esp_rom: remove functions which depend on sizeof(struct stat)

...and all their callers. With the upcoming switch from sizeof(time_t)==4 to sizeof(time_t)==8, sizeof(struct stat) is also increasing. A few newlib functions present in ROM allocate 'struct stat' on the stack and call _fstat_r on this structure. The implementation of fstat is provided in ESP-IDF. This implementation will often do memset(st, 0, sizeof(*st)), where st is 'struct stat*', before setting some fields of this structure. If IDF is built with sizeof(st) different from sizeof(st) which ROM was built with, this will lead to an out-of-bounds write and a stack corruption. This commit removes problematic ROM functions from the linker script. Here are the functions which allocate 'struct stat': * _isatty_r (in ROM) * __swhatbuf_r, called by __smakebuf_r, called by __swsetup_r and __srefill_r (in ROM) * _fseeko_r (not in ROM) * glob2 (not in ROM) * _gettemp (not in ROM) As a result, these functions are used from libc.a, and use correct size of 'stat' structure. Closes https://github.com/espressif/esp-idf/issues/7980
2024-10-05 20:47:46 -04:00 · 2022-01-06 15:20:04 +01:00 · 2022-01-06 15:20:04 +01:00 · 24c20d188e
commit 24c20d188e
parent 5d47efb72d
12 changed files with 103 additions and 48 deletions
--- a/components/esp_rom/CMakeLists.txt
+++ b/components/esp_rom/CMakeLists.txt
@ -97,14 +97,15 @@ else() # Regular app build
                # then all time functions from the ROM memory will not be linked.
                # Instead, those functions can be used from the toolchain by ESP-IDF.
                rom_linker_script("newlib-time")
-            endif()

                # Include in newlib nano from ROM only if SPIRAM cache workaround is disabled
+                # and sizeof(time_t) == 4
                if(CONFIG_NEWLIB_NANO_FORMAT)
                    rom_linker_script("newlib-nano")
                endif()

            endif()
+        endif()

        if(NOT CONFIG_SPI_FLASH_ROM_DRIVER_PATCH)
            rom_linker_script("spiflash")
@ -119,10 +120,19 @@ else() # Regular app build
        rom_linker_script("newlib-data")
        rom_linker_script("spiflash")

+        if(NOT CONFIG_SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS)
+            # If SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS option is defined
+            # then all time functions from the ROM memory will not be linked.
+            # Instead, those functions can be used from the toolchain by ESP-IDF.
+
            if(CONFIG_NEWLIB_NANO_FORMAT)
                rom_linker_script("newlib-nano")
            endif()

+            rom_linker_script("newlib-time")
+        endif()
+
+
        # descirptors used by ROM code
        target_sources(${COMPONENT_LIB} PRIVATE "esp32s2/usb_descriptors.c")

@ -130,18 +140,34 @@ else() # Regular app build
        rom_linker_script("newlib")
        rom_linker_script("version")

+        if(NOT CONFIG_SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS)
+            # If SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS option is defined
+            # then all time functions from the ROM memory will not be linked.
+            # Instead, those functions can be used from the toolchain by ESP-IDF.
+
            if(CONFIG_NEWLIB_NANO_FORMAT)
                rom_linker_script("newlib-nano")
            endif()

+            rom_linker_script("newlib-time")
+        endif()
+
    elseif(target STREQUAL "esp32c3")
        rom_linker_script("newlib")
        rom_linker_script("version")

+        if(NOT CONFIG_SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS)
+            # If SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS option is defined
+            # then all time functions from the ROM memory will not be linked.
+            # Instead, those functions can be used from the toolchain by ESP-IDF.
+
            if(CONFIG_NEWLIB_NANO_FORMAT)
                rom_linker_script("newlib-nano")
            endif()

+            rom_linker_script("newlib-time")
+        endif()
+
        if(CONFIG_ESP32C3_REV_MIN_3)
            rom_linker_script("eco3")
        endif()
@ -150,19 +176,23 @@ else() # Regular app build
        rom_linker_script("newlib")
        rom_linker_script("version")

