summaryrefslogtreecommitdiff
path: root/cmd/i2c.c
AgeCommit message (Collapse)AuthorFilesLines
2022-08-31i2c: fix stack buffer overflow vulnerability in i2c md commandMarek Vasut1-1/+2
This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer overflow vulnerability in i2c md command") without the changes unrelated to the actual fix. Avoid the underflow by setting only nbytes and linebytes as unsigned integers. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Cc: Simon Glass <sjg@chromium.org> Cc: Tim Harvey <tharvey@gateworks.com> Acked-by: Tim Harvey <tharvey@gateworks.com>
2022-08-31Revert "i2c: fix stack buffer overflow vulnerability in i2c md command"Marek Vasut1-12/+12
This reverts commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409. The commit is largely wrong and breaks most of i2c command functionality. The problem described in the aforementioned commit commit message is valid, however the commit itself does many more changes unrelated to fixing that one problem it describes. Those extra changes, namely the handling of i2c device address length as unsigned instead of signed integer, breaks the expectation that address length may be negative value. The negative value is used by DM to indicate that address length of device does not change. The actual bug documented in commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 can be fixed by extra sanitization in separate patch. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Cc: Simon Glass <sjg@chromium.org> Cc: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-06-28i2c: fix stack buffer overflow vulnerability in i2c md commandNicolas Iooss1-12/+12
When running "i2c md 0 0 80000100", the function do_i2c_md parses the length into an unsigned int variable named length. The value is then moved to a signed variable: int nbytes = length; #define DISP_LINE_LEN 16 int linebytes = (nbytes > DISP_LINE_LEN) ? DISP_LINE_LEN : nbytes; ret = dm_i2c_read(dev, addr, linebuf, linebytes); On systems where integers are 32 bits wide, 0x80000100 is a negative value to "nbytes > DISP_LINE_LEN" is false and linebytes gets assigned 0x80000100 instead of 16. The consequence is that the function which reads from the i2c device (dm_i2c_read or i2c_read) is called with a 16-byte stack buffer to fill but with a size parameter which is too large. In some cases, this could trigger a crash. But with some i2c drivers, such as drivers/i2c/nx_i2c.c (used with "nexell,s5pxx18-i2c" bus), the size is actually truncated to a 16-bit integer. This is because function i2c_transfer expects an unsigned short length. In such a case, an attacker who can control the response of an i2c device can overwrite the return address of a function and execute arbitrary code through Return-Oriented Programming. Fix this issue by using unsigned integers types in do_i2c_md. While at it, make also alen unsigned, as signed sizes can cause vulnerabilities when people forgot to check that they can be negative. Signed-off-by: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Reviewed-by: Heiko Schocher <hs@denx.de>
2021-08-30cmd/i2c.c: Remove unused legacy codeTom Rini1-50/+0
There are no longer any cases where we are neither SYS_I2C_LEGACY nor DM_I2C. Remove these code paths. Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-30Convert CONFIG_SYS_I2C_LEGACY to Kconfig and add CONFIG_[ST]PL_SYS_I2C_LEGACYTom Rini1-12/+12
First, we convert CONFIG_SYS_I2C_LEGACY to Kconfig. Next, as you cannot have SYS_I2C_LEGACY and DM_I2C at the same time, introduce CONFIG_SPL_SYS_I2C_LEGACY so that we can enable the legacy option only in SPL. Finally, for some PowerPC cases we also need CONFIG_TPL_SYS_I2C_LEGACY support. Convert all of the existing users to one or more symbols. Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-30Convert CONFIG_SYS_I2C_EEPROM_ADDR et al to KconfigTom Rini1-1/+1
- Rename usages of CONFIG_SYS_DEF_EEPROM_ADDR to CONFIG_SYS_I2C_EEPROM_ADDR based on current usage. - Convert CONFIG_SYS_I2C_EEPROM_ADDR, CONFIG_SYS_I2C_EEPROM_ADDR_LEN, CONFIG_SYS_I2C_EEPROM_BUS, CONFIG_CONFIG_SYS_EEPROM_SIZE CONFIG_SYS_EEPROM_PAGE_WRITE_BITS and CONFIG_SYS_EEPROM_PAGE_WRITE_DELAY_MS to Kconfig. We move these symbols around a bit and add appropriate dependencies to them. In some cases, we now add a correct default value as well. Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-02global: Convert simple_strtoul() with decimal to dectoul()Simon Glass1-4/+4
It is a pain to have to specify the value 10 in each call. Add a new dectoul() function and update the code to use it. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02global: Convert simple_strtoul() with hex to hextoul()Simon Glass1-30/+30
It is a pain to have to specify the value 16 in each call. Add a new hextoul() function and update the code to use it. Add a proper comment to simple_strtoul() while we are here. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28i2c: Rename CONFIG_SYS_I2C to CONFIG_SYS_I2C_LEGACYSimon Glass1-12/+12
It is quite confusing that CONFIG_SYS_I2C selects the legacy I2C and CONFIG_DM_I2C selects the current I2C. The deadline to migrate I2C is less than a year away. Also we want to have a CONFIG_I2C for U-Boot proper just like we have CONFIG_SPL_I2C for SPL, so we can simplify the Makefile rules. Rename this symbol so it is clear it is going away. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
2021-02-21dm: i2c: use CONFIG_IS_ENABLED macro for DM_I2C/DM_I2C_GPIOIgor Opaniuk1-49/+49
