Revert "env: fix potential stack overflow in environment functions"
Wolfgang requested this be reverted and Rob agreed after further
discussion. This was a symptom of a larger problem we need to deal
with.
This reverts commit 60d7d5a63189c9f77a190c9965861dc15482c2d0.
Signed-off-by: Tom Rini <trini@ti.com>
diff --git a/common/env_dataflash.c b/common/env_dataflash.c
index 0591b99..38c9615 100644
--- a/common/env_dataflash.c
+++ b/common/env_dataflash.c
@@ -30,7 +30,6 @@
env_t *env_ptr;
char *env_name_spec = "dataflash";
-static char env_buf[CONFIG_ENV_SIZE];
uchar env_get_char_spec(int index)
{
@@ -43,9 +42,11 @@
void env_relocate_spec(void)
{
- read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, env_buf);
+ char buf[CONFIG_ENV_SIZE];
- env_import(env_buf, 1);
+ read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, buf);
+
+ env_import(buf, 1);
}
#ifdef CONFIG_ENV_OFFSET_REDUND
@@ -54,20 +55,20 @@
int saveenv(void)
{
- env_t *env_new = (env_t *)env_buf;
+ env_t env_new;
ssize_t len;
char *res;
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
return write_dataflash(CONFIG_ENV_ADDR,
- (unsigned long)env_new,
+ (unsigned long)&env_new,
CONFIG_ENV_SIZE);
}
diff --git a/common/env_eeprom.c b/common/env_eeprom.c
index b136f04..45c935b 100644
--- a/common/env_eeprom.c
+++ b/common/env_eeprom.c
@@ -38,7 +38,6 @@
DECLARE_GLOBAL_DATA_PTR;
env_t *env_ptr;
-static char env_buf[CONFIG_ENV_SIZE];
char *env_name_spec = "EEPROM";
int env_eeprom_bus = -1;
@@ -112,7 +111,7 @@
void env_relocate_spec(void)
{
- char *buf = env_buf;
+ char buf[CONFIG_ENV_SIZE];
unsigned int off = CONFIG_ENV_OFFSET;
#ifdef CONFIG_ENV_OFFSET_REDUND
@@ -127,7 +126,7 @@
int saveenv(void)
{
- env_t *env_new = (env_t *)env_buf;
+ env_t env_new;
ssize_t len;
char *res;
int rc;
@@ -139,13 +138,13 @@
BUG_ON(env_ptr != NULL);
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
#ifdef CONFIG_ENV_OFFSET_REDUND
if (gd->env_valid == 1) {
@@ -153,11 +152,11 @@
off_red = CONFIG_ENV_OFFSET;
}
- env_new->flags = ACTIVE_FLAG;
+ env_new.flags = ACTIVE_FLAG;
#endif
rc = eeprom_bus_write(CONFIG_SYS_DEF_EEPROM_ADDR,
- off, (uchar *)env_new, CONFIG_ENV_SIZE);
+ off, (uchar *)&env_new, CONFIG_ENV_SIZE);
#ifdef CONFIG_ENV_OFFSET_REDUND
if (rc == 0) {
diff --git a/common/env_fat.c b/common/env_fat.c
index dd7139d..c0f18ab 100644
--- a/common/env_fat.c
+++ b/common/env_fat.c
@@ -37,7 +37,6 @@
char *env_name_spec = "FAT";
env_t *env_ptr;
-static char env_buf[CONFIG_ENV_SIZE];
DECLARE_GLOBAL_DATA_PTR;
@@ -53,7 +52,7 @@
#ifdef CONFIG_CMD_SAVEENV
int saveenv(void)
{
- env_t *env_new = env_buf;
+ env_t env_new;
ssize_t len;
char *res;
block_dev_desc_t *dev_desc = NULL;
@@ -61,7 +60,7 @@
int part = FAT_ENV_PART;
int err;
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
@@ -96,8 +95,8 @@
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
- err = file_fat_write(FAT_ENV_FILE, (void *)env_new, sizeof(env_t));
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
+ err = file_fat_write(FAT_ENV_FILE, (void *)&env_new, sizeof(env_t));
if (err == -1) {
printf("\n** Unable to write \"%s\" from %s%d:%d **\n",
FAT_ENV_FILE, FAT_ENV_INTERFACE, dev, part);
@@ -111,7 +110,7 @@
void env_relocate_spec(void)
{
- char *buf = env_buf;
+ char buf[CONFIG_ENV_SIZE];
block_dev_desc_t *dev_desc = NULL;
int dev = FAT_ENV_DEVICE;
int part = FAT_ENV_PART;
diff --git a/common/env_mmc.c b/common/env_mmc.c
index f568013..02bd5ae 100644
--- a/common/env_mmc.c
+++ b/common/env_mmc.c
@@ -40,8 +40,6 @@
env_t *env_ptr;
#endif /* ENV_IS_EMBEDDED */
-DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE);
-
DECLARE_GLOBAL_DATA_PTR;
#if !defined(CONFIG_ENV_OFFSET)
@@ -114,7 +112,7 @@
int saveenv(void)
{
- env_t *env_new = (env_t *)env_buf;
+ ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1);
ssize_t len;
char *res;
struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV);
