Introduce sandbox_spi_get_{speed, mode} public interface to retrieve the
sandbox spi bus internal state. They are meant to be used in sandbox spi
testcases.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Ovidiu Panait [Mon, 14 Dec 2020 17:06:48 +0000 (19:06 +0200)]
spi: sandbox_spi: Implement speed/mode setup
Implement sandbox_spi_set_{speed, mode} routines, to be able to keep track
of the current bus speed/mode. This will help determine whether the values
passed from dm_spi_claim_bus() are valid.
Ovidiu Panait [Mon, 14 Dec 2020 17:06:47 +0000 (19:06 +0200)]
sandbox: test: Add a second SPI slave on sandbox_spi bus
Place a second spi slave on the sandbox_spi bus, to be used by the
spi_claim_bus() testcase we are about to introduce. We need to make sure
that jumping between slaves calling spi_claim_bus() sets the bus speed and
mode appropriately. Use different max-hz and mode properties for this new
slave.
Also, update sandbox_spi cs_info call to allow activity on CS0/CS1 and
adapt dm_test_spi_find() testcase for this new setup.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Ovidiu Panait [Mon, 14 Dec 2020 17:06:46 +0000 (19:06 +0200)]
sandbox: spi: Drop unused sandbox_spi_parse_spec function
Commit 1289e96797bf ("sandbox: spi: Drop command-line SPI option") dropped
support for specifying SPI devices on the command line, removing the only
user of sandbox_spi_parse_spec(). Remove the function too.
Fixes: 1289e96797bf ("sandbox: spi: Drop command-line SPI option") Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Reviewed-by: Simon Glass <sjg@chromium.org>
fdt: Use phandle to distinguish DT nodes with same name
While assigning the sequence number to subsystem instances by reading the
aliases property, only DT nodes names are compared and not the complete
path. This causes a problem when there are two DT nodes with same name but
have different paths.
In arch/arm/dts/k3-am65-main.dtsi there are two USB controllers with the
same device tree node name but different path. When aliases are defined for
these USB controllers then fdtdec_get_alias_seq() fails to pick the correct
instance for a given index.
fdt_path_offset() function is slow and this would effect the U-Boot
startup. To avert the time penalty on all boards, apply this extra check
only when required by using a config option.
Fix it by comparing the phandles of DT nodes after the node names match,
under a config option.
Signed-off-by: Aswath Govindraju <a-govindraju@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Fix whitespace error in Kconfig: Signed-off-by: Simon Glass <sjg@chromium.org>
Philipp Tomsich [Tue, 24 Nov 2020 17:14:52 +0000 (18:14 +0100)]
patman: Add --no-signoff to suppress adding signoffs
To enable use of patman with FSF/GNU projects, such as GCC or
Binutils, no Signed-off-by may be added. This adds a command
line flag '--no-signoff' to suppress adding signoffs in patman
when processing commits.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Simon Glass <sjg@chromium.org>
Fix patman testBranch() test: Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 17 Dec 2020 04:20:30 +0000 (21:20 -0700)]
dm: core: Update uclass_find_next_free_req_seq() for new scheme
This function current deals with req_seq which is deprecated. Update it to
use the new sequence numbers, putting them above existing aliases. Rename
the function to make this clear.
Simon Glass [Thu, 17 Dec 2020 04:20:29 +0000 (21:20 -0700)]
dm: Drop the unused arg in uclass_find_device_by_seq()
Now that there is only one sequence number (rather than both requested and
assigned ones) we can simplify this function. Also update its caller to
simplify the logic.
Simon Glass [Thu, 17 Dec 2020 04:20:22 +0000 (21:20 -0700)]
x86: Drop unnecessary mp_init logic
Now that sequence numbers are set up when devices are bound, this code is
not needed. Also, we should use dev_seq() instead of req_seq. Update the
whole file accordingly.
Simon Glass [Thu, 17 Dec 2020 04:20:20 +0000 (21:20 -0700)]
usb: ehci-mx6: Drop assignment of sequence number
This hack cannot work in the new sequence-numbering scheme. Remove it
while we wait for the maintainer to complete DM conversion as noted in
the existing comment.
Simon Glass [Thu, 17 Dec 2020 04:20:19 +0000 (21:20 -0700)]
spi: Update for new sequence numbers
Use the new sequence number in all cases. Drop the rockchip case because
the sequence number should be 0 anyway, and assigning to the sequence
number is not permitted.
