Commit graph

730 commits

Author SHA1 Message Date
Anton Blanchard
2e53f9d2f0 Catch unsigned 32bit overflow when parsing flattened device tree offsets
We have a couple of checks of the form:

    if (offset+size > totalsize)
        die();

We need to check that offset+size doesn't overflow, otherwise the check
will pass, and we may access past totalsize.

Found with AFL.

Signed-off-by: Anton Blanchard <anton@samba.org>
[Added a testcase]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-02-19 01:08:46 +11:00
David Gibson
b06e55c88b Prevent crash on modulo by zero
1937095 "Prevent crash on division by zero" fixed a crash when attempting
a division by zero using the / operator in a dts.  However, it missed the
precisely equivalent crash with the % (modulus) operator.  This patch fixes
the oversight.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-12 19:27:25 +11:00
David Gibson
b43345039b Fix some bugs in processing of line directives
In order to work with preprocessed dts files more easily, dts will parse
line number information in the form emitted by cpp.

Anton Blanchard (using a fuzzer) reported that including a line number
directive with a nul character (a literal nul in the input file, not a \0
sequence) would cause dtc to SEGV.  I spotted several more problems on
examining the code:
    * It modified yytext in place which seems to work, but is ugly and I'm
      not sure if it's safe on all lex/flex versions
    * The regexp used in the lexer to recognize line number information
      accepts strings with escape characters, but it won't process these
      escapes.
        - GNU cpp at least, will generate \ escapes in line number
          information, at least with files containing " or \ in the name

This patch reworks the handling of line number information to address
these problems.  \ escapes should now be handled directly.  nuls in file
names (either with a literal nul in the input file, or with a \0 escape
sequence) are still not permitted, but will now result in a lexical error
rather than a SEGV.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-04 22:56:39 +11:00
David Gibson
d728ad59f5 Fix crash on nul character in string escape sequence
If a dts file contains a string with \ followed by a nul byte - an actual
nul in the input file, not the \\0 escape - then the assert() in
get_escape_char() will trip, crashing dtc.

As far as I can tell, there isn't any valid need for this assert(), so just
remove it.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-03 23:01:24 +11:00
David Gibson
1ab2205a6f Gracefully handle bad octal literals
The code handling integer literals in dtc-lexer.l assumes that the flex
regexp means that strtoull() can't fail to interpret the string as a valid
integer (either decimal, octal, or hexadecimal).  This is not true for
octals.  For example '09' is accepted as a literal by the regexp,
strtoull() attempts to handle it as octal, but it has a bad digit.

This changes the code to give a more useful error in this case.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-03 22:54:37 +11:00
David Gibson
1937095588 Prevent crash on division by zero
Currently, attempting to divide by zero in an integer expression in a dts
file will cause dtc to crash with a division by zero (SIGFPE).

This patch corrects this to properly detect this case and raise an error.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-03 22:27:32 +11:00
David Gibson
d0b3ab0a0f libfdt: Fix undefined behaviour in fdt_offset_ptr()
Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C.  Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.

To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-12-17 17:19:11 +11:00
Courtney Cavin
d4c7c25c9e libfdt: check for potential overrun in _fdt_splice()
This patch catches the conditions where:
 - 'splicepoint' is set to a point outside of [ fdt, fdt_totalsize(fdt) )
 - 'newlen' is negative, or 'splicepoint' plus 'newlen' results in overflow

Either of these cases can be caused by math which overflows in calling
functions, or by sizes specified through dynamic means.

Signed-off-by: Courtney Cavin <courtney.cavin@sonymobile.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
2015-12-02 13:11:11 +11:00
David Gibson
f58799be13 libfdt: Add some missing symbols to version.lds
Several functions in the header file were missing from the version.lds
script, meaning that they couldn't be used from a libfdt shared library.

Reported by Ken Aaker, via github issue tracker.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-12-01 12:55:21 +11:00
David Gibson
af9f26d1e5 Remove duplicated -Werror in dtc Makefile
The "-Werror" compiler flag is currently declared twice in the
Makefile, one time in WARNINGS, and one time in CFLAGS. Let's
remove one of them.

Signed-off-by: Thomas Huth <thuth@redhat.com>
[Moved remaining -Werror from WARNINGS to CFLAGS --dwg]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-11-16 23:45:36 +11:00
Thierry Reding
604e61e081 fdt: Add functions to retrieve strings
Given a device tree node, a property name and an index, the new function
fdt_stringlist_get() will return a pointer to the index'th string in the
property's value and return its length (or an error code on failure) in
an output argument.