@@ -129,7 +127,7 @@
goto fini;
}
- res = (char *)env_new->data;
+ res = (char *)&env_new->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
@@ -137,7 +135,7 @@
goto fini;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new->crc = crc32(0, &env_new->data[0], ENV_SIZE);
printf("Writing to MMC(%d)... ", CONFIG_SYS_MMC_ENV_DEV);
if (write_env(mmc, CONFIG_ENV_SIZE, offset, (u_char *)env_new)) {
puts("failed\n");
@@ -171,6 +169,7 @@
void env_relocate_spec(void)
{
#if !defined(ENV_IS_EMBEDDED)
+ ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE);
struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV);
u32 offset;
int ret;
@@ -185,12 +184,12 @@
goto fini;
}
- if (read_env(mmc, CONFIG_ENV_SIZE, offset, env_buf)) {
+ if (read_env(mmc, CONFIG_ENV_SIZE, offset, buf)) {
ret = 1;
goto fini;
}
- env_import(env_buf, 1);
+ env_import(buf, 1);
ret = 0;
fini:
diff --git a/common/env_nand.c b/common/env_nand.c
index 8cc2055..5b69889 100644
--- a/common/env_nand.c
+++ b/common/env_nand.c
@@ -64,8 +64,6 @@
env_t *env_ptr;
#endif /* ENV_IS_EMBEDDED */
-DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE);
-
DECLARE_GLOBAL_DATA_PTR;
/*
@@ -175,7 +173,7 @@
int saveenv(void)
{
- env_t *env_new = (env_t *)env_buf;
+ env_t env_new;
ssize_t len;
char *res;
int ret = 0;
@@ -187,14 +185,14 @@
if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE)
return 1;
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
- env_new->flags = ++env_flags; /* increase the serial */
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
+ env_new.flags = ++env_flags; /* increase the serial */
if (gd->env_valid == 1) {
puts("Erasing redundant NAND...\n");
@@ -203,7 +201,7 @@
return 1;
puts("Writing to redundant NAND... ");
- ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)env_new);
+ ret = writeenv(CONFIG_ENV_OFFSET_REDUND, (u_char *)&env_new);
} else {
puts("Erasing NAND...\n");
nand_erase_options.offset = CONFIG_ENV_OFFSET;
@@ -211,7 +209,7 @@
return 1;
puts("Writing to NAND... ");
- ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)env_new);
+ ret = writeenv(CONFIG_ENV_OFFSET, (u_char *)&env_new);
}
if (ret) {
puts("FAILED!\n");
@@ -228,7 +226,7 @@
int saveenv(void)
{
int ret = 0;
- env_t *env_new = (env_t *)env_buf;
+ ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1);
ssize_t len;
char *res;
nand_erase_options_t nand_erase_options;
@@ -240,7 +238,7 @@
if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE)
return 1;
- res = (char *)env_new->data;
+ res = (char *)&env_new->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
@@ -406,6 +404,7 @@
{
#if !defined(ENV_IS_EMBEDDED)
int ret;
+ ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE);
#if defined(CONFIG_ENV_OFFSET_OOB)
ret = get_nand_env_oob(&nand_info[0], &nand_env_oob_offset);
@@ -421,13 +420,13 @@
}
#endif
- ret = readenv(CONFIG_ENV_OFFSET, (u_char *)env_buf);
+ ret = readenv(CONFIG_ENV_OFFSET, (u_char *)buf);
if (ret) {
set_default_env("!readenv() failed");
return;
}
- env_import(env_buf, 1);
+ env_import(buf, 1);
#endif /* ! ENV_IS_EMBEDDED */
}
#endif /* CONFIG_ENV_OFFSET_REDUND */
diff --git a/common/env_nvram.c b/common/env_nvram.c
index ff74a6c..eab0e7b 100644
--- a/common/env_nvram.c
+++ b/common/env_nvram.c
@@ -60,10 +60,6 @@
char *env_name_spec = "NVRAM";
#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
-static char env_buf[CONFIG_ENV_SIZE];
-#endif
-
-#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
uchar env_get_char_spec(int index)
{
uchar c;
@@ -76,38 +72,36 @@
void env_relocate_spec(void)
{
- char *buf;
+ char buf[CONFIG_ENV_SIZE];
#if defined(CONFIG_SYS_NVRAM_ACCESS_ROUTINE)
- buf = env_buf;
nvram_read(buf, CONFIG_ENV_ADDR, CONFIG_ENV_SIZE);
#else
- buf = (void *)CONFIG_ENV_ADDR;
+ memcpy(buf, (void *)CONFIG_ENV_ADDR, CONFIG_ENV_SIZE);
#endif
env_import(buf, 1);
}
int saveenv(void)
{
-#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
