From e8781dcc892d8169e60194ca4b51ecdd5710a88f Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Thu, 2 Jul 2020 19:31:29 +0200 Subject: lib: libfdt: fdt_region: avoid NULL pointer access The function fdt_find_regions look in the exclude list for each property, even if the name is NULL. It could happen if the fit image is corrupted. On sandbox, it generates a segfault. To avoid this issue, if the name of a property is NULL, we report an error and avoid looking in the exclude list. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- common/fdt_region.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'common') diff --git a/common/fdt_region.c b/common/fdt_region.c index 667659054a7..ff12c518e97 100644 --- a/common/fdt_region.c +++ b/common/fdt_region.c @@ -65,6 +65,8 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, stop_at = offset; prop = fdt_get_property_by_offset(fdt, offset, NULL); str = fdt_string(fdt, fdt32_to_cpu(prop->nameoff)); + if (!str) + return -FDT_ERR_BADSTRUCTURE; if (str_in_list(str, exc_prop, exc_prop_count)) include = 0; break; -- cgit v1.2.3 From 8ce8e42e864da5bc5a031a916f6a6ca49e44b268 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Wed, 15 Jul 2020 19:35:47 +0900 Subject: fdt_support: add static to fdt_node_set_part_info() This function is only called from fdt_fixup_mtdpart() in the same file. Signed-off-by: Masahiro Yamada Reviewed-by: Simon Glass --- common/fdt_support.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'common') diff --git a/common/fdt_support.c b/common/fdt_support.c index 3778de53686..b010d0b552a 100644 --- a/common/fdt_support.c +++ b/common/fdt_support.c @@ -816,8 +816,8 @@ static int fdt_del_partitions(void *blob, int parent_offset) return 0; } -int fdt_node_set_part_info(void *blob, int parent_offset, - struct mtd_device *dev) +static int fdt_node_set_part_info(void *blob, int parent_offset, + struct mtd_device *dev) { struct list_head *pentry; struct part_info *part; -- cgit v1.2.3 From 53a896649ac002bd569a6c2007498eb979075abf Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 17 Jul 2020 10:46:18 +0900 Subject: fdt_support: call mtdparts_init() after finding MTD node to fix up Platform code can call fdt_fixup_mtdparts() in order to hand U-Boot's MTD partitions over to the Linux device tree. Currently, fdt_fixup_mtdparts() calls mtdparts_init() in its entry. If no target MTD device is found, an error message like follows is displayed: Device nand0 not found! This occurs when the same code (e.g. arch/arm/mach-uniphier/fdt-fixup.c) is shared among several boards, but not all of them support an MTD device. Parse the DT first, then call mtdparts_init() only when the target MTD node is found. Yet, you still need to call mtdparts_init() before device_find(). Signed-off-by: Masahiro Yamada Reviewed-by: Simon Glass --- common/fdt_support.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'common') diff --git a/common/fdt_support.c b/common/fdt_support.c index b010d0b552a..9c84702b19e 100644 --- a/common/fdt_support.c +++ b/common/fdt_support.c @@ -951,9 +951,7 @@ void fdt_fixup_mtdparts(void *blob, const struct node_info *node_info, struct mtd_device *dev; int i, idx; int noff; - - if (mtdparts_init() != 0) - return; + bool inited = false; for (i = 0; i < node_info_size; i++) { idx = 0; @@ -963,6 +961,13 @@ void fdt_fixup_mtdparts(void *blob, const struct node_info *node_info, debug("%s: %s, mtd dev type %d\n", fdt_get_name(blob, noff, 0), node_info[i].compat, node_info[i].type); + + if (!inited) { + if (mtdparts_init() != 0) + return; + inited = true; + } + dev = device_find(node_info[i].type, idx++); if (dev) { if (fdt_node_set_part_info(blob, noff, dev)) -- cgit v1.2.3 From 7d8073e7cfe0397137b5c13ceda876d4ca7875d6 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 17 Jul 2020 10:46:19 +0900 Subject: fdt_support: skip MTD node with "disabled" in fdt_fixup_mtdparts() Currently, fdt_fixup_mtdparts() only checks the compatible property. It is pointless to fix up the disabled node. Skip the node if it has the property: status = "disabled" Signed-off-by: Masahiro Yamada Reviewed-by: Simon Glass --- common/fdt_support.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'common') diff --git a/common/fdt_support.c b/common/fdt_support.c index 9c84702b19e..a565b470f81 100644 --- a/common/fdt_support.c +++ b/common/fdt_support.c @@ -955,9 +955,16 @@ void fdt_fixup_mtdparts(void *blob, const struct node_info *node_info, for (i = 0; i < node_info_size; i++) { idx = 0; - noff = fdt_node_offset_by_compatible(blob, -1, - node_info[i].compat); - while (noff != -FDT_ERR_NOTFOUND) { + noff = -1; + + while ((noff = fdt_node_offset_by_compatible(blob, noff, + node_info[i].compat)) >= 0) { + const char *prop; + + prop = fdt_getprop(blob, noff, "status", NULL); + if (prop && !strcmp(prop, "disabled")) + continue; + debug("%s: %s, mtd dev type %d\n", fdt_get_name(blob, noff, 0), node_info[i].compat, node_info[i].type); @@ -973,10 +980,6 @@ void fdt_fixup_mtdparts(void *blob, const struct node_info *node_info, if (fdt_node_set_part_info(blob, noff, dev)) return; /* return on error */ } - - /* Jump to next flash node */ - noff = fdt_node_offset_by_compatible(blob, noff, - node_info[i].compat); } } } -- cgit v1.2.3