Signed-off-by: Thierry Reding <treding@nvidia.com>
[Fix some -Wshadow warnings --dwg]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-30 13:26:31 +10:00
Thierry Reding
8702bd1d3b fdt: Add a function to get the index of a string
The new fdt_stringlist_search() function will look up a given string in
the list contained in the value of a named property of a given device
tree node and return its index.

Signed-off-by: Thierry Reding <treding@nvidia.com>
[Fix some -Wshadow warnings --dwg]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-30 13:26:18 +10:00
Thierry Reding
2218387a8c fdt: Add a function to count strings
Given a device tree node and a property name, the fdt_stringlist_count()
function counts the number of strings found in the property value.

This also adds a new error code, FDT_ERR_BADVALUE, that the function
returns when it encounters a non-NUL-terminated string list.

Signed-off-by: Thierry Reding <treding@nvidia.com>
[Changed testcase name --dwg]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-30 13:16:35 +10:00
Masahiro Yamada
554fde2c77 libfdt: fix comment block of fdt_get_property_namelen()
The statement "Identical to fdt_get_property_namelen() ..." does not
make sense for the comment of fdt_get_property_namelen() itself.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-08-27 17:14:15 +10:00
David Gibson
e5e6df7c37 fdtdump: Fix bug printing bytestrings with negative values
On systems where 'char' is signed, fdtdump will currently print the wrong
thing on properties containing bytestring values with "negative" bytes
(that is with values from 0x80..0xff).  The fdtdump testcase is extended
to cover this case too.

This corrects the problem by forcing use of unsigned char - although this
is perhaps another indication that fdtdump is a buggy hack and if you want
to do real work you should use dtc -O dts.

Reported-by: Igor Prusov <Igor.V.Prusov@mcst.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-07-09 13:47:19 +10:00
David Gibson
067829ea5f Remove redundant fdtdump test code
The overall test runner script, for the fdtdump tests invokes the helper
script fdtdump-runtest.sh.  It then includes directly some code very
similar to fdtdump-runtest.sh, which is never reached due to a "return".

Remove the never-reached test code.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-07-09 13:41:21 +10:00
David Gibson
897a429199 Move fdt_path_offset alias tests to right tests section
The test script includes several specific tests for the handling of aliases
in fdt_path_offset().  These are primarily tests of the fdt_path_offset()
libfdt function itself, although dtc is used to generate a test file for
convenience.

Move these from the dtc tests section to the libfdt tests section
accordingly.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-07-09 13:29:42 +10:00
David Gibson
2d1417cd9e Add simple .travis.yml
This adds the .travis.yml file allowing for dtc building and testing in
the Travis Continuous Integration system.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-07-02 12:36:12 +10:00
Andre Przywara
f6dbc6ca96 guess output file format
If no output file type is specified via the -O parameter, guess the
desired file type by looking at the file name extension.
If that provides no useful hints, assume "dtb" as long as the input
type is "dts". Any other input type will lead to "dts" being used as
the guessed output type.
Any explicit specification of the output type will skip this guessing.

Signed-off-by: Andre Przywara <osp@andrep.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-07-01 13:34:11 +10:00
Andre Przywara
5e78dff424 guess input file format based on file content or file name
Always needing to specify the input file format can be quite
annoying, especially since a dtb is easily detected by its magic.
Looking at the file name extension sounds useful as a hint, too.

Add heuristic file type guessing of the input file format in case
none has been specified on the command line.
The heuristics are as follows (in that order):
- Any issues with opening the file drop back to the current default
behaviour.
- A directory will be treated as the /proc/device-tree type.
- If the first 4 bytes are the DTB magic, assume "dtb".
- If no other test succeeded so far, use a file name based
guessing method: if the filename ends with .dts or .DTS, device tree
source text is assumed, .dtb or .DTB hint at a device tree blob.

For the majority of practical use cases this gets rid of the tedious
-I specification on the command line and simplifies actual typing of
dtc command lines.
Any explicit specification of the input type by using -I still avoids
any guessing, which resembles the current behaviour.

Signed-off-by: Andre Przywara <osp@andrep.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-07-01 13:34:11 +10:00
Mike Frysinger
8b927bf3b8 tests: convert echo -n to printf
The -n option is not standard in POSIX, so convert to printf which should
work the same in every shell.

Signed-off-by: Mike Frysinger <vapier@chromium.org>
2015-05-25 13:32:47 +10:00
Jack Miller
64c46b098b Fix crash with poorly defined #size-cells
If you have a parent block with #size-cells improperly set to 0, and
then subsequently try to include a regs property in the child, dtc will
crash with SIGFPE while validating it. This patch fixes that crash,
instead printing the same invalid length warning that was causing it.

