets assigned 0x80000100 instead of 16. The consequence is that the function which reads from the i2c device (dm_i2c_read or i2c_read) is called with a 16-byte stack buffer to fill but with a size parameter which is too large. In some cases, this could trigger a crash. But with some i2c drivers, such as drivers/i2c/nx_i2c.c (used with "nexell,s5pxx18-i2c" bus), the size is actually truncated to a 16-bit integer. This is because function i2c_transfer expects an unsigned short length. In such a case, an attacker who can control the response of an i2c device can overwrite the return address of a function and execute arbitrary code through Return-Oriented Programming. Fix this issue by using unsigned integers types in do_i2c_md. While at it, make also alen unsigned, as signed sizes can cause vulnerabilities when people forgot to check that they can be negative. Signed-off-by: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Reviewed-by: Heiko Schocher <hs@denx.de> 
When running "i2c md 0 0 80000100", the function do_i2c_md parses the
length into an unsigned int variable named length. The value is then
moved to a signed variable:

    int nbytes = length;
    #define DISP_LINE_LEN 16
    int linebytes = (nbytes > DISP_LINE_LEN) ? DISP_LINE_LEN : nbytes;
    ret = dm_i2c_read(dev, addr, linebuf, linebytes);

On systems where integers are 32 bits wide, 0x80000100 is a negative
value to "nbytes > DISP_LINE_LEN" is false and linebytes gets assigned
0x80000100 instead of 16.

The consequence is that the function which reads from the i2c device
(dm_i2c_read or i2c_read) is called with a 16-byte stack buffer to fill
but with a size parameter which is too large. In some cases, this could
trigger a crash. But with some i2c drivers, such as drivers/i2c/nx_i2c.c
(used with "nexell,s5pxx18-i2c" bus), the size is actually truncated to
a 16-bit integer. This is because function i2c_transfer expects an
unsigned short length. In such a case, an attacker who can control the
response of an i2c device can overwrite the return address of a function
and execute arbitrary code through Return-Oriented Programming.

Fix this issue by using unsigned integers types in do_i2c_md. While at
it, make also alen unsigned, as signed sizes can cause vulnerabilities
when people forgot to check that they can be negative.

Signed-off-by: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Reviewed-by: Heiko Schocher <hs@denx.de>
cmd/i2c.c: Remove unused legacy code 2021-08-30T18:10:07+00:00 Tom Rini trini@konsulko.com 2021-08-19T03:12:31+00:00 1edef7693b576f7ab208a697bb01f033b68041fb There are no longer any cases where we are neither SYS_I2C_LEGACY nor DM_I2C. Remove these code paths. Signed-off-by: Tom Rini <trini@konsulko.com> 
There are no longer any cases where we are neither SYS_I2C_LEGACY nor
DM_I2C.  Remove these code paths.

Signed-off-by: Tom Rini <trini@konsulko.com>
Convert CONFIG_SYS_I2C_LEGACY to Kconfig and add CONFIG_[ST]PL_SYS_I2C_LEGACY 2021-08-30T18:10:07+00:00 Tom Rini trini@konsulko.com 2021-08-19T03:12:24+00:00 55dabcc8f24598e2777f663de09ab55fbe1269da First, we convert CONFIG_SYS_I2C_LEGACY to Kconfig. Next, as you cannot have SYS_I2C_LEGACY and DM_I2C at the same time, introduce CONFIG_SPL_SYS_I2C_LEGACY so that we can enable the legacy option only in SPL. Finally, for some PowerPC cases we also need CONFIG_TPL_SYS_I2C_LEGACY support. Convert all of the existing users to one or more symbols. Signed-off-by: Tom Rini <trini@konsulko.com> 
First, we convert CONFIG_SYS_I2C_LEGACY to Kconfig.  Next, as you cannot
have SYS_I2C_LEGACY and DM_I2C at the same time, introduce
CONFIG_SPL_SYS_I2C_LEGACY so that we can enable the legacy option only
in SPL.  Finally, for some PowerPC cases we also need
CONFIG_TPL_SYS_I2C_LEGACY support.  Convert all of the existing users to
one or more symbols.

Signed-off-by: Tom Rini <trini@konsulko.com>
Convert CONFIG_SYS_I2C_EEPROM_ADDR et al to Kconfig 2021-08-30T18:10:06+00:00 Tom Rini trini@konsulko.com 2021-08-17T21:59:45+00:00 88cd7d0ea961ca11b1eeaaea8b7811573b103abb - Rename usages of CONFIG_SYS_DEF_EEPROM_ADDR to CONFIG_SYS_I2C_EEPROM_ADDR based on current usage. - Convert CONFIG_SYS_I2C_EEPROM_ADDR, CONFIG_SYS_I2C_EEPROM_ADDR_LEN, CONFIG_SYS_I2C_EEPROM_BUS, CONFIG_CONFIG_SYS_EEPROM_SIZE CONFIG_SYS_EEPROM_PAGE_WRITE_BITS and CONFIG_SYS_EEPROM_PAGE_WRITE_DELAY_MS to Kconfig. We move these symbols around a bit and add appropriate dependencies to them. In some cases, we now add a correct default value as well. Signed-off-by: Tom Rini <trini@konsulko.com> 
- Rename usages of CONFIG_SYS_DEF_EEPROM_ADDR to CONFIG_SYS_I2C_EEPROM_ADDR
  based on current usage.
- Convert CONFIG_SYS_I2C_EEPROM_ADDR, CONFIG_SYS_I2C_EEPROM_ADDR_LEN,
  CONFIG_SYS_I2C_EEPROM_BUS, CONFIG_CONFIG_SYS_EEPROM_SIZE
  CONFIG_SYS_EEPROM_PAGE_WRITE_BITS and CONFIG_SYS_EEPROM_PAGE_WRITE_DELAY_MS
  to Kconfig.  We move these symbols around a bit and add appropriate
  dependencies to them.  In some cases, we now add a correct default value
  as well.

