display_options_get_banner_priv() overwrites bytes before the start of the
buffer if the buffer size is less then 3. This case occurs in the Sandbox
when executing the `ut_print` command.
Correctly handle small buffer sizes. Adjust the print unit test to catch
when bytes before the buffer are overwritten.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
spl: fit: Always enable tracking of os-type if SPL_OS_BOOT is enabled
FIT_IMAGE_TINY is used to reduce the size of the SPL by removing os-type
tracking and recording the loadables into the loaded FDT. When this option
is enabled, it is assumed that the next stage firmware is u-boot.
However this does not play well with the SPL_OS_BOOT option that enables
loading different type of next stage firmware, like the OS itself.
When SPL_OS_BOOT is used, do not disable os-tracking. The added footprint
is about 300 Bytes.
Add a PL310 cache controller driver that is usually found on
ARMv7(32-bit) devices. The driver configures the cache settings that can
be found in the device tree files.
This initial revision only configures basic settings(data & instruction
prefetch, shared-override, data & tag latency). I believe these are the
settings that affect performance the most. Comprehensive settings can be
done by the OS.
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Linux commit 8ecd7f5970c5 ("ARM: 8483/1: Documentation: l2c: Rename
l2cc to l2c2x0")
Linux docs:
Documentation/devicetree/bindings/arm/l2c2x0.txt
Copied from Linux kernel v5.0.
"The documentation in the l2cc.txt is specific to the L2 cache
controllers L2C210/L2C220/L2C310 (also known as PL210/PL220/PL310
and variants) and not generic as the file name implies. It's not
valid for integrated L2 controllers as found in e.g.
Cortex-A15/A7/A57/A53."
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
arch: armv8: Provide a way to disable cache maintenance ops
On AM654 SoC(arm64) which is IO coherent and has L3 Cache, cache
maintenance operations being done to support non-coherent platforms
causes issues.
For example, here is how U-Boot prepares/handles a buffer to receive
data from a device (DMA Write). This may vary slightly depending on the
driver framework:
Start DMA to write to destination buffer
Wait for DMA to be done (dma_receive()/dma_memcpy())
Invalidate destination buffer (invalidate_dcache_range())
Read from destination buffer
The invalidate after the DMA is needed in order to read latest data from
memory that’s updated by DMA write. Also, in case random prefetch has
pulled in buffer data during the “wait for DMA” before the DMA has
written to it. This works well for non-coherent architectures.
In case of coherent architecture with L3 cache, DMA write would directly
update L3 cache contents (assuming cacheline is present in L3) without
updating the DDR memory. So invalidate after “wait for DMA” in above
sequence would discard latest data and read will cause stale data to be
fetched from DDR. Therefore invalidate after “wait for DMA” is not
always correct on coherent architecture.
Therefore, provide a Kconfig option to disable cache maintenance ops on
coherent architectures. This has added benefit of improving the
performance of DMA transfers as we no longer need to invalidate/flush
individual cache lines(especially for buffer thats several KBs in size).
In order to facilitate use of same Kconfig across different
architecture, I have added the symbol to top level arch/Kconfig file.
Patch currently disables cache maintenance ops for arm64 only.
flush_dcache_all() and invalidate_dcache_all() are exclusively used
during enabling/disabling dcache and hence are not disabled.
