This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem
image load") by using lmb to check the load size of a file against
reserved memory addresses.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
This adds two new functions, lmb_alloc_addr and
lmb_get_unreserved_size.
lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a
pre-specified address range. Unlike lmb_reserve, this address range
must be inside one of the memory ranges that has been set up with
lmb_add.
lmb_get_unreserved_size returns the number of bytes that can be
used up to the next reserved region or the end of valid ram. This
can be 0 if the address passed is reserved.
Added test for these new functions.
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
lib: lmb: reserving overlapping regions should fail
lmb_add_region handles overlapping regions wrong: instead of merging
or rejecting to add a new reserved region that overlaps an existing
one, it just adds the new region.
Since internally the same function is used for lmb_alloc, change
lmb_add_region to reject overlapping regions.
Also, to keep reserved memory correct after 'free', reserved entries
created by allocating memory must not set their size to a multiple
of alignment but to the original size. This ensures the reserved
region is completely removed when the caller calls 'lmb_free', as
this one takes the same size as passed to 'lmb_alloc' etc.
Add test to assert this.
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Horatiu Vultur [Tue, 11 Dec 2018 09:13:56 +0000 (10:13 +0100)]
env: add spi_flash_read_env function
The spi_flash_read_env function is a wrapper over spi_flash_read, which
enables the env to read multiple flash page size from flash until '\0\0'
is read or the end of env partition is reached. Instead of reading the
entire env size. When it reads '\0\0', it stops reading further the env
and assumes that the rest of env is '\0'.
This is an optimization for large environments that contain few bytes
environment variables. In this case it doesn't need to read the entire
environment and only few pages.
Stefan Agner [Thu, 6 Dec 2018 13:57:09 +0000 (14:57 +0100)]
mtd: nand: raw: allow to disable unneeded ECC layouts
Each ECC layout consumes about 2984 bytes in the .data section. Allow
to disable the default ECC layouts if a driver is known to provide its
own ECC layout.
Tom Rini [Wed, 16 Jan 2019 03:05:34 +0000 (22:05 -0500)]
Merge tag 'dm-pull-15jan19' of git://git.denx.de/u-boot-dm
Fix recent changes to serial API for driver model
Buildman clang support and a few fixes
Small fixes to 'dm tree' and regmap test
Improve sandbox build compatibility
A few other minor fixes
Boris Brezillon [Wed, 5 Dec 2018 08:26:50 +0000 (09:26 +0100)]
common: command: Add support for $ auto-completion
Add the dollar_complete() function to auto-complete arguments starting
with a '$' and use it in the cmd_auto_complete() path such that all
args starting with a $ can be auto-completed based on the available env
vars.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
[trini: Fix some linking problems] Signed-off-by: Tom Rini <trini@konsulko.com>
Tien Fong Chee [Mon, 10 Dec 2018 13:29:44 +0000 (21:29 +0800)]
misc: fs_loader: Switching private data allocation to DM auto allocation
Switching private data manual allocation to driver model auto allocation
so users no longer need to deallocate themself because this would be
deallocated by driver model when the device is no longer required.
Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Boris Brezillon [Mon, 3 Dec 2018 21:54:21 +0000 (22:54 +0100)]
command: commands: Add macros to declare commands with subcmds
Most cmd/xxx.c source files expose several commands through a single
entry point. Some of them are doing the sub-command parsing manually in
their do_<cmd>() function, others are declaring a table of sub-commands
and then use find_cmd_tbl() to delegate the request to the sub command
handler.
In either case, the amount of code to do that is not negligible and
repetitive, not to mention that almost no commands are implementing
the auto-completion hook, which means most u-boot commands lack
auto-completion.
Provide several macros to easily define commands exposing sub-commands.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Boris Brezillon [Mon, 3 Dec 2018 21:54:20 +0000 (22:54 +0100)]
common: command: Rework the 'cmd is repeatable' logic
The repeatable property is currently attached to the main command and
sub-commands have no way to change the repeatable value (the
->repeatable field in sub-command entries is ignored).
Replace the ->repeatable field by an extended ->cmd() hook (called
->cmd_rep()) which takes a new int pointer to store the repeatable cap
of the command being executed.
With this trick, we can let sub-commands decide whether they are
repeatable or not.
We also patch mmc and dtimg who are testing the ->repeatable field
directly (they now use cmd_is_repeatable() instead), and fix the help
entry manually since it doesn't use the U_BOOT_CMD() macro.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Boris Brezillon [Mon, 3 Dec 2018 21:54:19 +0000 (22:54 +0100)]
common: command: Expose a generic helper to auto-complete sub commands
Some commands have a table of sub-commands. With minor adjustments,
complete_cmdv() is able to provide auto-completion for sub-commands
(it's just about passing the table of commands instead of taking the
global one).
We rename this function into complete_subcmd() and implement
complete_cmdv() as a wrapper around complete_subcmdv().