Simon Glass [Thu, 17 Dec 2020 04:20:17 +0000 (21:20 -0700)]
dm: core: Allow manual sequence numbering
Some buses have their own rules which require assigning sequence numbers
with a bus-specific algorithm. For example, PCI requires that sub-buses
are numbered higher than their parent buses, meaning effectively that
parent buses must be numbered only after all of their child buses have
been numbered.
Add a uclass flag to indicate that driver model should not assign sequence
numbers. In this case, the uclass must do it.
Simon Glass [Thu, 17 Dec 2020 04:20:16 +0000 (21:20 -0700)]
net: Update to use new sequence numbers
Checking for seq == -1 is effectively checking that the device is
activated. The new sequence numbers are never -1 for a bound device, so
update the check.
Also drop the note about valid sequence numbers so it is accurate with the
new approach.
Simon Glass [Thu, 17 Dec 2020 04:20:14 +0000 (21:20 -0700)]
octeon: Don't attempt to set the sequence number
Several Octeon drivers operate by setting the sequence number of their
device. This should not be needed with the new sequence number setup. Also
it is not permitted. Drop it.
Simon Glass [Thu, 17 Dec 2020 04:20:09 +0000 (21:20 -0700)]
dm: core: Add a new sequence number for devices
At present each device has two sequence numbers, with 'req_seq' being
set up at bind time and 'seq' at probe time. The idea is that devices
can 'request' a sequence number and then the conflicts are resolved when
the device is probed.
This makes things complicated in a few cases, since we don't really know
what the sequence number will end up being. We want to honour the
bind-time requests if at all possible, but in fact the only source of
these at present is the devicetree aliases. Since we have the devicetree
available at bind time, we may as well just use it, in the hope that the
required processing will turn out to be useful later (i.e. the device
actually gets used).
Add a new 'sqq' member, the bind-time sequence number. It operates in
parallel to the old values for now. All devices get a valid sqq value,
i.e. it is never -1.
At present this is passed a uclass ID and it has to do a lookup. The
callers all have the uclass pointer, except for the I2C uclass where the
code will soon be deleted.
Update the argument to a uclass * instead of an ID since it is more
efficient.
Simon Glass [Thu, 17 Dec 2020 04:20:07 +0000 (21:20 -0700)]
dm: Avoid accessing seq directly
At present various drivers etc. access the device's 'seq' member directly.
This makes it harder to change the meaning of that member. Change access
to go through a function instead.
The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now.
Simon Glass [Thu, 17 Dec 2020 04:20:06 +0000 (21:20 -0700)]
linker_lists: Fix alignment issue
The linker script uses alphabetic sorting to group the different linker
lists together. Each group has its own struct and potentially its own
alignment. But when the linker packs the structs together it cannot ensure
that a linker list starts on the expected alignment boundary.
For example, if the first list has a struct size of 8 and we place 3 of
them in the image, that means that the next struct will start at offset
0x18 from the start of the linker_list section. If the next struct has
a size of 16 then it will start at an 8-byte aligned offset, but not a
16-byte aligned offset.
With sandbox on x86_64, a reference to a linker list item using
ll_entry_get() can force alignment of that particular linker_list item,
if it is in the same file as the linker_list item is declared.
Consider this example, where struct driver is 0x80 bytes:
If these two lines of code are in the same file, then the entry is forced
to be aligned at the 'struct driver' alignment, which is 16 bytes. If the
second line of code is in a different file, then no action is taken, since
the compiler cannot update the alignment of the linker_list item.
In the first case, an 8-byte 'fill' region is added:
With this, the linker_list no-longer works since items after testfdt1_drv
are not at the expected address.
Ideally we would have a way to tell gcc not to align structs in this way.
It is not clear how we could do this, and in any case it would require us
to adjust every struct used by the linker_list feature.
One possible fix is to force each separate linker_list to start on the
largest possible boundary that can be required by the compiler. However
that does not seem to work on x86_64, which uses 16-byte alignment in this
case but needs 32-byte alignment.
So add a Kconfig option to handle this. Set the default value to 4 so
as to avoid changing platforms that don't need it.
Simon Glass [Thu, 3 Dec 2020 23:55:18 +0000 (16:55 -0700)]
dm: treewide: Rename 'platdata' variables to just 'plat'
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Simon Glass [Thu, 3 Dec 2020 23:55:17 +0000 (16:55 -0700)]
dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Simon Glass [Sun, 29 Nov 2020 00:50:08 +0000 (17:50 -0700)]
dm: core: Combine the flattree and livetree binding code
At present there are two copies of this code. With ofnode we can combine
them to reduce duplication. Update the dm_scan_fdt_node() function and
adjust its callers.
