From 4d5fa985361f320c2c9830828bb52979927a4c0e Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:03 +0000 Subject: imximage: check dcd_len as entries added Before the len was checked after the entire file was processed, so it could have already overflowed. Signed-off-by: Troy Kisky --- tools/imximage.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index 03a7716673..c9170366b9 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -71,6 +71,7 @@ static uint32_t imximage_version; static set_dcd_val_t set_dcd_val; static set_dcd_rst_t set_dcd_rst; static set_imx_hdr_t set_imx_hdr; +static uint32_t max_dcd_entries; static uint32_t get_cfg_value(char *token, char *name, int linenr) { @@ -170,13 +171,6 @@ static void set_dcd_rst_v1(struct imx_header *imxhdr, uint32_t dcd_len, { dcd_v1_t *dcd_v1 = &imxhdr->header.hdr_v1.dcd_table; - if (dcd_len > MAX_HW_CFG_SIZE_V1) { - fprintf(stderr, "Error: %s[%d] -" - "DCD table exceeds maximum size(%d)\n", - name, lineno, MAX_HW_CFG_SIZE_V1); - exit(EXIT_FAILURE); - } - dcd_v1->preamble.barker = DCD_BARKER; dcd_v1->preamble.length = dcd_len * sizeof(dcd_type_addr_data_t); } @@ -190,13 +184,6 @@ static void set_dcd_rst_v2(struct imx_header *imxhdr, uint32_t dcd_len, { dcd_v2_t *dcd_v2 = &imxhdr->header.hdr_v2.dcd_table; - if (dcd_len > MAX_HW_CFG_SIZE_V2) { - fprintf(stderr, "Error: %s[%d] -" - "DCD table exceeds maximum size(%d)\n", - name, lineno, MAX_HW_CFG_SIZE_V2); - exit(EXIT_FAILURE); - } - dcd_v2->header.tag = DCD_HEADER_TAG; dcd_v2->header.length = cpu_to_be16( dcd_len * sizeof(dcd_addr_data_t) + 8); @@ -295,11 +282,13 @@ static void set_hdr_func(struct imx_header *imxhdr) set_dcd_val = set_dcd_val_v1; set_dcd_rst = set_dcd_rst_v1; set_imx_hdr = set_imx_hdr_v1; + max_dcd_entries = MAX_HW_CFG_SIZE_V1; break; case IMXIMAGE_V2: set_dcd_val = set_dcd_val_v2; set_dcd_rst = set_dcd_rst_v2; set_imx_hdr = set_imx_hdr_v2; + max_dcd_entries = MAX_HW_CFG_SIZE_V2; break; default: err_imximage_version(imximage_version); @@ -426,8 +415,15 @@ static void parse_cfg_fld(struct imx_header *imxhdr, int32_t *cmd, value = get_cfg_value(token, name, lineno); (*set_dcd_val)(imxhdr, name, lineno, fld, value, *dcd_len); - if (fld == CFG_REG_VALUE) + if (fld == CFG_REG_VALUE) { (*dcd_len)++; + if (*dcd_len > max_dcd_entries) { + fprintf(stderr, "Error: %s[%d] -" + "DCD table exceeds maximum size(%d)\n", + name, lineno, max_dcd_entries); + exit(EXIT_FAILURE); + } + } break; default: break; -- cgit v1.2.1 From f14e6258f3ff7488a1899d784c6d62957c2df859 Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:04 +0000 Subject: imximage: remove redundant setting of app_dest_ptr Signed-off-by: Troy Kisky Acked-by: Stefano Babic --- tools/imximage.c | 1 - 1 file changed, 1 deletion(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index c9170366b9..bda1a75df3 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -213,7 +213,6 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, /* Set magic number */ fhdr_v1->app_code_barker = APP_CODE_BARKER; - fhdr_v1->app_dest_ptr = params->addr; fhdr_v1->app_dest_ptr = params->ep - imxhdr->flash_offset - sizeof(struct imx_header); fhdr_v1->app_code_jump_vector = params->ep; -- cgit v1.2.1 From 8d8cc828f456a64143a0b94c751f8cfcecfe5dcc Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:05 +0000 Subject: imximage: move flash_offset check to common location Both set_imx_hdr_v1 and set_imx_hdr_v2 perform the same check. Move check to before the set_imx_hdr call. Signed-off-by: Troy Kisky Acked-by: Stefano Babic --- tools/imximage.c | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index bda1a75df3..3e9ee6ac5d 