Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.
To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Simon Glass <sjg@chromium.org>
A number of style fixes across the files in this directory, including:
* Correct invalid kernel-doc content.
* Tidy up massive comment in fdt_region.c.
* Use correct spelling of "U-Boot".
* Replace tests of "! <var>" with "!<var>".
* Replace "libfdt_env.h" with <libfdt_env.h>.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Acked-by: Simon Glass <sjg@chromium.org>
Iterating through subnodes with libfdt is a little painful to write as we
need something like this:
for (depth = 0, count = 0,
offset = fdt_next_node(fdt, parent_offset, &depth);
(offset >= 0) && (depth > 0);
offset = fdt_next_node(fdt, offset, &depth)) {
if (depth == 1) {
/* code body */
}
}
Using fdt_next_subnode() we can instead write this, which is shorter and
easier to get right:
for (offset = fdt_first_subnode(fdt, parent_offset);
offset >= 0;
offset = fdt_next_subnode(fdt, offset)) {
/* code body */
}
Also, it doesn't require two levels of indentation for the loop body.
Signed-off-by: Simon Glass <sjg@chromium.org>
(Cherry-picked from dtc commit 4e76ec79)
Acked-by: Gerald Van Baren <vanbaren@cideas.com>
commit 142419e "dtc/libfdt: sparse fixes", for u-boot's libfdt copy.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Cc: Jerry Van Baren <gvb.uboot@gmail.com>
For ages, we've been talking about adding functions to libfdt to allow
iteration through properties. So, finally, here are some.
I got bogged down on this for a long time because I didn't want to
expose offsets directly to properties to the callers. But without
that, attempting to make reasonable iteration functions just became
horrible. So eventually, I settled on an interface which does now
expose property offsets. fdt_first_property_offset() and
fdt_next_property_offset() are used to step through the offsets of the
properties starting from a particularly node offset. The details of
the property at each offset can then be retrieved with either
fdt_get_property_by_offset() or fdt_getprop_by_offset() which have
interfaces similar to fdt_get_property() and fdt_getprop()
respectively.
No explicit testcases are included, but we do use the new functions to
reimplement the existing fdt_get_property() function.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This was extracted from the DTC commit:
73dca9ae0b9abe6924ba640164ecce9f8df69c5a Mon Sep 17 00:00:00 2001
Signed-off-by: Gerald Van Baren <vanbaren@cideas.com>
Currently, callers of fdt_next_tag() must usually follow the call with
some sort of call to fdt_offset_ptr() to verify that the blob isn't
truncated in the middle of the tag data they're going to process.
This is a bit silly, since fdt_next_tag() generally has to call
fdt_offset_ptr() on at least some of the data following the tag for
its own operation.
This patch alters fdt_next_tag() to always use fdt_offset_ptr() to
verify the data between its starting offset and the offset it returns
in nextoffset. This simplifies fdt_get_property() which no longer has
to verify itself that the property data is all present.
At the same time, I neaten and clarify the error handling for
fdt_next_tag(). Previously, fdt_next_tag() could return -1 instead of
a tag value in some circumstances - which almost none of the callers
checked for. Also, fdt_next_tag() could return FDT_END either because
it encountered an FDT_END tag, or because it reached the end of the
structure block - no way was provided to tell between these cases.
With this patch, fdt_next_tag() always returns FDT_END with a negative
value in nextoffset for an error. This means the several places which
loop looking for FDT_END will still work correctly - they only need to
check for errors at the end. The errors which fdt_next_tag() can
report are:
- -FDT_ERR_TRUNCATED if it reached the end of the structure
block instead of finding a tag.
- -FDT_BADSTRUCTURE if a bad tag was encountered, or if the
tag data couldn't be verified with fdt_offset_ptr().
This patch also updates the callers of fdt_next_tag(), where
appropriate, to make use of the new error reporting.
Finally, the prototype for the long gone _fdt_next_tag() is removed
from libfdt_internal.h.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently fdt_next_node() will find the next node in the blob
regardless of whether it is above, below or at the same level in the
tree as the starting node - the depth parameter is updated to indicate
which is the case. When a depth parameter is supplied, this patch
makes it instead terminate immediately when it finds the END_NODE tag
for a node at depth 0. In this case it returns the offset immediately
past the END_NODE tag.
This has a couple of advantages. First, this slightly simplifies
fdt_subnode_offset(), which no longer needs to explicitly check that
fdt_next_node()'s iteration hasn't left the starting node. Second,
this allows fdt_next_node() to be used to implement
_fdt_node_end_offset() considerably simplifying the latter function.
