Tom Rini [Mon, 19 Aug 2024 22:14:29 +0000 (16:14 -0600)]
Merge patch series "clk: mediatek: mt7988: clk migration for OF_UPSTREAM"
Christian Marangi <ansuelsmth@gmail.com> says:
These are all the required patches to migrate clk and correctly support
OF_UPSTREAM. This will align the clk index to upstream to support the same
clk implementation with downstream and upstream DTS.
clk: mediatek: mt7988: comment out infracfg clk not defined
Comment out infracfg clk not defined in upstream kernel linux clock ID
include. These clock are not used and can be safely commented. Keep them
just to have a reference of their existence.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: drop 1/1 spurious factor for topckgen
Now that we can have advanced parent handling for mux, we can drop
spurious topckgen 1/1 factor. This is in preparation to make the clk
ID match the ID in upstream include for mt7988.
Drop the factor entry from mt7988-clk.h and reference to them in
mt7988.dtsi. Muxes and gates are updated to reference the apmixed clk
following how it's done in upstream kernel linux. Add relevant clk type
flag in clk_tree for apmixed and topckgen.
Also move TOP_XTAL to the fixed clock table following how it's done in
upstream linux kernel.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reorder TOPCKGEN factor ID to put TOP_FACTOR first and then PLL. This is
to match how it's done in upstream kernel linux and in preparation for
OF_UPSTREAM support.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: rename TOPCKGEN factor clock to upstream naming
Rename TOPCKGEN factor clock to upstream neaming.
Upstream kernel linux reference the factor clock for apmixedpll with the
"pll" suffix. Align the naming to the upstream naming format in
preparation for OF_UPSTREAM support.
Also rename rtc clock to drop the CB_ as upstream doesn't have that.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: drop 1/1 infracfg spurious factor
Now that we can have advanced parent handling for mux, we can drop
spurious infracfg 1/1 factor. This is in preparation to make the clk
ID match the ID in upstream include for mt7988.
Drop the factor entry from mt7988-clk.h and reference to them in
mt7988.dtsi. Muxes and gates are updated to reference the topckgen clk
following how it's done in upstream kernel linux.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: fix wrong parent for INFRA_PCIE_PERI_26M_CK_P2
Fix wrong parent for INFRA_PCIE_PERI_26M_CK_P2 as should be
INFRA_PCIE_PERI_26M_CK_P3 instead of INFRA_F26M_O0. This is to match
implementation on upstream kernel linux.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: move INFRA_PCIE_PERI_26M_CK_Px clock at top
Move INFRA_PCIE_PERI_26M_CK_Px clock at top of the infracfg gates
in preparation for support of OF_UPSTREAM to have a 1:1 match with
upstream clock ID.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: rename TOP_CK_NPU_SEL_CM_TOPS_SEL to TOP_NPU_SEL
Upstream kernel linux clock include use TOP_NPU_SEL instead of
TOP_CK_NPU_SEL_CM_TOPS_SEL.
Rename this clock to the upstream kernel in preparation for support of
OF_UPSTREAM.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: rename TOP_DA_SELM_XTAL_SEL to TOP_DA_SEL
Upstream kernel linux clock include use TOP_DA_SEL instead of
TOP_DA_SELM_XTAL_SEL.
Rename this clock to the upstream kernel in preparation for support of
OF_UPSTREAM.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
clk: mediatek: mt7988: rename CB_CKSQ_40M to TOP_XTAL
Upstream kernel linux clock include use TOP_XTAL instead of CB_CKSQ_40M.
Rename this clock to the upstream kernel in preparation for support of
OF_UPSTREAM.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tom Rini [Mon, 19 Aug 2024 22:13:51 +0000 (16:13 -0600)]
Merge patch series "clk: mediatek: mt7981: clk migration for OF_UPSTREAM"
Christian Marangi <ansuelsmth@gmail.com> says:
These are all the required patches to migrate clk and correctly support
OF_UPSTREAM. This will align the clk index to upstream to support the same
clk implementation with downstream and upstream DTS.
Add and fix support for pwm3 clock. In the pwm DTSI node we were
actually using PWM2 clock for PWM3. Now that we have correct ID also add
the missing entry of gate and mux to support PWM3 clock.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Now that we can have advanced parent handling for mux, we can drop
spurious infracfg 1/1 factor. This is in preparation to make the clk
ID match the ID in upstream include for mt7981.