When an exception occurs print the program counter and the loaded
UEFI binaries and reset the system if CONFIG_SANDBOX_CRASH_RESET=y
or exit to the OS otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
Tom Rini [Thu, 10 Dec 2020 18:54:33 +0000 (13:54 -0500)]
Merge tag 'efi-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for next
Bug fixes
* avoid corruption of FAT file system when using long names
* correct values for RuntimeServicesSupport concerning UEFI capsule update
* link partition to block device via EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
New feature
* support EFI_LOAD_FILE_PROTOCOL in LoadImage() boot service
We provide a UEFI driver for block devices. When ConnectController() is
called for a handle with the EFI_BLOCK_IO_PROTOCOL this driver creates the
partitions. When DisconnectController() is called the handles for the
partitions have to be deleted. This requires that the child controllers
(partitions) open the EFI_BLOCK_IO_PROTOCOL of the controller (block IO
device) with attribute EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed
to complement the implementation of the LoadFile() boot service.
Remove a duplicate declaration of a variable for the
EFI_LOAD_FILE2_PROTOCOL_GUID.
Move the remaining declaration to efi_boottime.c.
Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: resequence functions in efi_boottime.c
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage()
service we will have to call the LocateDevicePath() service. To avoid a
forward declaration resequence the functions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: don't set EFI_RT_SUPPORTED_UPDATE_CAPSULE
The EFI_RT_PROPERTIES_TABLE configuration table indicates which runtime
services are available at runtime.
Even if CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y, we neither support
UpdateCapsule() nor QueryCapsuleCapabilities() at runtime. Thus we should
not set the corresponding flags EFI_RT_SUPPORTED_UPDATE_CAPSULE and
EFI_RT_SUPPORTED_QUERY_CAPSULE_CAPABILITIES in RuntimeServicesSupported.
Fixes: 2bc27ca8a04a ("efi_loader: define UpdateCapsule api") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
fs: fat: first dentry of long name in FAT iterator
A long name is split over multiple directory entries. When deleting a file
with a long name we need the first directory entry to be able to delete the
whole chain.
Add the necessary fields to the FAT iterator:
* cluster of first directory entry
* address of first directory entry
* remaining entries in cluster
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When iterating over a child directory we set itr->start_clust.
Do the same when over the root directory.
When looking for deleted directory entries or existing short names we will
have to iterate over directories a second and third time. With this patch
we do not need any special logic for the root directory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For reusing deleted directory entries we have to adjust the function called
to step to the next directory entry.
This patch alone is not enough to actually reuse deleted directory entries
as the fill_dir_slot() is still called with first never used directory
entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In set_name() we select the short name. Once this is correctly implemented
this will be a performance intensive operation because we need to check
that the name does not exist yet. So set_name should only be called once.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current function set_name() used to create short names has the
following deficiencies resolved by this patch:
* Long names (e.g. FOO.TXT) are stored even if a short name is enough.
* Short names with spaces are created, e.g. "A ~1.TXT".
* Short names with illegal characters are created, e.g. "FOO++BAR".
* Debug output does not not consider that the short file name has no
concluding '\0'.
The solution for the following bug is split of into a separate patch:
* Short file names must be unique.
This patch only provides the loop over possible short file names.
The FAT specification [1] requires that for a '..' directory entry pointing
to the root directory the fields DIR_FstClusHi and DIR_FstClusLo are 0.
[1] Microsoft FAT Specification, Microsoft Corporation, August 30 2005
Fixes: 31a18d570d96 ("fs: fat: support mkdir") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
spl: fit: Prefer a malloc()'d buffer for loading images
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.
One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.
Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
_________________
| FIT Image |
| |
/===================\ /=====================\
|| DRAM || | DRAM |
|| || | |
||_________________|| SYS_TEXT_BASE | ___________________ |
| | || FIT Image ||
| | || ||
| _________________ | SYS_SPL_MALLOC_START || _________________ ||
|| malloc() data || ||| malloc() data |||
||_________________|| |||_________________|||
| | ||___________________||
| | | |
Figure I Figure II
One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.
The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
* Bounds checking of the buffer region
* Guarantees the buffer does not conflict with other memory
The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.
The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>