Alex Kiernan [Thu, 18 Apr 2019 20:34:55 +0000 (20:34 +0000)]
Refactor IMAGE_ENABLE_VERIFY to handle builds without SPL verification
If building with SPL_LOAD_FIT_FULL and FIT_SIGNATURE, but without
SPL_FIT_SIGNATURE then the build fails with:
common/built-in.o: In function `fit_image_verify_with_data':
common/image-fit.c:1220: undefined reference to `fit_image_verify_required_sigs'
common/image-fit.c:1244: undefined reference to `fit_image_check_sig'
common/built-in.o: In function `fit_image_load':
common/image-fit.c:1857: undefined reference to `fit_config_verify'
Refactor so that host builds still depend on FIT_SIGNATURE, but target
builds check FIT_SIGNATURE/SPL_FIT_SIGNATURE dependent on the build.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Tom Rini [Sun, 5 May 2019 00:02:31 +0000 (20:02 -0400)]
Merge tag 'mips-pull-2019-05-03' of git://git.denx.de/u-boot-mips
- mscc: small fixes, enhance network support for Serval, Luton and Ocelot
- mt7620: rename arch to more generic name mtmips
- mips: pass initrd addresses via DT as physical addresses
of: flip CONFIG_SPL_DISABLE_OF_CONTROL into CONFIG_SPL_OF_CONTROL
As we discussed a couple of times, negative CONFIG options make our
life difficult; CONFIG_SYS_NO_FLASH, CONFIG_SYS_DCACHE_OFF, ...
and here is another one.
Now, there are three boards enabling OF_CONTROL on SPL:
- socfpga_arria5_defconfig
- socfpga_cyclone5_defconfig
- socfpga_socrates_defconfig
This commit adds CONFIG_SPL_OF_CONTROL for them and deletes
CONFIG_SPL_DISABLE_OF_CONTROL from the other boards to invert
the logic.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The support for DaVinci DM* SoCs has been dropped a while ago. There's
still a lot of leftover code in mach-davinci though. Entirely remove
certain files and modify the common code to no longer reference
unsupported chips.
Note: all DaVinci platforms supported in u-boot now define SOC_DA8XX
but not all define SOC_DA850 (e.g. omapl138). We can safely remove
all ifdefs for the former, but let's leave the ones for the latter.
arm: davinci: remove dead code for PHYs used by DaVinci DM* boards
The support for DaVinci DM* boards has been dropped a while ago. The
code for all those PHYs is no longer used and they have their own
proper PHY drivers in drivers/net/phy anyway. Remove all dead code.
Adam Ford [Sun, 28 Apr 2019 21:45:26 +0000 (16:45 -0500)]
ARM: davinci: Remove unused functions from header
There are a few functions defined in the header file, but they are
not referenced by any Davinci code. In order to make a general
function in the future with static function declarations, this
patch will remove the references all together.
Currently mach-mt7620 contains only support for mt7628. To avoid confusion,
rename mach-mt7620 to mach-mtmips, which means MediaTek MIPS platforms.
MT7620 and MT7628 should be distinguished by SOC_MT7620 and SOC_MT7628
because they do not share the same lowlevel codes.
Dependencies of four drivers are changed to SOC_MT7628 as these drivers
are only used by MT7628.
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Microsemi SoC defines CONFIG_SYS_SDRAM_BASE to be 0x80000000, which
represents the start of kseg0 and represents a virtual address. Meaning
that the initrd_start and initrd_end point somewhere kseg0.
When these parameters are passed to linux kernel through DT
they are pointing somewhere in kseg0 which is a virtual address but linux
kernel expects the addresses to be physical addresses(in kuseg) because
it is converting the physical address to a virtual one.
Therefore update the uboot to pass the physical address of initrd_start
and initrd_end by converting them using the function virt_to_phys before
setting up the DT.
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
In Serval SoC family there are 2 different pcb, both of them have the same
phy, but with different version. Therefore implement board_phy_config
and set all the phys in the same way.
When detecting the board, it was reading a register in the GPIO page of
the phy and based on that value it was making a decision. The bug was that
after the GPIO page for the first phy was set it was not reseted back.
In case the ddr training was failing, it couldn't reset, it was just
hanging. Therefore reimplement it, so when ddr training is failing
it would call _machine_restart, which power downs the DDR and does
a force reset.
Faiz Abbas [Tue, 16 Apr 2019 17:36:58 +0000 (23:06 +0530)]
mmc: sdhci: Add Support for ADMA2
The Standard Host Controller Interface (SDHCI) specification version
3.00 adds support for Advanced DMA (ADMA) for both 64 and 32 bit widths
of DMA. ADMA2 uses a table of descriptors for aggregating DMA requests.