Drop the factor entry from mt7981-clk.h and reference to them in
mt7981.dtsi. Muxes and gates are updated to reference the topckgen clk
following how it's done in upstream kernel linux. Add relevant clk type
flag in clk_tree for infracfg and topckgen.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Implement missing sgmii0/1 clock and update the compatible the DTS to
match upstream kernel linux and in preparation for OF_UPSTREAM support
since the ethernet node define these additional clocks.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tom Rini [Mon, 19 Aug 2024 22:13:01 +0000 (16:13 -0600)]
Merge patch series "clk: mediatek: mt7623: clk migration for OF_UPSTREAM"
Christian Marangi <ansuelsmth@gmail.com> says:
These are all the required patches to migrate clk and correctly support
OF_UPSTREAM. This will align the clk index to upstream to support the same
clk implementation with downstream and upstream DTS.
clk: mediatek: mt7623: remap peri clock ID and add MUX
Upstream kernel linux makes use of peri clock MUX to setup UART.
Add definition for these and add remap table as in the upstream clock ID
order gates are before MUX but we require MUX first and then clocks in
our downstream driver.
Convert the peri clk tree to MUX + GATE implementation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Tested-by: Frank Wunderlich <frank-w@public-files.de>
clk: mediatek: mt7623: define id_offs_map and import clk ID from upstream
Define id_offs_map and use clk ID form upstream linux kernel to have a
1:1 match for the TOPCKGEN clock and permit usage of OF_UPSTREAM with
upstream dtsi.
For all the gate clock, the clk ID starts from 1 instead of zero. Define
an additional clock tree for them and set the .gates_offs to 1 to
account for this.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
ext4: Fix integer overflow in ext4fs_read_symlink()
While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem can exhibit an inode size of 0xffffffff
and as consequence zalloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.
Avoid the overflow by using the __builtin_add_overflow() helper.
Signed-off-by: Richard Weinberger <richard@nod.at>
squashfs: Fix heap corruption in sqfs_search_dir()
res needs to be large enough to store both strings rem and target,
plus the path separator and the terminator.
Currently the space for the path separator is not accounted, so
the heap is corrupted by one byte.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
squashfs: Fix stack overflow while symlink resolving
The squashfs driver blindly follows symlinks, and calls sqfs_size()
recursively. So an attacker can create a crafted filesystem and with
a deep enough nesting level a stack overflow can be achieved.
Fix by limiting the nesting level to 8.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
squashfs: Fix integer overflow in sqfs_inode_size()
A carefully crafted squashfs filesystem can exhibit an extremly large
inode size and overflow the calculation in sqfs_inode_size().
As a consequence, the squashfs driver will read from wrong locations.
Fix by using __builtin_add_overflow() to detect the overflow.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
squashfs: Fix integer overflow in sqfs_resolve_symlink()
A carefully crafted squashfs filesystem can exhibit an inode size of 0xffffffff,
as a consequence malloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.
Avoid the overflow by using the __builtin_add_overflow() helper.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
dlmalloc: Make sure allocation size is within malloc area
Since U-Boot does not support memory overcommit we can
enforce that the allocation size is within the malloc area.
This is a simple and efficient hardening measure to mitigate
further integer overflows in dlmalloc.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Simon Glass <sjg@chromium.org>
Make sure that the new break is within mem_malloc_start
and mem_malloc_end before making progress.
ulong new = old + increment; can overflow for extremely large
increment values and memset() can get wrongly called.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Simon Glass <sjg@chromium.org>
req is of type size_t, casting it to long opens the door
for an integer overflow.
Values between LONG_MAX - (SIZE_SZ + MALLOC_ALIGN_MASK) - 1 and LONG_MAX
cause and overflow such that request2size() returns MINSIZE.
Fix by removing the cast.
The origin of the cast is unclear, it's in u-boot and ppcboot since ever
and predates the CVS history.
Doug Lea's original dlmalloc implementation also doesn't have it.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Simon Glass <sjg@chromium.org>
sbrk() assumes ptrdiff_t is large enough to enlarge/shrink the heap
by LONG_MIN/LONG_MAX.