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -203,13 +203,6 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, dcd_v1_t *dcd_v1 = &hdr_v1->dcd_table; uint32_t base_offset; - /* Exit if there is no BOOT_FROM field specifying the flash_offset */ - if(imxhdr->flash_offset == FLASH_OFFSET_UNDEFINED) { - fprintf(stderr, "Error: Header v1: No BOOT_FROM tag in %s\n", - params->imagename); - exit(EXIT_FAILURE); - } - /* Set magic number */ fhdr_v1->app_code_barker = APP_CODE_BARKER; @@ -243,13 +236,6 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, imx_header_v2_t *hdr_v2 = &imxhdr->header.hdr_v2; flash_header_v2_t *fhdr_v2 = &hdr_v2->fhdr; - /* Exit if there is no BOOT_FROM field specifying the flash_offset */ - if(imxhdr->flash_offset == FLASH_OFFSET_UNDEFINED) { - fprintf(stderr, "Error: Header v2: No BOOT_FROM tag in %s\n", - params->imagename); - exit(EXIT_FAILURE); - } - /* Set magic number */ fhdr_v2->header.tag = IVT_HEADER_TAG; /* 0xD1 */ fhdr_v2->header.length = cpu_to_be16(sizeof(flash_header_v2_t)); @@ -475,6 +461,11 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name) (*set_dcd_rst)(imxhdr, dcd_len, name, lineno); fclose(fd); + /* Exit if there is no BOOT_FROM field specifying the flash_offset */ + if (imxhdr->flash_offset == FLASH_OFFSET_UNDEFINED) { + fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name); + exit(EXIT_FAILURE); + } return dcd_len; } -- cgit v1.2.1 From 348ca8efb79652d2b259fbd0ed6d317a77a8cbb9 Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:06 +0000 Subject: imximage: fix size of image to load. sbuf->st_size already includes sizeof(struct imx_header), so remove extra addition. Signed-off-by: Troy Kisky --- tools/imximage.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index 3e9ee6ac5d..7dbf36cf4f 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -221,8 +221,7 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, /* The external flash header must be at the end of the DCD table */ dcd_v1->addr_data[dcd_len].type = sbuf->st_size + - imxhdr->flash_offset + - sizeof(struct imx_header); + imxhdr->flash_offset; /* Security feature are not supported */ fhdr_v1->app_code_csf = 0; @@ -253,8 +252,7 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, hdr_v2->boot_data.start = fhdr_v2->self - imxhdr->flash_offset; hdr_v2->boot_data.size = sbuf->st_size + - imxhdr->flash_offset + - sizeof(struct imx_header); + imxhdr->flash_offset; /* Security feature are not supported */ fhdr_v2->csf = 0; -- cgit v1.2.1 From 243319825fa6e79885d57b6b78e72f3fe10ef69c Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:07 +0000 Subject: imximage: delay setting of image size When later we change to variable length header, we won't know the file size when set_imx_hdr is called. So this is prep work. Signed-off-by: Troy Kisky --- tools/imximage.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index 7dbf36cf4f..bed53f06bb 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -72,6 +72,7 @@ static set_dcd_val_t set_dcd_val; static set_dcd_rst_t set_dcd_rst; static set_imx_hdr_t set_imx_hdr; static uint32_t max_dcd_entries; +static uint32_t *header_size_ptr; static uint32_t get_cfg_value(char *token, char *name, int linenr) { @@ -202,6 +203,8 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, flash_header_v1_t *fhdr_v1 = &hdr_v1->fhdr; dcd_v1_t *dcd_v1 = &hdr_v1->dcd_table; uint32_t base_offset; + uint32_t header_length = (((char *)&dcd_v1->addr_data[dcd_len].addr) + - ((char *)imxhdr)); /* Set magic number */ fhdr_v1->app_code_barker = APP_CODE_BARKER; @@ -219,13 +222,10 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, fhdr_v1->dcd_ptr = base_offset + offsetof(imx_header_v1_t, dcd_table); - /* The external flash header must be at the end of the DCD table */ - dcd_v1->addr_data[dcd_len].type = sbuf->st_size + - imxhdr->flash_offset; - /* Security feature are not supported */ fhdr_v1->app_code_csf = 0; fhdr_v1->super_root_key = 0; + header_size_ptr = (uint32_t *)(((char *)imxhdr) + header_length - 4); } static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, @@ -251,11 +251,10 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, offsetof(imx_header_v2_t, boot_data); hdr_v2->boot_data.start = fhdr_v2->self - imxhdr->flash_offset; - hdr_v2->boot_data.size = sbuf->st_size + - imxhdr->flash_offset; /* Security feature are not supported */ fhdr_v2->csf = 0; + header_size_ptr = &hdr_v2->boot_data.size; } static void set_hdr_func(struct imx_header *imxhdr) @@ -526,6 +525,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd, /* Set the imx header */ (*set_imx_hdr)(imxhdr, dcd_len, sbuf, params); + *header_size_ptr = sbuf->st_size + imxhdr->flash_offset; } int imximage_check_params(struct mkimage_params *params) -- cgit v1.2.1 From ad0826dcd81ba6cf4cc93a4ca8337e1bc676c238 Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:08 +0000 Subject: imximage: change parameters to set_imx_hdr Call with the value the function will use instead of going through a pointer. Signed-off-by: Troy Kisky --- tools/imximage.c | 20 +++++++++----------- tools/imximage.h | 6 ++---- 2 files changed, 11 insertions(+), 15 deletions(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index bed53f06bb..87a6b59e00 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -196,8 +196,7 @@ static void set_dcd_rst_v2(struct imx_header *imxhdr, uint32_t dcd_len, } static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, - struct stat *sbuf, - struct mkimage_params *params) + uint32_t entry_point, uint32_t flash_offset) { imx_header_v1_t *hdr_v1 = &imxhdr->header.hdr_v1; flash_header_v1_t *fhdr_v1 = &hdr_v1->fhdr; @@ -209,11 +208,11 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, /* Set magic number */ fhdr_v1->app_code_barker = APP_CODE_BARKER; - fhdr_v1->app_dest_ptr = params->ep - imxhdr->flash_offset - + fhdr_v1->app_dest_ptr = entry_point - flash_offset - sizeof(struct imx_header); - fhdr_v1->app_code_jump_vector = params->ep; + fhdr_v1->app_code_jump_vector = entry_point; - base_offset = fhdr_v1->app_dest_ptr + imxhdr->flash_offset ; + base_offset = fhdr_v1->app_dest_ptr + flash_offset; fhdr_v1->dcd_ptr_ptr = (uint32_t) (offsetof(flash_header_v1_t, dcd_ptr) - offsetof(flash_header_v1_t, app_code_jump_vector) + @@ -229,8 +228,7 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, } static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, - struct stat *sbuf, - struct mkimage_params *params) + uint32_t entry_point, uint32_t flash_offset) { imx_header_v2_t *hdr_v2 = &imxhdr->header.hdr_v2; flash_header_v2_t *fhdr_v2 = &hdr_v2->fhdr; @@ -240,9 +238,9 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, fhdr_v2->header.length = cpu_to_be16(sizeof(flash_header_v2_t)); fhdr_v2->header.version = IVT_VERSION; /* 0x40 */ - fhdr_v2->entry = params->ep; + fhdr_v2->entry = entry_point; fhdr_v2->reserved1 = fhdr_v2->reserved2 = 0; - fhdr_v2->self = params->ep - sizeof(struct imx_header); + fhdr_v2->self = entry_point - sizeof(struct imx_header); fhdr_v2->dcd_ptr = fhdr_v2->self + offsetof(imx_header_v2_t, dcd_table); @@ -250,7 +248,7 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, fhdr_v2->boot_data_ptr = fhdr_v2->self + offsetof(imx_header_v2_t, boot_data); - hdr_v2->boot_data.start = fhdr_v2->self - imxhdr->flash_offset; + hdr_v2->boot_data.start = fhdr_v2->self - flash_offset; /* Security feature are not supported */ fhdr_v2->csf = 0; @@ -524,7 +522,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd, dcd_len = parse_cfg_file(imxhdr, params->imagename); /* Set the imx header */ - (*set_imx_hdr)(imxhdr, dcd_len, sbuf, params); + (*set_imx_hdr)(imxhdr, dcd_len, params->ep, imxhdr->flash_offset); *header_size_ptr = sbuf->st_size + imxhdr->flash_offset; } diff --git a/tools/imximage.h b/tools/imximage.h index 34f293d95a..42b60906fd 100644 --- a/tools/imximage.h +++ b/tools/imximage.h @@ -168,9 +168,7 @@ typedef void (*set_dcd_rst_t)(struct imx_header *imxhdr, uint32_t dcd_len, char *name, int lineno); -typedef void (*set_imx_hdr_t)(struct imx_header *imxhdr, - uint32_t dcd_len, - struct stat *sbuf, - struct mkimage_params *params); +typedef void (*set_imx_hdr_t)(struct imx_header *imxhdr, uint32_t dcd_len, + uint32_t entry_point, uint32_t flash_offset); #endif /* _IMXIMAGE_H_ */ -- cgit v1.2.1 From ab857f2613be39274d0870768720067ff9d859c0 Mon Sep 17 00:00:00 2001 From: Troy Kisky Date: Wed, 3 Oct 2012 15:47:09 +0000 Subject: imximage: make set_imx_hdr_v1/v2 easier to read Signed-off-by: Troy Kisky --- tools/imximage.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) (limited to 'tools') diff --git a/tools/imximage.c b/tools/imximage.c index 87a6b59e00..63f88b6c42 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -201,25 +201,19 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len, imx_header_v1_t *hdr_v1 = &imxhdr->header.hdr_v1; flash_header_v1_t *fhdr_v1 = &hdr_v1->fhdr; dcd_v1_t *dcd_v1 = &hdr_v1->dcd_table; - uint32_t base_offset; + uint32_t hdr_base; uint32_t header_length = (((char *)&dcd_v1->addr_data[dcd_len].addr) - ((char *)imxhdr)); /* Set magic number */ fhdr_v1->app_code_barker = APP_CODE_BARKER; - fhdr_v1->app_dest_ptr = entry_point - flash_offset - - sizeof(struct imx_header); + hdr_base = entry_point - sizeof(struct imx_header); + fhdr_v1->app_dest_ptr = hdr_base - flash_offset; fhdr_v1->app_code_jump_vector = entry_point; - base_offset = fhdr_v1->app_dest_ptr + flash_offset; - fhdr_v1->dcd_ptr_ptr = - (uint32_t) (offsetof(flash_header_v1_t, dcd_ptr) - - offsetof(flash_header_v1_t, app_code_jump_vector) + - base_offset); - - fhdr_v1->dcd_ptr = base_offset + - offsetof(imx_header_v1_t, dcd_table); + fhdr_v1->dcd_ptr_ptr = hdr_base + offsetof(flash_header_v1_t, dcd_ptr); + fhdr_v1->dcd_ptr = hdr_base + offsetof(imx_header_v1_t, dcd_table); /* Security feature are not supported */ fhdr_v1->app_code_csf = 0; @@ -232,6 +226,7 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, { imx_header_v2_t *hdr_v2 = &imxhdr->header.hdr_v2; flash_header_v2_t *fhdr_v2 = &hdr_v2->fhdr; + uint32_t hdr_base; /* Set magic number */ fhdr_v2->header.tag = IVT_HEADER_TAG; /* 0xD1 */ @@ -240,15 +235,12 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len, fhdr_v2->entry = entry_point; fhdr_v2->reserved1 = fhdr_v2->reserved2 = 0; - fhdr_v2->self = entry_point - sizeof(struct imx_header); - - fhdr_v2->dcd_ptr = fhdr_v2->self + - offsetof(imx_header_v2_t, dcd_table); - - fhdr_v2->boot_data_ptr = fhdr_v2->self + - offsetof(imx_header_v2_t, boot_data); + fhdr_v2->self = hdr_base = entry_point - sizeof(struct imx_header); - hdr_v2->boot_data.start = fhdr_v2->self - flash_offset; + fhdr_v2->dcd_ptr = hdr_base + offsetof(imx_header_v2_t, dcd_table); + fhdr_v2->boot_data_ptr = hdr_base + + offsetof(imx_header_v2_t, boot_data); + hdr_v2->boot_data.start = hdr_base - flash_offset; /* Security feature are not supported */ fhdr_v2->csf = 0; -- cgit v1.2.1