+        if(NOT CONFIG_SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS)
            if(CONFIG_NEWLIB_NANO_FORMAT)
                rom_linker_script("newlib-nano")
            endif()
+        endif()

    elseif(target STREQUAL "esp8684")
        rom_linker_script("newlib")
        rom_linker_script("version")
        rom_linker_script("mbedtls")

+        if(NOT CONFIG_SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS)
            if(CONFIG_NEWLIB_NANO_FORMAT)
                rom_linker_script("newlib-nano")
            endif()
        endif()
+    endif()

    if(CONFIG_IDF_TARGET_ARCH_XTENSA)
        target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=longjmp")
--- a/components/esp_rom/esp32/ld/esp32.rom.newlib-funcs.ld
+++ b/components/esp_rom/esp32/ld/esp32.rom.newlib-funcs.ld
@ -43,7 +43,6 @@ _getenv_r = 0x40001fbc;
 isalnum = 0x40000f04;
 isalpha = 0x40000f18;
 isascii = 0x4000c20c;
-_isatty_r = 0x40000ea0;
 isblank = 0x40000f2c;
 iscntrl = 0x40000f50;
 isdigit = 0x40000f64;
@ -77,14 +76,11 @@ __sfmoreglue = 0x40001dc8;
 __sfp = 0x40001e90;
 __sfp_lock_acquire = 0x40001e08;
 __sfp_lock_release = 0x40001e14;
-__sfvwrite_r = 0x4005893c;
 __sinit = 0x40001e38;
 __sinit_lock_acquire = 0x40001e20;
 __sinit_lock_release = 0x40001e2c;
-__smakebuf_r = 0x40059108;
 srand = 0x40001004;
 __sread = 0x40001118;
-__srefill_r = 0x400593d4;
 __sseek = 0x40001184;
 strcasecmp = 0x400011cc;
 strcasestr = 0x40001210;
@ -122,7 +118,6 @@ __submore = 0x40058f3c;
 __swbuf = 0x40058cb4;
 __swbuf_r = 0x40058bec;
 __swrite = 0x40001150;
-__swsetup_r = 0x40058cc8;
 toascii = 0x4000c720;
 tolower = 0x40001868;
 toupper = 0x40001884;
--- a/components/esp_rom/esp32/ld/esp32.rom.newlib-time.ld
+++ b/components/esp_rom/esp32/ld/esp32.rom.newlib-time.ld
@ -27,3 +27,12 @@ _timezone = 0x3ffae0a0;
 _tzname = 0x3ffae030;
 _daylight = 0x3ffae0a4;
 __month_lengths = 0x3ff9609c;
+
+/* These functions don't use time_t, but use other structures which include time_t.
+ * For example, 'struct stat' contains time_t.
+ */
+_isatty_r = 0x40000ea0;
+__sfvwrite_r = 0x4005893c;
+__smakebuf_r = 0x40059108;
+__srefill_r = 0x400593d4;
+__swsetup_r = 0x40058cc8;
--- a/components/esp_rom/esp32c3/ld/esp32c3.rom.newlib-time.ld
+++ b/components/esp_rom/esp32c3/ld/esp32c3.rom.newlib-time.ld
@ -0,0 +1,15 @@
+/*
+ * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/* These are the newlib functions and the .bss/.data symbols which are related to 'time_t'
+   or other structures which include 'time_t' (like 'struct stat').
+   These ROM functions were compiled with sizeof(time_t) == 4.
+   When compiling with sizeof(time_t) == 8, these functions should be excluded from the build.
+ */
+
+_isatty_r = 0x40000380;
+PROVIDE( __smakebuf_r = 0x4000046c );
+PROVIDE( __swhatbuf_r = 0x40000470 );
+PROVIDE( __swsetup_r = 0x4000047c );
--- a/components/esp_rom/esp32c3/ld/esp32c3.rom.newlib.ld
