u-boot/examples/standalone/stubs.c
Wolfgang Denk 54841ab50c Make sure that argv[] argument pointers are not modified.
The hush shell dynamically allocates (and re-allocates) memory for the
argument strings in the "char *argv[]" argument vector passed to
commands.  Any code that modifies these pointers will cause serious
corruption of the malloc data structures and crash U-Boot, so make
sure the compiler can check that no such modifications are being done
by changing the code into "char * const argv[]".

This modification is the result of debugging a strange crash caused
after adding a new command, which used the following argument
processing code which has been working perfectly fine in all Unix
systems since version 6 - but not so in U-Boot:

int main (int argc, char **argv)
{
	while (--argc > 0 && **++argv == '-') {
/* ====> */	while (*++*argv) {
			switch (**argv) {
			case 'd':
				debug++;
				break;
			...
			default:
				usage ();
			}
		}
	}
	...
}

The line marked "====>" will corrupt the malloc data structures and
usually cause U-Boot to crash when the next command gets executed by
the shell.  With the modification, the compiler will prevent this with
an
	error: increment of read-only location '*argv'

N.B.: The code above can be trivially rewritten like this:

	while (--argc > 0 && **++argv == '-') {
		char *arg = *argv;
		while (*++arg) {
			switch (*arg) {
			...

Signed-off-by: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
2010-07-04 23:55:42 +02:00

208 lines
5.4 KiB
C

#include <exports.h>
#ifndef GCC_VERSION
#define GCC_VERSION (__GNUC__ * 1000 + __GNUC_MINOR__)
#endif /* GCC_VERSION */
#if defined(CONFIG_I386)
/*
* x86 does not have a dedicated register to store the pointer to
* the global_data. Thus the jump table address is stored in a
* global variable, but such approach does not allow for execution
* from flash memory. The global_data address is passed as argv[-1]
* to the application program.
*/
static void **jt;
gd_t *global_data;
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" movl %0, %%eax\n" \
" movl jt, %%ecx\n" \
" jmp *(%%ecx, %%eax)\n" \
: : "i"(XF_ ## x * sizeof(void *)) : "eax", "ecx");
#elif defined(CONFIG_PPC)
/*
* r2 holds the pointer to the global_data, r11 is a call-clobbered
* register
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" lwz %%r11, %0(%%r2)\n" \
" lwz %%r11, %1(%%r11)\n" \
" mtctr %%r11\n" \
" bctr\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "r11");
#elif defined(CONFIG_ARM)
/*
* r8 holds the pointer to the global_data, ip is a call-clobbered
* register
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" ldr ip, [r8, %0]\n" \
" ldr pc, [ip, %1]\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "ip");
#elif defined(CONFIG_MIPS)
/*
* k0 ($26) holds the pointer to the global_data; t9 ($25) is a call-
* clobbered register that is also used to set gp ($26). Note that the
* jr instruction also executes the instruction immediately following
* it; however, GCC/mips generates an additional `nop' after each asm
* statement
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" lw $25, %0($26)\n" \
" lw $25, %1($25)\n" \
" jr $25\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "t9");
#elif defined(CONFIG_NIOS2)
/*
* gp holds the pointer to the global_data, r8 is call-clobbered
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" movhi r8, %%hi(%0)\n" \
" ori r8, r0, %%lo(%0)\n" \
" add r8, r8, gp\n" \
" ldw r8, 0(r8)\n" \
" ldw r8, %1(r8)\n" \
" jmp r8\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "gp");
#elif defined(CONFIG_M68K)
/*
* d7 holds the pointer to the global_data, a0 is a call-clobbered
* register
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" move.l %%d7, %%a0\n" \
" adda.l %0, %%a0\n" \
" move.l (%%a0), %%a0\n" \
" adda.l %1, %%a0\n" \
" move.l (%%a0), %%a0\n" \
" jmp (%%a0)\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "a0");
#elif defined(CONFIG_MICROBLAZE)
/*
* r31 holds the pointer to the global_data. r5 is a call-clobbered.
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl " #x "\n" \
#x ":\n" \
" lwi r5, r31, %0\n" \
" lwi r5, r5, %1\n" \
" bra r5\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "r5");
#elif defined(CONFIG_BLACKFIN)
/*
* P3 holds the pointer to the global_data, P0 is a call-clobbered
* register
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .globl _" #x "\n_" \
#x ":\n" \
" P0 = [P3 + %0]\n" \
" P0 = [P0 + %1]\n" \
" JUMP (P0)\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "P0");
#elif defined(CONFIG_AVR32)
/*
* r6 holds the pointer to the global_data. r8 is call clobbered.
*/
#define EXPORT_FUNC(x) \
asm volatile( \
" .globl\t" #x "\n" \
#x ":\n" \
" ld.w r8, r6[%0]\n" \
" ld.w pc, r8[%1]\n" \
: \
: "i"(offsetof(gd_t, jt)), "i"(XF_ ##x) \
: "r8");
#elif defined(CONFIG_SH)
/*
* r13 holds the pointer to the global_data. r1 is a call clobbered.
*/
#define EXPORT_FUNC(x) \
asm volatile ( \
" .align 2\n" \
" .globl " #x "\n" \
#x ":\n" \
" mov r13, r1\n" \
" add %0, r1\n" \
" mov.l @r1, r2\n" \
" add %1, r2\n" \
" mov.l @r2, r1\n" \
" jmp @r1\n" \
" nop\n" \
" nop\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "r1", "r2");
#elif defined(CONFIG_SPARC)
/*
* g7 holds the pointer to the global_data. g1 is call clobbered.
*/
#define EXPORT_FUNC(x) \
asm volatile( \
" .globl\t" #x "\n" \
#x ":\n" \
" set %0, %%g1\n" \
" or %%g1, %%g7, %%g1\n" \
" ld [%%g1], %%g1\n" \
" ld [%%g1 + %1], %%g1\n" \
" jmp %%g1\n" \
" nop\n" \
: : "i"(offsetof(gd_t, jt)), "i"(XF_ ## x * sizeof(void *)) : "g1" );
#else
#error stubs definition missing for this architecture
#endif
/* This function is necessary to prevent the compiler from
* generating prologue/epilogue, preparing stack frame etc.
* The stub functions are special, they do not use the stack
* frame passed to them, but pass it intact to the actual
* implementation. On the other hand, asm() statements with
* arguments can be used only inside the functions (gcc limitation)
*/
#if GCC_VERSION < 3004
static
#endif /* GCC_VERSION */
void __attribute__((unused)) dummy(void)
{
#include <_exports.h>
}
extern unsigned long __bss_start, _end;
void app_startup(char * const *argv)
{
unsigned char * cp = (unsigned char *) &__bss_start;
/* Zero out BSS */
while (cp < (unsigned char *)&_end) {
*cp++ = 0;
}
#if defined(CONFIG_I386)
/* x86 does not have a dedicated register for passing global_data */
global_data = (gd_t *)argv[-1];
jt = global_data->jt;
#endif
}
#undef EXPORT_FUNC