Signed-off-by: Tom Rini <trini@konsulko.com>
global: Convert simple_strtoul() with decimal to dectoul() 2021-08-02T17:32:14+00:00 Simon Glass sjg@chromium.org 2021-07-24T15:03:30+00:00 0b1284eb52578e15ec611adc5fee1a9ae68dadea It is a pain to have to specify the value 10 in each call. Add a new dectoul() function and update the code to use it. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.

Signed-off-by: Simon Glass <sjg@chromium.org>
global: Convert simple_strtoul() with hex to hextoul() 2021-08-02T17:32:14+00:00 Simon Glass sjg@chromium.org 2021-07-24T15:03:29+00:00 7e5f460ec457fe310156e399198a41eb0ce1e98c It is a pain to have to specify the value 16 in each call. Add a new hextoul() function and update the code to use it. Add a proper comment to simple_strtoul() while we are here. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
i2c: Rename CONFIG_SYS_I2C to CONFIG_SYS_I2C_LEGACY 2021-07-28T18:29:37+00:00 Simon Glass sjg@chromium.org 2021-07-11T03:14:32+00:00 69d9eda4da13ecabb8002fce0dded4bba3bff9f9 It is quite confusing that CONFIG_SYS_I2C selects the legacy I2C and CONFIG_DM_I2C selects the current I2C. The deadline to migrate I2C is less than a year away. Also we want to have a CONFIG_I2C for U-Boot proper just like we have CONFIG_SPL_I2C for SPL, so we can simplify the Makefile rules. Rename this symbol so it is clear it is going away. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de> 
It is quite confusing that CONFIG_SYS_I2C selects the legacy I2C and
CONFIG_DM_I2C selects the current I2C. The deadline to migrate I2C is less
than a year away.

Also we want to have a CONFIG_I2C for U-Boot proper just like we have
CONFIG_SPL_I2C for SPL, so we can simplify the Makefile rules.

Rename this symbol so it is clear it is going away.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
dm: i2c: use CONFIG_IS_ENABLED macro for DM_I2C/DM_I2C_GPIO 2021-02-21T05:08:00+00:00 Igor Opaniuk igor.opaniuk@foundries.io 2021-02-09T11:52:45+00:00 2147a16983d17bcb0438607aa7760494afc27014 Use CONFIG_IS_ENABLED() macro, which provides more convenient way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs for both SPL and U-Boot proper. CONFIG_IS_ENABLED(DM_I2C) expands to: - 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y', - 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y', - 0 otherwise. All occurences were replaced automatically using these bash cmds: $ find . -type f -exec sed -i 's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} + $ find . -type f -exec sed -i 's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} + $ find . -type f -exec sed -i 's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} + $ find . -type f -exec sed -i 's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} + $ find . -type f -exec sed -i 's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} + $ find . -type f -exec sed -i 's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} + Reviewed-by: Heiko Schocher <hs@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> 
Use CONFIG_IS_ENABLED() macro, which provides more convenient
way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs
for both SPL and U-Boot proper.

CONFIG_IS_ENABLED(DM_I2C) expands to:
- 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y',
- 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y',
- 0 otherwise.

All occurences were replaced automatically using these bash cmds:
$ find . -type f -exec sed -i
     's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
    's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
    's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
    's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
    's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
    's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +

Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
cmd: Drop use of old sequence numbers in commands 2020-12-19T03:32:21+00:00 Simon Glass sjg@chromium.org 2020-12-17T04:20:31+00:00 36c03d183041e57714a909f6d020ac10ef279e3b Several commands use sequence numbers. Update them to use the new ones. Signed-off-by: Simon Glass <sjg@chromium.org> 
Several commands use sequence numbers. Update them to use the new ones.

Signed-off-by: Simon Glass <sjg@chromium.org>
dm: Avoid accessing seq directly 2020-12-19T03:32:21+00:00 Simon Glass sjg@chromium.org 2020-12-17T04:20:07+00:00 8b85dfc675f12de8d04126c07f3c796965b990c2 At present various drivers etc. access the device's 'seq' member directly. This makes it harder to change the meaning of that member. Change access to go through a function instead. The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now. Signed-off-by: Simon Glass <sjg@chromium.org> 
At present various drivers etc. access the device's 'seq' member directly.
This makes it harder to change the meaning of that member. Change access
to go through a function instead.

The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now.

Signed-off-by: Simon Glass <sjg@chromium.org>