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Boris Brezillon [Mon, 3 Dec 2018 21:54:18 +0000 (22:54 +0100)]
common: command: Fix command auto-completion
When auto-completing command arguments, the last argument is not
necessarily the one we need to auto-complete. When the last character is
a space, a tab or '\0' what we want instead is list all possible values,
or if there's only one possible value, place this value on the command
line instead of trying to suffix the last valid argument with missing
chars.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Marek Vasut [Wed, 8 Aug 2018 11:20:29 +0000 (13:20 +0200)]
blk: Increase cache element size
Cache up to 4 kiB entries. 4 kiB is the default block size on ext4, yet
the underlying block layer devices usually report support for 512B . In
most cases, the 512B support is emulated (ie. SD cards, SSDs, USB sticks
etc.) and the real block size of those devices is much bigger.
To avoid performance degradation with such devices and FS setup, bump
the maximum cache entry size to 4 kiB.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Tom Rini <trini@konsulko.com> Cc: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
Makefile: run CONFIG_BOARD_SIZE_LIMIT against .img
With the current Makefile, CONFIG_BOARD_SIZE_LIMIT is used to check
the U-Boot binary without devicetree only. This produces wrong results
when OF_SEPARATE is used.
To fix this, run the CONFIG_BOARD_SIZE_LIMIT check on all .img binaries
as well.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Masahiro Yamada [Fri, 11 Jan 2019 10:42:27 +0000 (19:42 +0900)]
kbuild: add .SECONDARY special target to scripts/Kbuild.include
Based on the following Linux commits:
- 54a702f70589 ("kbuild: mark $(targets) as .SECONDARY and remove
.PRECIOUS markers")
- 8e9b61b293d9 ("kbuild: move .SECONDARY special target to
Kbuild.include")
GNU Make automatically deletes intermediate files that are updated
in a chain of pattern rules.
Example 1) %.dtb.o <- %.dtb.S <- %.dtb <- %.dts
Example 2) %.o <- %.c <- %.c_shipped
A couple of makefiles mark such targets as .PRECIOUS to prevent Make
from deleting them, but the correct way is to use .SECONDARY.
.SECONDARY
Prerequisites of this special target are treated as intermediate
files but are never automatically deleted.
.PRECIOUS
When make is interrupted during execution, it may delete the target
file it is updating if the file was modified since make started.
If you mark the file as precious, make will never delete the file
if interrupted.
Both can avoid deletion of intermediate files, but the difference is
the behavior when Make is interrupted; .SECONDARY deletes the target,
but .PRECIOUS does not.
The use of .PRECIOUS is relatively rare since we do not want to keep
partially constructed (possibly corrupted) targets.
.SECONDARY with no prerequisites causes all targets to be treated as
secondary. This agrees the policy of Kbuild.
scripts/Kbuild.include seems a suitable place to add it because it is
included from almost all sub-makes.
If Make gets a fatal signal while a shell is executing, it may delete
the target file that the recipe was supposed to update. This is needed
to make sure that it is remade from scratch when Make is next run; if
Make is interrupted after the recipe has begun to write the target file,
it results in an incomplete file whose time stamp is newer than that
of the prerequisites files. Make automatically deletes the incomplete
file on interrupt unless the target is marked .PRECIOUS.
The situation is just the same as when the shell fails for some reasons.
Usually when a recipe line fails, if it has changed the target file at
all, the file is corrupted, or at least it is not completely updated.
Yet the file’s time stamp says that it is now up to date, so the next
time Make runs, it will not try to update that file.
However, Make does not cater to delete the incomplete target file in
this case. We need to add .DELETE_ON_ERROR somewhere in the Makefile
to request it.
scripts/Kbuild.include seems a suitable place to add it because it is
included from almost all sub-makes.
Masahiro Yamada [Thu, 10 Jan 2019 14:11:39 +0000 (23:11 +0900)]
kbuild: fix parallel build race caused by u-boot.cfg regeneration
Multiple people have reported intermittent build failure in parallel
building.
Kever Yang reported this issue some time ago [1], but I could not
get enough clue at that time.
This time, Richard Purdie provided a full build log [2], which was
very helpful for me to root-cause it.
The cause of the problem is commit 0d982c585330 ("Makefile: add
dependencies to regenerate u-boot.cfg when lost").
That commit added the 'cfg' as the prerequisite of the 'all' target,
so the parallel build tries to run it simultaneously, then regenerates
a symlink while building objects.
When u-boot.cfg is accidentally lost, let's rebuild it before
descending into any subdirectories.
Also, what is annoying is u-boot.cfg is currently regenerated every
time since it depends on FORCE. We can get rid of all the prerequisites
of u-boot.cfg because u-boot.cfg is rebuilt anyway as the byproduct of
auto.conf when a user updates the .config file.
serial: ns16550: fix debug uart putc called before init
If _debug_uart_putc() is called before _debug_uart_init(), the
ns16550 debug uart driver hangs in a tight loop waiting for the
tx FIFO to get empty.
As this can happen via a printf sneaking in before the port calls
debug_uart_init(), introduce a config option to ignore characters
before the debug uart is initialized.
