Re: [PATCH 5 of 7] Add dynamic device tree manipulation & change uboot loader for PPC bamboo board model

[Anthony Liguori <anthony@codemonkey.ws>]

Jerone Young wrote:
> # HG changeset patch
> # User Jerone Young <jyoung5@us.ibm.com>
> # Date 1205953012 18000
> # Branch merge
> # Node ID 8e9da5ddf159eb6cf5a292ccbf5f735103b493ef
> # Parent  03925441312877b8350e4af68e475d5d746304d4
> Add dynamic device tree manipulation & change uboot loader for PPC bamboo board model
>
> This patch adds code to dynamically manipulate the device tree when loaded into memory. This allows us to finally have the ability to manipulate the kernel command line & initrd from the qemu command line. This will also let us setup different settings for the board.
>
> This patch also now uses new uboot loader load_uimage() to load kernel image.
>
> Signed-off-by: Jerone Young <jyoung5@us.ibm.com>
>
> diff --git a/qemu/Makefile.target b/qemu/Makefile.target
> --- a/qemu/Makefile.target
> +++ b/qemu/Makefile.target
> @@ -617,7 +617,7 @@ OBJS+= unin_pci.o ppc_chrp.o
>  OBJS+= unin_pci.o ppc_chrp.o
>  # PowerPC 4xx boards
>  OBJS+= pflash_cfi02.o ppc4xx_devs.o ppc405_uc.o ppc405_boards.o
> -OBJS+= ppc440.o ppc440_bamboo.o
> +OBJS+= ppc440.o ppc440_bamboo.o device_tree.o
>  endif
>  ifeq ($(TARGET_BASE_ARCH), mips)
>  OBJS+= mips_r4k.o mips_malta.o mips_pica61.o mips_mipssim.o
> diff --git a/qemu/hw/device_tree.c b/qemu/hw/device_tree.c
> new file mode 100644
> --- /dev/null
> +++ b/qemu/hw/device_tree.c
> @@ -0,0 +1,181 @@
> +/*
> + * Functions to help device tree manipulation using libfdt.
> + * It also provides functions to read entries from device tree proc
> + * interface.
> + *
> + * Copyright 2008 IBM Corporation.
> + * Authors: Jerone Young <jyoung5@us.ibm.com>
> + *
> + * This work is licensed under the GNU GPL license version 2 or later.
> + *
> + */
> +
> +#include <stdio.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <stdlib.h>
> +
> +#include "config.h"
> +#include "ppc440.h"
> +
> +#ifdef CONFIG_LIBFDT
> +#include "libfdt.h"
> +#endif
> +
> +#define DT_PROC_INTERFACE_PATH "/proc/device-tree"
> +
> +/* FUNCTIONS FOR READING FROM DEVICE TREE OF HOST IN /PROC */
> +
> +/* This function reads device-tree property files that are of
> + * a single cell size
> + */
> +uint32_t read_proc_dt_prop_cell(char *path_in_device_tree)
> +{
> +	char *buf = NULL;
> +	int i;
> +	uint32_t num;
> +	FILE *stream;
> +
> +	i = snprintf(buf, 0, "%s/%s", DT_PROC_INTERFACE_PATH,
> +		path_in_device_tree);
> +
> +	buf = (char *)malloc(i);
> +	if (buf == NULL) {
> +		printf("%s: Unable to malloc string buffer buf\n",
> +			__func__);
> +		exit(1);
> +	}
> +
> +	i = snprintf(buf, i+1, "%s/%s",  DT_PROC_INTERFACE_PATH,
> +		path_in_device_tree);
>   

asprintf() is the right thing to do here.  You allocate 'i' bytes but 
then snprintf() to 'i + 1' bytes, that's a buffer overflow.

> +fail:
> +	if (dt_file) 
> +		qemu_free(dt_file);
> +	return NULL;
> +}
> +
> +void dump_device_tree_to_file(void *fdt, char *filename)
> +{
> +	int fd;
> +	fd = open(filename, O_RDWR|O_CREAT);
>   

Need to pass a permission mask when using O_CREAT.

Regards,

Anthony LIguori

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/