Test included.

Signed-off-by: Jack Miller <jack@codezen.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-04-30 10:55:41 +10:00
David Gibson
9d3649bd3b Add testcases for fdt_path_offset_namelen()
This extends the path_offset testcase to exercise the
fdt_path_offset_namelen() function.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-04-07 14:41:42 +10:00
David Gibson
ecd4f9d125 Extend path_offset testcase for handling of duplicated separators
Paths with multiple '/' characters in a row (e.g. //somenode//somsubnode),
or trailing '/' characters (e.g. '/somenode/somesubnode/') should be
handled by fdt_path_offset(), and treated as equivalent to
/somenode/somesubnode.

Our current path_offset testcase doesn't check for these cases, so extend
it so it does.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-04-07 14:25:39 +10:00
David Gibson
5fa047f498 Use a helper function to clean up path_offset testcase
This introduces a check_path_offset() helper function into the path_offset
testcase to simplify it.  This will also make extending the test case with
tests for path_offset_namelen() and some edge cases easier.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-04-07 14:20:33 +10:00
Peter Hurley
b4150b59ae libfdt: Add fdt_path_offset_namelen()
Properties may contain path names which are not NUL-terminated.
For example, the 'stdout-path' property allows the form 'path:options',
where the ':' character terminates the path specifier.

Allow these path names to be used in-place for path descending;
add fdt_path_offset_namelen(), which limits the path name to 'namelen'
characters.

Reimplement fdt_path_offset() as a trivial wrapper.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
2015-04-07 14:11:47 +10:00
Julien Grall
a4b093f736 libfdt: Add missing functions to shared library
The commit 4e76ec7 "libfdt: Add fdt_next_subnode() to permit easy
subnode iteration" adds new functions (fdt_{first,next}_subnode) but
forgot to mark them as 'global' in the shared library.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
2015-03-18 11:40:19 +11:00
Nikhil Devshatwar
3346e065aa dtc: parser: Add label while overriding nodes
This patch changes the dtc grammar to allow following syntax

i2cexp: &i2c2 {
    ...
};

Current device tree compiler allows to define multiple labels when defining
the device node the first time. Typically device nodes are defined in
DTSI files. Now these nodes can be overwritten for updating some of the
properties. Typically, device nodes are overridden in DTS files.

When working with adapter boards, most of the time adapter board can fit to
multiple base boards. But depending on which base board it is connected to,
the devices on the adapter board would be children of different devices.

e.g. On dra7-evm.dts, i2c2 is exported for expansion connector whereas
on dra72-evm.dts, i2c5 is exported for expansion connector.
This causes a problem when writing a generic device tree file for
the adapter board. Because, you cannot know whether all the devices on
adapter board are present on i2c or i2c5.

The problem can be solved by adding a common label (e.g. i2cexp) in both
of the DTS files when overriding the device nodes for i2c2 or i2c5.
This way, generic adapter board file would override the i2cexp. And
depending on which base board you use the adapter board, all the devices
are automatically added for correct device nodes.

Signed-off-by: Nikhil Devshatwar <nikhil.nd@ti.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-02-23 12:29:36 +11:00
Wang Long
aa719618a8 fdtput: add delete node and property function
add the delete node and property function for fdtput.

usage:
1) delete nodes
   fdtput -r <options> <dt file> [<node>...]
2) delete properties
   fdtput -d <options> <dt file> <node> [<property>...]

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2015-01-27 19:30:19 +11:00
Colin Ian King
5ef2f7c2fa dtc: Use va_end to match corresponding va_start
Although on some systems va_end is a no-op, it is good practice
to use va_end, especially since the manual states:

"Each invocation of va_start() must be matched by a corresponding
invocation of va_end() in the same function."

Signed-off-by: Colin Ian King <colin.king@canonical.com>
2015-01-13 16:28:25 +11:00
David Gibson
302fca9f4c dtc: Bump version to 1.4.1
Bump version number in preparation for a release.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-11-12 14:29:16 +11:00
David Gibson
656bd3b6b9 dtc: Add maintainer script for signing and upload to kernel.org
This patch adds scripts/kup-dtc which builds a tarball from a specified git
tag, signs it and uploads to kernel.org with kup.  This is useful only for
dtc maintainers.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-11-12 14:27:02 +11:00
Phil Elwell
242c264270 Improve portability
1) Remove the double parentheses around two comparisons in checks.c.
   The OSX LLVM-based C compiler warns about them.
2) Put an explicit "=" in the TN() macro, in accordance with c99.