+++ b/components/esp_rom/esp32c3/ld/esp32c3.rom.newlib.ld
@ -25,7 +25,6 @@ strncmp = 0x40000370;
 strlen = 0x40000374;
 strstr = 0x40000378;
 bzero = 0x4000037c;
-_isatty_r = 0x40000380;
 sbrk = 0x40000384;
 isalnum = 0x40000388;
 isalpha = 0x4000038c;
@ -84,11 +83,8 @@ PROVIDE( fflush = 0x4000045c );
 PROVIDE( _fflush_r = 0x40000460 );
 PROVIDE( _fwalk = 0x40000464 );
 PROVIDE( _fwalk_reent = 0x40000468 );
-PROVIDE( __smakebuf_r = 0x4000046c );
-PROVIDE( __swhatbuf_r = 0x40000470 );
 PROVIDE( __swbuf_r = 0x40000474 );
 __swbuf = 0x40000478;
-PROVIDE( __swsetup_r = 0x4000047c );
 /* Data (.data, .bss, .rodata) */
 syscall_table_ptr = 0x3fcdffe0;
 _global_impure_ptr = 0x3fcdffdc;
--- a/components/esp_rom/esp32h2/ld/rev1/esp32h2.rom.newlib.ld
+++ b/components/esp_rom/esp32h2/ld/rev1/esp32h2.rom.newlib.ld
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -31,7 +31,6 @@ strncmp = 0x40000378;
 strlen = 0x4000037c;
 strstr = 0x40000380;
 bzero = 0x40000384;
-_isatty_r = 0x40000388;
 sbrk = 0x4000038c;
 isalnum = 0x40000390;
 isalpha = 0x40000394;
@ -90,11 +89,8 @@ PROVIDE( fflush = 0x40000464 );
 PROVIDE( _fflush_r = 0x40000468 );
 PROVIDE( _fwalk = 0x4000046c );
 PROVIDE( _fwalk_reent = 0x40000470 );
-PROVIDE( __smakebuf_r = 0x40000474 );
-PROVIDE( __swhatbuf_r = 0x40000478 );
 PROVIDE( __swbuf_r = 0x4000047c );
 __swbuf = 0x40000480;
-PROVIDE( __swsetup_r = 0x40000484 );
 /* Data (.data, .bss, .rodata) */
 syscall_table_ptr = 0x3fcdffdc;
 _global_impure_ptr = 0x3fcdffd8;
--- a/components/esp_rom/esp32h2/ld/rev2/esp32h2.rom.newlib.ld
+++ b/components/esp_rom/esp32h2/ld/rev2/esp32h2.rom.newlib.ld
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -31,7 +31,6 @@ strncmp = 0x400004a4;
 strlen = 0x400004a8;
 strstr = 0x400004ac;
 bzero = 0x400004b0;
-_isatty_r = 0x400004b4;
 sbrk = 0x400004b8;
 isalnum = 0x400004bc;
 isalpha = 0x400004c0;
@ -90,11 +89,8 @@ fflush = 0x40000590;
 _fflush_r = 0x40000594;
 _fwalk = 0x40000598;
 _fwalk_reent = 0x4000059c;
-__smakebuf_r = 0x400005a0;
-__swhatbuf_r = 0x400005a4;
 __swbuf_r = 0x400005a8;
 __swbuf = 0x400005ac;
-__swsetup_r = 0x400005b0;
 _strtod_l = 0x400005b4;
 _strtod_r = 0x400005b8;
 strtod_l = 0x400005bc;
--- a/components/esp_rom/esp32s2/ld/esp32s2.rom.newlib-funcs.ld
+++ b/components/esp_rom/esp32s2/ld/esp32s2.rom.newlib-funcs.ld
@ -29,7 +29,6 @@ _fwalk_reent = 0x4001bd24;
 isalnum = 0x400078d8;
 isalpha = 0x400078e8;
 isascii = 0x4001aaec;
-_isatty_r = 0x400078a0;
 isblank = 0x400078f8;
 iscntrl = 0x40007918;
 isdigit = 0x40007930;
@ -66,11 +65,9 @@ __sfmoreglue = 0x4001a4c8;
 __sfp = 0x4001a590;
 __sfp_lock_acquire = 0x4001a508;
 __sfp_lock_release = 0x4001a514;
-__sfvwrite_r = 0x40001310;
 __sinit = 0x4001a538;
 __sinit_lock_acquire = 0x4001a520;
 __sinit_lock_release = 0x4001a52c;
-__smakebuf_r = 0x40001954;
 srand = 0x40007a24;
 __sread = 0x4001a660;
 __sseek = 0x4001a6cc;
@ -104,9 +101,7 @@ strtok_r = 0x4001af7c;
 strupr = 0x40008084;
