1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
/*
* (C) Copyright 2000
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
*
* Add to readline cmdline-editing by
* (C) Copyright 2005
* JinHua Luo, GuangDong Linux Center, <luo.jinhua@gd-linux.com>
*
* SPDX-License-Identifier: GPL-2.0+
*/
#include <common.h>
#include <cli.h>
#include <cli_hush.h>
#include <fdtdec.h>
#include <malloc.h>
DECLARE_GLOBAL_DATA_PTR;
/*
* Run a command using the selected parser.
*
* @param cmd Command to run
* @param flag Execution flags (CMD_FLAG_...)
* @return 0 on success, or != 0 on error.
*/
int run_command(const char *cmd, int flag)
{
#ifndef CONFIG_SYS_HUSH_PARSER
/*
* cli_run_command can return 0 or 1 for success, so clean up
* its result.
*/
if (cli_simple_run_command(cmd, flag) == -1)
return 1;
return 0;
#else
int hush_flags = FLAG_PARSE_SEMICOLON | FLAG_EXIT_FROM_LOOP;
if (flag & CMD_FLAG_ENV)
hush_flags |= FLAG_CONT_ON_NEWLINE;
return parse_string_outer(cmd, hush_flags);
#endif
}
/*
* Run a command using the selected parser, and check if it is repeatable.
*
* @param cmd Command to run
* @param flag Execution flags (CMD_FLAG_...)
* @return 0 (not repeatable) or 1 (repeatable) on success, -1 on error.
*/
int run_command_repeatable(const char *cmd, int flag)
{
#ifndef CONFIG_SYS_HUSH_PARSER
return cli_simple_run_command(cmd, flag);
#else
/*
* parse_string_outer() returns 1 for failure, so clean up
* its result.
*/
if (parse_string_outer(cmd,
FLAG_PARSE_SEMICOLON | FLAG_EXIT_FROM_LOOP))
return -1;
return 0;
#endif
}
int run_command_list(const char *cmd, int len, int flag)
{
int need_buff = 1;
char *buff = (char *)cmd; /* cast away const */
int rcode = 0;
if (len == -1) {
len = strlen(cmd);
#ifdef CONFIG_SYS_HUSH_PARSER
/* hush will never change our string */
need_buff = 0;
#else
/* the built-in parser will change our string if it sees \n */
need_buff = strchr(cmd, '\n') != NULL;
#endif
}
if (need_buff) {
buff = malloc(len + 1);
if (!buff)
return 1;
memcpy(buff, cmd, len);
buff[len] = '\0';
}
#ifdef CONFIG_SYS_HUSH_PARSER
rcode = parse_string_outer(buff, FLAG_PARSE_SEMICOLON);
#else
/*
* This function will overwrite any \n it sees with a \0, which
* is why it can't work with a const char *. Here we are making
* using of internal knowledge of this function, to avoid always
* doing a malloc() which is actually required only in a case that
* is pretty rare.
*/
rcode = cli_simple_run_command_list(buff, flag);
#endif
if (need_buff)
free(buff);
return rcode;
}
/****************************************************************************/
#if defined(CONFIG_CMD_RUN)
int do_run(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
int i;
if (argc < 2)
return CMD_RET_USAGE;
for (i = 1; i < argc; ++i) {
char *arg;
arg = getenv(argv[i]);
if (arg == NULL) {
printf("## Error: \"%s\" not defined\n", argv[i]);
return 1;
}
if (run_command(arg, flag | CMD_FLAG_ENV) != 0)
return 1;
}
return 0;
}
#endif
#ifdef CONFIG_OF_CONTROL
bool cli_process_fdt(const char **cmdp)
{
/* Allow the fdt to override the boot command */
char *env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd");
if (env)
*cmdp = env;
/*
* If the bootsecure option was chosen, use secure_boot_cmd().
* Always use 'env' in this case, since bootsecure requres that the
* bootcmd was specified in the FDT too.
*/
return fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0) != 0;
}
/*
* Runs the given boot command securely. Specifically:
* - Doesn't run the command with the shell (run_command or parse_string_outer),
* since that's a lot of code surface that an attacker might exploit.
* Because of this, we don't do any argument parsing--the secure boot command
* has to be a full-fledged u-boot command.
* - Doesn't check for keypresses before booting, since that could be a
* security hole; also disables Ctrl-C.
* - Doesn't allow the command to return.
*
* Upon any failures, this function will drop into an infinite loop after
* printing the error message to console.
*/
void cli_secure_boot_cmd(const char *cmd)
{
cmd_tbl_t *cmdtp;
int rc;
if (!cmd) {
printf("## Error: Secure boot command not specified\n");
goto err;
}
/* Disable Ctrl-C just in case some command is used that checks it. */
disable_ctrlc(1);
/* Find the command directly. */
cmdtp = find_cmd(cmd);
if (!cmdtp) {
printf("## Error: \"%s\" not defined\n", cmd);
goto err;
}
/* Run the command, forcing no flags and faking argc and argv. */
rc = (cmdtp->cmd)(cmdtp, 0, 1, (char **)&cmd);
/* Shouldn't ever return from boot command. */
printf("## Error: \"%s\" returned (code %d)\n", cmd, rc);
err:
/*
* Not a whole lot to do here. Rebooting won't help much, since we'll
* just end up right back here. Just loop.
*/
hang();
}
#endif /* CONFIG_OF_CONTROL */
void cli_loop(void)
{
#ifdef CONFIG_SYS_HUSH_PARSER
parse_file_outer();
/* This point is never reached */
for (;;);
#else
cli_simple_loop();
#endif /*CONFIG_SYS_HUSH_PARSER*/
}
void cli_init(void)
{
#ifdef CONFIG_SYS_HUSH_PARSER
u_boot_hush_start();
#endif
#if defined(CONFIG_HUSH_INIT_VAR)
hush_init_var();
#endif
}
|