Signed-off-by: Phil Elwell <phil@raspberrypi.org>
2014-10-24 11:45:41 +02:00
Wang Long
6a76a9d30c dtc: Delete the unused start condition INCLUDE
The scanners of the latest version of dtc and
convert-dtsv0 are no longer use start condition
"INCLUDE". so we should delete it.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2014-09-26 12:14:49 +10:00
Wang Long
1e5ddb1f39 dtc: Update the usage helper message
if #define DEFAULT_FDT_VERSION     17
The message
	Blob version to produce, defaults to %d (for dtb and asm output)
should be
	Blob version to produce, defaults to 17 (for dtb and asm output)

This patch fix it, and delete the redundant 't'.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2014-09-11 23:27:41 +10:00
Jack Miller
5d4a8b9c4c Properly handle embedded nul delimited string lists
For example:

reserved-names="res1\0res2\0res3";

Where \0 is an actual embedded NUL in the source instead of a string
escape. To achieve this, use the len given by the lexer instead of
strlen.

Without this patch dtc will mangle the output and possibly hang on
realloc.
2014-08-08 19:17:31 +10:00
Andrei Errapart
f9e91a48ba Work around MSVC limitations
1) No variadic macros in the form "args..."; this is a GCC extension.
2) No empty struct initializers. In any case, there is very little to win:
   { } vs. { 0 }.

Signed-off-by: Andrei Errapart <andrei@errapartengineering.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-06-19 21:12:38 +10:00
Andrei Errapart
83e606a64d Open binary files in binary mode
The "b" flag to fopen() is generally a no-op on Unix-like systems, but may
be important on other systems, including Windows.

Signed-off-by: Andrei Errapart <andrei@errapartengineering.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-06-19 21:12:31 +10:00
Andrei Errapart
25a9bd6267 Correct write_propval_bytes() for platforms with signed char by default
Some platforms (including the Microsoft C compiler) have char defaulting
to signed.  write_propval_bytes() in the -O dts code will not behave
correctly in this case, due to sign extension.

Signed-off-by: Andrei Errapart <andrei@errapartengineering.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-06-19 21:05:34 +10:00
David Gibson
fa928fba7e Fix an off-by-2 error in the source output code
This has been there for ages, but the assertion makes no sense in the
context of the test immediately preceding it.  This caused an abort()
when in -I dts -O dts mode with the right sort of internal labels in a
string property value.

Add a testcase for this and another candidate edge case (though this one
we already get right).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-06-18 22:49:43 +10:00
Simon Glass
76a65b14d1 Add a basic test for fdtdump
We can test fdtdump by comparing its output with the source file that was
compiled by dtc. Add a simple test that should at least catch regressions
in basic functionality.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-06-18 21:24:48 +10:00
Simon Glass
c78ca72e1e Tweak code to display cell values
Move the division out of the loop; this seems slightly cleaner.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-18 21:02:51 +10:00
Simon Glass
dfcfb7f169 Correct output from memreserve in fdtdump
This currently displays a hex value without the 0x prefix. Add the prefix
as dtc requires it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-18 21:02:51 +10:00
David Gibson
40f7f576c8 libfdt: Add helpers to read #address-cells and #size-cells
This patch makes a small start on libfdt functions which actually help to
parse the contents of device trees, rather than purely manipulating the
tree's structure.

We add simple helpers to read and sanity check the #address-cells and
#size-cells values for a given node.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-05-12 16:01:09 +10:00
David Gibson
f240527e54 Fix bug with references to root node
At present, the lexer token for references to a path doesn't permit a
reference to the root node &{/}.  Fixing the lexer exposes another bug
handling this case.

This patch fixes both bugs and adds testcases.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-05-09 20:48:49 +10:00
Heinrich Schuchardt
55a3a8823d Update source code location for dtc in manual.txt
The information about the location of the source code of the
device tree compiler was inaccurate.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-03-03 10:51:24 +11:00
Heinrich Schuchardt
9bf20d3896 Remove duplicate assignment
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-03 10:37:30 +11:00
Heinrich Schuchardt
8ce36476ae Consistently use xrealloc instead of realloc
fdtput.c:
Replace the remaining call to realloc by xrealloc.
Some redundant lines in encode_value can be saved.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-03 10:37:30 +11:00
Heinrich Schuchardt
821acd4c17 Remove dead code in util.c
xrealloc never returns null

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-02 11:45:25 +11:00
David Gibson
aba74ddba2 Remove references to unused DT_BASE token
Also remove the cbase bison union member that was only used for it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2014-02-15 19:47:23 +11:00