This significantly improves read and write throughput.
Faiz Abbas [Tue, 16 Apr 2019 17:36:57 +0000 (23:06 +0530)]
mmc: sdhci: Move DMA handling to prepare_dma() function
In preparation for addition of ADMA2 support, cleanup SDMA handling by
moving it to a new sdhci_prepare_dma() function. Also add a flags field
in sdhci_host to indicate if DMA is enabled.
Ye Li [Mon, 7 Jan 2019 09:10:27 +0000 (09:10 +0000)]
mmc: fsl_esdhc: Fix wp_enable issue
The wp-gpios property is used for gpio, if this is set, the WP pin is muxed
to gpio function, can't be used as internal WP checking. However the codes
remain to use internal WP checking.
This patch changes to examine the "fsl,wp-controller" for enabling internal WP
checking, and "wp-gpios" for muxing to gpio.
Adam Ford [Tue, 30 Apr 2019 12:53:16 +0000 (07:53 -0500)]
ARM: dts: logicpd-som-lv: Fix MMC1 card detect
The card detect pin was incorrectly using IRQ_TYPE_LEVEL_LOW
instead of GPIO_ACTIVE_LOW when reading the state of the CD pin.
Without this patch, MMC1 won't be detected.
This is the same patch submitted to linux-omap, but I was hoping
to get it applied to U-Boot without having to wait for the
linux adoption and then backporting.
Fixes: 5448ff33f281 ("ARM: DTS: Resync Logic PD SOM-LV 37xx
devkit with Linux 4.18-RC4")
Transition to the IOPAD macros as used in Linux in which the pin mux
mode is specified using a dedicated parameter while also dropping the
related MUX_MODEx macros that are no longer needed. This transition
will allow us to keep both Linux and U-Boot DTS in sync more easily.
While at it also align the file name of the include file itself and
update any references accordingly.
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
- at91sam9g20-taurus.dts: use labels
- cleanup taurus port to compile clean with
current mainline again. SPL has no serial
output anymore, so it fits into SRAM.
Andrew F. Davis [Mon, 29 Apr 2019 13:04:11 +0000 (09:04 -0400)]
firmware: ti_sci: Always request response from firmware
TI-SCI firmware will only respond to messages when the
TI_SCI_FLAG_REQ_ACK_ON_PROCESSED flag is set. Most messages
already do this, set this for the ones that do not.
Signed-off-by: Andrew F. Davis <afd@ti.com> Tested-by: Alejandro Hernandez <ajhernandez@ti.com> Acked-by: Nishanth Menon <nm@ti.com>
armv7R: dts: k3: am654: Switch DMSC TX message thread ID
Switch from using the high priority DMSC transmit message queue used
by the secure R5 MCU island boot context to the low priority message
queue. While the change in priority is irrelevant for the current boot
architecture it however gives us access to a deeper message queue that
will allow us to buffer more messages. This is an important aspect when
sending several messages without requesting and waiting for a response
in a row which is a communication scheme used during core shutdown for
example. See AM654 TISCI User Guide for additional details.
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Paul Barker [Thu, 25 Apr 2019 14:12:00 +0000 (15:12 +0100)]
board: am335x: Drop duplicate pinmux configuration
In commit ad6054f1fe128f797b6eb2964afca6674b584785 where support for the
Sancloud BeagleBone Enhanced (BBE) was added, new conditional
configuration of either MII pin muxing or RGMII pin muxing is done
depending on the board type. However, the old call to set up MII pin
muxing was not removed.
This may result in misconfiguration of the pin muxing for the BBE or
duplicate configuration for other boards and so we remove this obsolete
call.
Signed-off-by: Paul Barker <paul.barker@sancloud.co.uk>
An earlier commit converted the TISCI receive timeouts to be specified
in ms rather than us however it failed to take this change into account
when passing the actual timeout to be used when invoking the mailbox
receive API. This leads to the actual timeout to be 1,000 times shorter
than expected and as a result certain TISCI operations would fail.