So, use the long type, also to match the rest of the Linux ecosystem.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Simon Glass <sjg@chromium.org>
bootstage: Fix out-of-bounds read in reloc_bootstage()
bootstage_get_size() returns the total size of the data structure
including associated records.
When copying from gd->bootstage, only the allocation size of gd->bootstage
must be used. Otherwise too much memory is copied.
This bug caused no harm so far because gd->new_bootstage is always
large enough and reading beyond the allocation length of gd->bootstage
caused no problem due to the U-Boot memory layout.
Fix by using the correct size and perform the initial copy directly
in bootstage_relocate() to have the whole relocation process in the
same function.
Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Simon Glass <sjg@chromium.org>
Evaluate the filesystem incompat and ro_compat bit fields to judge
whether the filesystem can be read or written.
For the read side only a scary warning is shown so far.
I'd love to abort mounting too, but I fear this will break some setups
where the driver works by chance.
Signed-off-by: Richard Weinberger <richard@nod.at>
Do not load and flush segments whose program header type is not
PT_LOAD to avoid crash happen.
bootelf will load all program headers and then flush cache.
Since PT_GNU_STACK start address is 0x0, crash happens when
it flushes PT_GNU_STACK area for target that memory cannot be
accessed from address 0x0.
crash call stack:
====================================================================
bootelf -p
|-> do_bootelf (cmd/elf.c)
|-> load_elf_image_phdr (lib/elf.c) /* Load each program header */
|-> for (i = 0; i < ehdr->e_phnum; ++i) { /* e_phnum is 2 */
|-> flush_cache(start=0, size=0) (arch/arm/lib/cache.c) (*1)
|-> flush_dcache_range(start=0, 0); (arch/arm/cpu/armv8/cache_v8.c)
|-> __asm_flush_dcache_range(start=0, 0) (arch/arm/cpu/armv8/cache.S)
|-> /* clean & invalidate data or unified cache */
|-> dc civac, x0 <<== crash happen x0:start=0
====================================================================
*1 Here the p_paddr and p_filesz of the GNU_STACK program are 0.
hello_world elf image program headers
====================================================================
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000080ff0000 0x0000000080ff0000
0x0000000000010390 0x0000000000010390 R E 0x10000
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
Sean Anderson [Sat, 10 Aug 2024 13:59:37 +0000 (09:59 -0400)]
pinmux: generic: Use ENOENT instead of ENOSYS
ENOSYS should only be used when a subsystem is completely absent.
Convert its use in pinctrl-generic to ENOENT, which better reflects the
error condition (that a function/group/pin is missing).
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Ravi Minnikanti [Sun, 11 Aug 2024 18:44:15 +0000 (11:44 -0700)]
env: remove vars that are not in default env
current env_set_default_vars() doesn't delete
var that are not in the imported env. hashtable
removes vars that are not in the imported
env but present in the current env only if H_NOCLEAR
flag is not set.
This change is to avoid passing H_NOCLEAR flag if
specific vars are passed to env_set_default_vars()
Without this change:
Marvell>> env default boot_mode
Marvell>>
With the change:
Marvell>> env default boot_mode
WARNING: 'boot_mode' not in imported env, deleting it!
Signed-off-by: Ravi Minnikanti <rminnikanti@marvell.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Yasuharu Shibata [Wed, 14 Aug 2024 12:41:07 +0000 (21:41 +0900)]
sandbox: fix wget test failure after fixing wget issue
After applying the following patch, wget test on sandbox failed[1].
Commit: cab7867cff ("net: wget: Support retransmission a dropped packet")
Here are two reasons why the test is failed and how to fix it:
1. tcp_ack is calculated by the wrong value.
tcp_ack needs to be calculated by the received TCP payload size.
2. wget command may have a problem that HTTP response from server
must be divided into more than two packets.
In this commit, HTTP response is divided into two packets.
In addition, I fixed the HTTP response returned at the correct timing.
cmd: led: fix led command usage for the LED_SW_BLINK enabled case
CONFIG_LED_BLINK and CONFIG_LED_SW_BLINK can be defined independently.
Led blinking works if any (or both) of them is enabled. Unfortunately
the led command help does not display blinking option if only
CONFIG_LED_SW_BLINK is enabled. This is definitely wrong.