Use CONFIG_IS_ENABLED() macro, which provides more convenient way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs for both SPL and U-Boot proper. CONFIG_IS_ENABLED(DM_I2C) expands to: - 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y', - 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y', - 0 otherwise. All occurences were replaced automatically using these bash cmds: $ find . -type f -exec sed -i 's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} + $ find . -type f -exec sed -i 's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} + $ find . -type f -exec sed -i 's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} + $ find . -type f -exec sed -i 's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} + $ find . -type f -exec sed -i 's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} + $ find . -type f -exec sed -i 's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} + Reviewed-by: Heiko Schocher <hs@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-12-18cmd: Drop use of old sequence numbers in commandsSimon Glass1-1/+1
Several commands use sequence numbers. Update them to use the new ones. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-18dm: Avoid accessing seq directlySimon Glass1-2/+2
At present various drivers etc. access the device's 'seq' member directly. This makes it harder to change the meaning of that member. Change access to go through a function instead. The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13dm: treewide: Rename 'platdata' variables to just 'plat'Simon Glass1-2/+2
We use 'priv' for private data but often use 'platdata' for platform data. We can't really use 'pdata' since that is ambiguous (it could mean private or platform data). Rename some of the latter variables to end with 'plat' for consistency. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop linux/delay.h from common headerSimon Glass1-0/+1
Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop log.h from common headerSimon Glass1-0/+1
Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18command: Remove the cmd_tbl_t typedefSimon Glass1-24/+37
We should not use typedefs in U-Boot. They cannot be used as forward declarations which means that header files must include the full header to access them. Drop the typedef and rename the struct to remove the _s suffix which is now not useful. This requires quite a few header-file additions. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-12-02crc32: Use the crc.h header for crc functionsSimon Glass1-0/+1
Drop inclusion of crc.h in common.h and use the correct header directly instead. With this we can drop the conflicting definition in fw_env.h and rely on the crc.h header, which is already included. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02crc: Fix code style with crc functionsSimon Glass1-1/+1
Some of these have a space before the bracket. Drop it to fix the style. Add some missing function comments while here. Note that u32 and u8 cannot be used here since crc.h is included on the host side. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-08-11env: Drop environment.h header file where not neededSimon Glass1-1/+0
This header file is now only used by files that access internal environment features. Drop it from various places where it is not needed. Acked-by: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Simon Glass <sjg@chromium.org>
2018-12-10cmd: i2c: Fix help output of i2c command.Christoph Muellner1-0/+1
In case SYS_I2C or DM_I2C are defined, then the "i2c " prefix of the "i2c crc32" command is missing. This patch addresses this, so that users can't get confused by the "crc32" command. Without the patch we get => i2c help i2c - I2C sub-system Usage: i2c bus [muxtype:muxaddr:muxchannel] - show I2C bus info crc32 chip address[.0, .1, .2] count - compute CRC32 checksum i2c dev [dev] - show or set current I2C bus [...] With the patch we get => i2c help i2c - I2C sub-system Usage: i2c bus [muxtype:muxaddr:muxchannel] - show I2C bus info i2c crc32 chip address[.0, .1, .2] count - compute CRC32 checksum i2c dev [dev] - show or set current I2C bus ... Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com> Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Reviewed-by: Heiko Schocher <hs@denx.de>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini1-2/+1
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-04-27Remove unnecessary instances of DECLARE_GLOBAL_DATA_PTRTom Rini1-2/+0
We have a large number of places where while we historically referenced gd in the code we no longer do, as well as cases where the code added that line "just in case" during development and never dropped it. Signed-off-by: Tom Rini <trini@konsulko.com>
2017-12-07cmd: i2c: Fix use sdram sub command with CONFIG_DM_I2CNobuhiro Iwamatsu1-2/+12
sdram sub command of i2c command does not support Drivers Model. This adds Drivers Model support to sdram sub command. Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
2017-03-28i2c: Set default I2C bus numberLukasz Majewski1-0/+10
This patch allows using i2c commands (e.g. "i2c probe", "i2c md", etc) without the need to first select the bus number with e.g. "i2c dev 0". This is the "i2c" command behavior similar to the one from pre DM, where by default bus 0 was immediately accessible. Signed-off-by: Lukasz Majewski <lukma@denx.de>
2016-07-16Various, unrelated tree-wide typo fixes.Robert P. J. Day1-1/+1
Fix a number of typos, including: * "compatble" -> "compatible" * "eanbeld" -> "enabled" * "envrionment" -> "environment" * "FTD" -> "FDT" (for "flattened device tree") * "ommitted" -> "omitted" * "overriden" -> "overridden" * "partiton" -> "partition" * "propogate" -> "propagate" * "resourse" -> "resource" * "rest in piece" -> "rest in peace" * "suport" -> "support" * "varible" -> "variable" Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
2016-02-22i2c: spd: Extend SPD memory typesMichal Simek1-1/+13
Decode DDR, DDR3 and DDR4 memories. Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2016-01-25Remove the cmd_ prefix from command filesSimon Glass1-0/+2030
Now that they are in their own directory, we can remove this prefix. This makes it easier to find a file since the prefix does not get in the way. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Heiko Schocher <hs@denx.de> Acked-by: Stefan Roese <sr@denx.de> Acked-by: Przemyslaw Marczak <p.marczak@samsung.com>