Fix the issue by converting the timeout declared in ms to us on the fly
as expected by the respective API.
Fixes: fd6b40b1ba20 ("firmware: ti_sci: Add support for NAVSS resource management") Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Marek Behún [Thu, 2 May 2019 14:53:39 +0000 (16:53 +0200)]
arm: mvebu: turris_omnia: add GPIO support to defconfig
Add support for the gpio command and driver for the I2C connected
pca9538 controller, to be able to determine if SFP module is present in
the Turris Omnia router.
Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
Marek Behún [Thu, 2 May 2019 14:53:38 +0000 (16:53 +0200)]
i2c: mvtwsi: fix reading status register after interrupt
The twsi_wait function reads the control register for interrupt flag,
and if interrupt flag is present, it immediately reads status register.
On our device this sometimes causes bad value being read from status
register, as if the value was not yet updated.
My theory is that the controller does approximately this:
1. sets interrupt flag in control register,
2. sets the value of status register,
3. causes an interrupt
In U-Boot we do not use interrupts, so I think that it is possible that
sometimes the status register in the twsi_wait function is read between
points 1 and 2.
The bug does not appear if I add a small delay before reading status
register.
Wait 100ns (which in U-Boot currently means 1 us, because ndelay(i)
function calls udelay(DIV_ROUND_UP(i, 1000))) before reading the status
register.
Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Heiko Schocher <hs@denx.de> Reviewed-by: Stefan Roese <sr@denx.de> Cc: Mario Six <mario.six@gdsys.cc> Cc: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Stefan Roese <sr@denx.de>
There is a Factory RESET button on the back side of the Turris Omnia
router. When user presses this button before powering the device up and
keeps it pressed, the microcontroller prevents the main CPU from booting
and counts how long the RESET button is being pressed (and indicates
this by lighting up front LEDs).
The idea behind this is that the user can boot the device into several
Factory RESET modes.
This patch adds support for U-Boot to read into which Factory RESET mode
the user booted the device. The value is an integer stored into the
omnia_reset environment variable. It is 0 if the button was not pressed
at all during power up, otherwise it is the number identifying the
Factory RESET mode.
This patch also changes bootcmd to a special hardcoded value if Factory
RESET button was pressed during device powerup. This special bootcmd
value sets the colors of all the LEDs on the front panel to green and
then tries to load the rescue image from the SPI flash memory and boot
it.
Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
Marek Behún [Thu, 2 May 2019 14:53:36 +0000 (16:53 +0200)]
arm: mvebu: turris_omnia: fix regdomain env var setting
The regdomain environment variable is set according to value read from
EEPROM. This has to be done in board_late_init, after the environment
variables are read from SPI. Select CONFIG_BOARD_LATE_INIT in Kconfig
for the Turris Omnia target.
Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
Young Xiao [Wed, 17 Apr 2019 09:20:24 +0000 (17:20 +0800)]
kwbimage: fixing the issue with proper return code checking
EVP_VerifyFinal would return one of three values:
1 if the data is verified to be correct;
0 if it is incorrect;
-1 if there is any failure in the verification process.
The varification in unpatched version is wrong, since it ignored
the return value of -1.
The bug allows a malformed signature to be treated as a good
signature rather than as an error. This issue affects the
signature checks on DSA ans ECDSA keys used with SSL/TLS.
This issue is similar to CVE-2008-5077, CVE-2009-0021,
CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049.
Signed-off-by: Young Xiao <92siuyang@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
While the uuids do change on every 'gpt write' command, the values
appear to be taken from the same pool, in the same order.
Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of
devices, all those devices would essentially expose the same UUID,
breaking the assumption of system/RFS/application designers who rely
on UUID as being globally unique (e.g. a database using UUID as key
would alias/mix up entries/records due to duplicated UUID).