The other users of fdt_next_node() either don't need to iterate out of
the starting node, or don't pass a depth parameter at all. Any
callers that really need to iterate out of the starting node, but keep
tracking depth can do so by biasing the initial depth value.
This is a semantic change, but I think it's very unlikely to break any
existing library users.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Using Gcc 4.3 detected this problem:
../dtc/libfdt/fdt.c: In function 'fdt_next_tag':
../dtc/libfdt/fdt.c:82: error: assuming signed overflow does not
occur when assuming that (X + c) < X is always false
To fix the problem, treat the offset as an unsigned int.
The problem report and proposed fix were provided
by Steve Papacharalambous <stevep@freescale.com>.
Signed-off-by: Jon Loeliger <jdl@freescale.com>
libfdt is supposed to easy to embed in projects all and sundry.
Often, it won't be practical to separate the embedded libfdt's
namespace from that of the surrounding project. Which means there can
be namespace conflicts between even libfdt's internal/static functions
and functions or macros coming from the surrounding project's headers
via libfdt_env.h.
This patch, therefore, renames a bunch of libfdt internal functions
and macros and makes a few other chances to reduce the chances of
namespace collisions with embedding projects. Specifically:
- Internal functions (even static ones) are now named _fdt_*()
- The type and (static) global for the error table in
fdt_strerror() gain an fdt_ prefix
- The unused macro PALIGN is removed
- The memeq and streq macros are removed and open-coded in the
users (they were only used once each)
- Other macros gain an FDT_ prefix
- To save some of the bulk from the previous change, an
FDT_TAGALIGN() macro is introduced, where FDT_TAGALIGN(x) ==
FDT_ALIGN(x, FDT_TAGSIZE)
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This patch turns on the -Wpointer-arith option in the dtc Makefile,
and fixes the resulting warnings due to using (void *) in pointer
arithmetic. While convenient, pointer arithmetic on void * is not
portable, so it's better that we avoid it, particularly in libfdt.
Also add necessary definition of uintptr_t needed by David Gibson's
changeset "dtc: Enable and fix -Wpointer-arith warnings" (the definition
comes from stdint.h, which u-boot doesn't have). -- gvb
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerald Van Baren <vanbaren@cideas.com>
This patch makes a couple of small cleanups to parameter checking of
libfdt functions.
- In several functions which take a node offset, we use an
idiom involving fdt_next_tag() first to check that we have indeed been
given a node offset. This patch adds a helper function
_fdt_check_node_offset() to encapsulate this usage of fdt_next_tag().
- In fdt_rw.c in several places we have the expanded version
of the RW_CHECK_HEADER() macro for no particular reason. This patch
replaces those instances with an invocation of the macro; that's what
it's for.
- In fdt_sw.c we rename the check_header_sw() function to
sw_check_header() to match the analgous function in fdt_rw.c, and we
provide an SW_CHECK_HEADER() wrapper macro as RW_CHECK_HEADER()
functions in fdt_rw.c
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently the CHECK_HEADER() macro is defined local to fdt_ro.c.
However, there are a handful of functions (fdt_move, rw_check_header,
fdt_open_into) from other files which could also use it (currently
they open-code something more-or-less identical). Therefore, this
patch moves CHECK_HEADER() to libfdt_internal.h and uses it in those
places.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This patch adds an fdt_next_node() function which can be used to
iterate through nodes of the tree while keeping track of depth. This
function is used to simplify the iteration code in a lot of other
functions, and is also exported for use by library users.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This patch adds an fdt_next_node() function which can be used to
iterate through nodes of the tree while keeping track of depth. This
function is used to simplify the iteration code in a lot of other
functions, and is also exported for use by library users.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Update libfdt to commit 8eaf5e358366017aa2e846c5038d1aa19958314e from
the device tree compiler (dtc) project.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
This is the way u-boot reduces configured-out code. At Wolfgang
Grandegger and Wolfgang Denk's request, make libfdt conform.
Signed-off-by: Gerald Van Baren <vanbaren@cideas.com>
Changed _fdt_check_header() to fdt_check_header() and made it part of
the interface - it is a useful routine.
Also did some asthetics cleanup to the include files (headers).
Enhanced the formerly private function _fdt_next_tag() to allow stepping
through the tree, used to produce a human-readable dump, and made
it part of the published interface.
Also added some comments.