- env_t *env_new = (env_t *)env_buf;
-#else
- env_t *env_new = (env_t *)CONFIG_ENV_ADDR;
-#endif
+ env_t env_new;
ssize_t len;
char *res;
int rcode = 0;
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
#ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE
- nvram_write(CONFIG_ENV_ADDR, env_new, CONFIG_ENV_SIZE);
+ nvram_write(CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE);
+#else
+ if (memcpy((char *)CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE) == NULL)
+ rcode = 1;
#endif
return rcode;
}
@@ -121,7 +115,7 @@
{
#if defined(CONFIG_SYS_NVRAM_ACCESS_ROUTINE)
ulong crc;
- uchar *data = env_buf;
+ uchar data[ENV_SIZE];
nvram_read(&crc, CONFIG_ENV_ADDR, sizeof(ulong));
nvram_read(data, CONFIG_ENV_ADDR + sizeof(ulong), ENV_SIZE);
diff --git a/common/env_onenand.c b/common/env_onenand.c
index 6fd5613..faa903d 100644
--- a/common/env_onenand.c
+++ b/common/env_onenand.c
@@ -42,8 +42,6 @@
#define ONENAND_MAX_ENV_SIZE CONFIG_ENV_SIZE
#define ONENAND_ENV_SIZE(mtd) (ONENAND_MAX_ENV_SIZE - ENV_HEADER_SIZE)
-static char env_buf[CONFIG_ENV_SIZE];
-
DECLARE_GLOBAL_DATA_PTR;
void env_relocate_spec(void)
@@ -58,7 +56,8 @@
char *buf = (char *)&environment;
#else
loff_t env_addr = CONFIG_ENV_ADDR;
- char *buf = env_buf;
+ char onenand_env[ONENAND_MAX_ENV_SIZE];
+ char *buf = (char *)&onenand_env[0];
#endif /* ENV_IS_EMBEDDED */
#ifndef ENV_IS_EMBEDDED
@@ -82,7 +81,7 @@
int saveenv(void)
{
- env_t *env_new = env_buf;
+ env_t env_new;
ssize_t len;
char *res;
struct mtd_info *mtd = &onenand_mtd;
@@ -95,13 +94,13 @@
.callback = NULL,
};
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
instr.len = CONFIG_ENV_SIZE;
#ifdef CONFIG_ENV_ADDR_FLEX
@@ -120,7 +119,7 @@
}
if (mtd->write(mtd, env_addr, ONENAND_MAX_ENV_SIZE, &retlen,
- (u_char *)env_new)) {
+ (u_char *)&env_new)) {
printf("OneNAND: write failed at 0x%llx\n", instr.addr);
return 2;
}
diff --git a/common/env_sf.c b/common/env_sf.c
index 9a592ba..d9e9085 100644
--- a/common/env_sf.c
+++ b/common/env_sf.c
@@ -58,12 +58,11 @@
char *env_name_spec = "SPI Flash";
static struct spi_flash *env_flash;
-static char env_buf[CONFIG_ENV_SIZE];
#if defined(CONFIG_ENV_OFFSET_REDUND)
int saveenv(void)
{
- env_t *env_new = (env_t *)env_buf;
+ env_t env_new;
ssize_t len;
char *res, *saved_buffer = NULL, flag = OBSOLETE_FLAG;
u32 saved_size, saved_offset, sector = 1;
@@ -79,14 +78,14 @@
}
}
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
- env_new->flags = ACTIVE_FLAG;
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
+ env_new.flags = ACTIVE_FLAG;
if (gd->env_valid == 1) {
env_new_offset = CONFIG_ENV_OFFSET_REDUND;
@@ -126,7 +125,7 @@
puts("Writing to SPI flash...");
ret = spi_flash_write(env_flash, env_new_offset,
- CONFIG_ENV_SIZE, env_new);
+ CONFIG_ENV_SIZE, &env_new);
if (ret)
goto done;
@@ -138,7 +137,7 @@
}
ret = spi_flash_write(env_flash, env_offset + offsetof(env_t, flags),
- sizeof(env_new->flags), &flag);
+ sizeof(env_new.flags), &flag);
if (ret)
goto done;
@@ -244,7 +243,7 @@
u32 saved_size, saved_offset, sector = 1;
char *res, *saved_buffer = NULL;
int ret = 1;
- env_t *env_new = (env_t *)env_buf;
+ env_t env_new;
ssize_t len;
if (!env_flash) {
@@ -277,13 +276,13 @@
sector++;
}
- res = (char *)env_new->data;
+ res = (char *)&env_new.data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
goto done;
}
- env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new.crc = crc32(0, env_new.data, ENV_SIZE);
puts("Erasing SPI flash...");
ret = spi_flash_erase(env_flash, CONFIG_ENV_OFFSET,
@@ -293,7 +292,7 @@
puts("Writing to SPI flash...");
ret = spi_flash_write(env_flash, CONFIG_ENV_OFFSET,
- CONFIG_ENV_SIZE, env_new);
+ CONFIG_ENV_SIZE, &env_new);
if (ret)
goto done;
@@ -316,7 +315,7 @@
void env_relocate_spec(void)
{
- char *buf = env_buf;
+ char buf[CONFIG_ENV_SIZE];
int ret;
env_flash = spi_flash_probe(CONFIG_ENV_SPI_BUS, CONFIG_ENV_SPI_CS,