This patch fix an issue.
Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@iopsys.eu> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Alexander Dahl <ada@thorsis.com>
spi: soft_spi: Parse cs-gpios only if num-chipselects is not <0>
Some boards don't have chipselect lines for leds so cs-gpios is not
specified in the dts leading to probing error. Fix it by making
behavior similar to the one in Linux, parse num-chipselects and
if it is zero, ignore cs-gpios.
Signed-off-by: Michael Polyntsov <michael.polyntsov@iopsys.eu> Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@iopsys.eu>
Simon Glass [Sun, 11 Aug 2024 14:50:34 +0000 (08:50 -0600)]
armv8: ls2085a: Drop CMD_DATE
These boards use pre-driver model code and it is several years since the
migration deadline. Disable the 'date' command so that this old code can
be removed.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
Simon Glass [Sun, 11 Aug 2024 14:50:33 +0000 (08:50 -0600)]
mips: malta: Drop CMD_DATE
These boards use pre-driver model code and it is several years since the
migration deadline. Disable the 'date' command so that this old code can
be removed.
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
Tom Rini [Fri, 9 Aug 2024 22:03:21 +0000 (16:03 -0600)]
Merge patch series "Universal Payload initial series"
Simon Glass <sjg@chromium.org> says:
Universal Payload (UPL) is an Industry Standard for firmware
components[1]. UPL is designed to improve interoperability within the
firmware industry, allowing mixing and matching of projects with less
friction and fewer project-specific implementations. UPL is
cross-platform, supporting ARM, x86 and RISC-V initially.
This series provides some initial support for this, targeting 0.9.1 and
sandbox only.
Features still to come include:
- Support for architectures
- FIT validation
- Handoff validation
- Interoperability tests
Simon Glass [Wed, 7 Aug 2024 22:47:39 +0000 (16:47 -0600)]
upl: Add an end-to-end test
Now that sandbox_vpl supports UPL, add a test that checks that the
payload can be loaded by SPL and the handoff information passed through
to U-Boot proper.
Simon Glass [Wed, 7 Aug 2024 22:47:28 +0000 (16:47 -0600)]
upl: Add support for writing a upl handoff
Universal Payload provides a standard way of handing off control between
two firmware phases. Add support for writing the handoff information from
a structure.
Simon Glass [Wed, 7 Aug 2024 22:47:27 +0000 (16:47 -0600)]
upl: Add support for reading a upl handoff
Universal Payload provides a standard way of handing off control between
two firmware phases. Add support for reading the handoff information into
a structure.
Simon Glass [Wed, 7 Aug 2024 22:47:26 +0000 (16:47 -0600)]
sandbox: Set up global_data earlier
It is possible for U-Boot functions such as printf() to be called
within state_init(). This can end up checking gd->flags (e.g. in putc())
before global_data is set up.
Move the setup earlier to avoid this. This fixes the suppression of some
debug output in memory allocation (when enabled).
Simon Glass [Wed, 7 Aug 2024 22:47:24 +0000 (16:47 -0600)]
sandbox: Return error code from read/write/seek
The existing API for these functions is different from the rest of
U-Boot, in that any error code must be obtained from the errno variable
on failure. This variable is part of the C library, so accessing it
outside of the special 'sandbox' shim-functions is not ideal.
Adjust the API to return an error code, to avoid this. Update existing
uses to check for any negative value, rather than just -1.
Simon Glass [Wed, 7 Aug 2024 22:47:23 +0000 (16:47 -0600)]
sandbox: fdt: Avoid overwriting an existing fdt
Since the removal of OF_HOSTFILE logic in board_fdt_blob_setup(), the
logic for obtaining the DT is handled in the OF_BOARD option. If a
devicetree comes from a bloblist it is immediately overwritten by this
function.
Fix this by skipping the function if a devicetree is already present.
This is sort-of a fix for e7fb7896 ("sandbox: Remove OF_HOSTFILE") but
it has only come to light since bloblist was added, so I have not added
a Fixes tag.
Unfortunately it is not possible to report the correct FDT source with
the current code. It might be best to use an error-return code for
board_fdt_blob_setup() so that an error can be reported if the board
does not provide the DT.
projects / u-boot.git / log