The root cause seems to be simply _not_ seeding PRNG before generating
a random value. It turns out this belongs to an established class of
PRNG-specific problems, commonly known as "unseeded randomness", for
which I am able to find below bugs/CVE/CWE:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285
("CVE-2015-0285 openssl: handshake with unseeded PRNG")
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019
("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded
randomness")
- https://cwe.mitre.org/data/definitions/336.html
("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)")
The first revision [1] of this patch updated the seed based on the
output of get_timer(), similar to [4].
There are two problems with this approach:
- get_timer() has a poor _ms_ resolution
- when gen_rand_uuid() is called in a loop, get_timer() returns the
same result, leading to the same seed being passed to srand(),
leading to the same uuid being generated for several partitions
with different names
The above drawbacks have been addressed in the second version [2].
In its third revision (current), the patch reworded the description
and summary line to emphasize it is a *fix* rather than an improvement.
Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a
loop on R-Car3 for several minutes, collecting 8844 randomly generated
UUIDS. Two consecutive cold boots are concatenated in the log.
As a result, all uuid values are unique (scripted check).
Thanks to Roman, who reported the issue and provided support in fixing.
Apply the following changes:
- Guard the 'gpt read' command by 'ifdef CONFIG_CMD_GPT_RENAME',
since 'gpt read' is not available on CMD_GPT_RENAME=n
- Prefix the {read,swap,rename} commands with one space for consistency
- Prefix the 'guid' commands with 'gpt' for consistency
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Below is what happens on R-Car H3ULCB-KF using clean U-Boot v2019.04-00810-g6aebc0d11a10 and r8a7795_ulcb_defconfig:
=> ### interrupt autoboot
=> gpt verify mmc 1
No partition list provided - only basic check
Verify GPT: success!
=> ### keep calling 'gpt verify mmc 1'
=> ### on 58th call, we are out of memory:
=> gpt verify mmc 1
alloc_read_gpt_entries: ERROR: Can't allocate 0X4000 bytes for GPT Entries
GPT: Failed to allocate memory for PTE
gpt_verify_headers: *** ERROR: Invalid Backup GPT ***
Verify GPT: error!
This is caused by calling is_gpt_valid() twice (hence allocating pte
also twice via alloc_read_gpt_entries()) while freeing pte only _once_
in the caller of gpt_verify_headers(). Fix that by freeing the pte
allocated and populated for primary GPT _before_ allocating and
populating the pte for backup GPT. The latter will be freed by the
caller of gpt_verify_headers().
With the fix applied, the reproduction scenario [1-2] has been run
hundreds of times in a loop w/o running into OOM.
Below is what happens on R-Car H3ULCB-KF using clean U-Boot v2019.04-00810-g6aebc0d11a10 and r8a7795_ulcb_defconfig:
=> ### interrupt autoboot
=> gpt guid mmc 1 21200400-0804-0146-9dcc-a8c51255994f
success!
=> ### keep calling 'gpt guid mmc 1'
=> ### on 59th call, we are out of memory:
=> gpt guid mmc 1
alloc_read_gpt_entries: ERROR: Can't allocate 0X4000 bytes for GPT Entries
GPT: Failed to allocate memory for PTE
get_disk_guid: *** ERROR: Invalid GPT ***
alloc_read_gpt_entries: ERROR: Can't allocate 0X4000 bytes for GPT Entries
GPT: Failed to allocate memory for PTE
get_disk_guid: *** ERROR: Invalid Backup GPT ***
error!
After some inspection, it looks like get_disk_guid(), added via v2017.09
commit 73d6d18b7147c9 ("GPT: add accessor function for disk GUID"),
unlike other callers of is_gpt_valid(), doesn't free the memory pointed
out by 'gpt_entry *gpt_pte'. The latter is allocated by is_gpt_valid()
via alloc_read_gpt_entries().
With the fix applied, the reproduction scenario has been run hundreds
of times ('while true; do gpt guid mmc 1; done') w/o running into OOM.
Fixes: 73d6d18b7147c9 ("GPT: add accessor function for disk GUID") Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>