 __swbuf = 0x4000167c;
 __swbuf_r = 0x400015bc;
-__swhatbuf_r = 0x400018f8;
 __swrite = 0x4001a698;
-__swsetup_r = 0x40001690;
 toascii = 0x4001af90;
 tolower = 0x40008158;
 toupper = 0x40008174;
--- a/components/esp_rom/esp32s2/ld/esp32s2.rom.newlib-time.ld
+++ b/components/esp_rom/esp32s2/ld/esp32s2.rom.newlib-time.ld
@ -0,0 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/* These are the newlib functions and the .bss/.data symbols which are related to 'time_t'
+   or other structures which include 'time_t' (like 'struct stat').
+   These ROM functions were compiled with sizeof(time_t) == 4.
+   When compiling with sizeof(time_t) == 8, these functions should be excluded from the build.
+ */
+
+__swsetup_r = 0x40001690;
+__smakebuf_r = 0x40001954;
+__swhatbuf_r = 0x400018f8;
+__sfvwrite_r = 0x40001310;
+_isatty_r = 0x400078a0;
--- a/components/esp_rom/esp32s3/ld/esp32s3.rom.newlib-time.ld
+++ b/components/esp_rom/esp32s3/ld/esp32s3.rom.newlib-time.ld
@ -0,0 +1,15 @@
+/*
+ * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/* These are the newlib functions and the .bss/.data symbols which are related to 'time_t'
+   or other structures which include 'time_t' (like 'struct stat').
+   These ROM functions were compiled with sizeof(time_t) == 4.
+   When compiling with sizeof(time_t) == 8, these functions should be excluded from the build.
+ */
+
+_isatty_r = 0x4000126c;
+PROVIDE( __smakebuf_r = 0x40001530 );
+PROVIDE( __swsetup_r = 0x40001560 );
+PROVIDE( __swhatbuf_r = 0x4000153c );
--- a/components/esp_rom/esp32s3/ld/esp32s3.rom.newlib.ld
+++ b/components/esp_rom/esp32s3/ld/esp32s3.rom.newlib.ld
@ -25,7 +25,6 @@ strncmp = 0x4000123c;
 strlen = 0x40001248;
 strstr = 0x40001254;
 bzero = 0x40001260;
-_isatty_r = 0x4000126c;
 sbrk = 0x40001278;
 isalnum = 0x40001284;
 isalpha = 0x40001290;
@ -84,11 +83,8 @@ PROVIDE( fflush = 0x40001500 );
 PROVIDE( _fflush_r = 0x4000150c );
 PROVIDE( _fwalk = 0x40001518 );
 PROVIDE( _fwalk_reent = 0x40001524 );
-PROVIDE( __smakebuf_r = 0x40001530 );
-PROVIDE( __swhatbuf_r = 0x4000153c );
 PROVIDE( __swbuf_r = 0x40001548 );
 __swbuf = 0x40001554;
-PROVIDE( __swsetup_r = 0x40001560 );
 /* Data (.data, .bss, .rodata) */
 syscall_table_ptr = 0x3fceffd4;
 _global_impure_ptr = 0x3fceffd0;
--- a/components/esp_rom/esp8684/ld/esp8684.rom.newlib.ld
+++ b/components/esp_rom/esp8684/ld/esp8684.rom.newlib.ld
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -30,7 +30,6 @@ strncmp = 0x400004a0;
 strlen = 0x400004a4;
 strstr = 0x400004a8;
 bzero = 0x400004ac;
-_isatty_r = 0x400004b0;
 sbrk = 0x400004b4;
 isalnum = 0x400004b8;
 isalpha = 0x400004bc;
@ -89,11 +88,8 @@ fflush = 0x4000058c;
 _fflush_r = 0x40000590;
 _fwalk = 0x40000594;
 _fwalk_reent = 0x40000598;
-__smakebuf_r = 0x4000059c;
-__swhatbuf_r = 0x400005a0;
 __swbuf_r = 0x400005a4;
 __swbuf = 0x400005a8;
-__swsetup_r = 0x400005ac;
 _strtod_l = 0x400005b0;
 _strtod_r = 0x400005b4;
 strtod_l = 0x400005b8;