This is done by reading the baudrate divisor and aborting if is zero.
The Kconfig option is required as reading the baudrate divisor does
not seem to work for all ns16500 compatibles (which is why the last
attempt on this has been reverted in 1a67969a99).
Tested on socfpga_cyclone5_socrates.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Lokesh Vutla [Tue, 8 Jan 2019 13:58:35 +0000 (19:28 +0530)]
xyz-modem: Fix timeout loop waiting with WATCHDOG
Commit 2c77c0d6524eb ("xyz-modem: Change getc timeout loop waiting")
fixes the loop delay when using a hw watchdog, assuming that watchdog
kicking is taken care of by getc(). But the xyzmodem driver tries to
do a getc only after confirming that a character is available like below:
while (!tstc()) {
till timeout;
}
if (tstc())
*c = getc();
and getc() does a watchdog reset only if it fails to see a character.
In this case, getc() always sees a character and never does a
watchdog reset. So to make sure that watchdog doesn't get reset
while loading the file, do a watchdog reset just before starting the
image loading.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Vignesh R <vigneshr@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Marek Vasut [Mon, 7 Jan 2019 20:23:38 +0000 (21:23 +0100)]
lib: uuid: Do not enable UUID command SPL
The uuid command is only really useful in U-Boot, but it's useless in
SPL. Worse yet, it pulls in various environment manipulation functions
as it call env_set(). Do not compile the command in in SPL.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Tom Rini <trini@konsulko.com>
Marek Vasut [Mon, 7 Jan 2019 20:23:22 +0000 (21:23 +0100)]
spl: ymodem: Add support for loading gzip compressed uImage
Add support for gunzip-ing gzip-compressed uImages in the SPL Ymodem code.
Loading data over Ymodem can be gruelingly slow, gzip-ing the data can
reduce that aggravating slowness at least slightly (depends on the data,
u-boot.bin compresses to ~1/3 of it's original size on ARM64), hence add
optional support for decompressing gzip-compressed uImages.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Tom Rini <trini@konsulko.com>
Marek Vasut [Thu, 3 Jan 2019 21:09:44 +0000 (22:09 +0100)]
cmd: mmc: Invalidate MMC block cache after init
Make sure the block cache is cleared for the MMC device after it was
reinitialized to avoid having any stale data in the cache, like e.g.
partition tables or such.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Jaehoon Chung <jh80.chung@samsung.com>
Marek Vasut [Thu, 3 Jan 2019 20:19:24 +0000 (21:19 +0100)]
mmc: Add support for downgrading HS200/HS400 to HS mode
The mmc_select_mode_and_width() function can be called while the card
is in HS200/HS400 mode and can be used to downgrade the card to lower
mode, e.g. HS. This is used for example by mmc_boot_part_access_chk()
which cannot access the card in HS200/HS400 mode and which is in turn
called by saveenv if env is in the MMC.
In such case, forcing the card clock to legacy frequency cannot work.
Instead, the card must be switched to HS mode first, from which it can
then be reprogrammed as needed.
However, this procedure needs additional code changes, since the current
implementation checks whether the card correctly switched to HS mode in
mmc_set_card_speed(). The check only expects that the card will be going
to HS mode from lower modes, not from higher modes, hence add a parameter
which indicates that the HS200/HS400 to HS downgrade is happening. This
makes the code send the switch command first, reconfigure the controller
next and finally perform the EXT_CSD readback check. The last two steps
cannot be done in reverse order as the card is already in HS mode when
the clock are being switched on the controller side.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Jaehoon Chung <jh80.chung@samsung.com>
omap3: igep00x0: Remove USB support due DM_USB deadline
The USB support for this board was never really tested, in fact, the
presence of these options are more a copy & paste error from the
Beagleboard than a feature that really was used. As doesn't work, remove
for now. If someone at some point want to add this support he'll need to
migrate the board to use CONFIG_DM_USB instead.
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
The IGEP0032 board was never officially pushed upstream and actually I
don't have access to this hardware, unless someone with the hardware
wants to start working on this doesn't makes sense have this defconfig
here. So remove it.
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Add MMC nodes for HiKey board based on HI6220 SoC. There are three MMC
controllers in this SoC, first one used for eMMC, second one used
for SD card and third one is not used by u-boot.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
Convert HiSilicon HI6220 MMC driver based on DWMMC IP to driver
model.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Enable this on poplar] Signed-off-by: Tom Rini <trini@konsulko.com>
Michal Simek [Wed, 9 Jan 2019 10:58:24 +0000 (11:58 +0100)]
i2c: mux: Covert to livetree functions
Updates i2c muxes drivers to support livetree.
Similar changes were done by:
"net: zynq_gem: convert to use livetree"
(sha1: 26026e695afa794ac018a09e79a48120d322b60d)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This is needed to properly calculate i2c bus speed divisors.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com> Signed-off-by: Wojciech Tatarski <wtatarski@antmicro.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Marek Vasut [Wed, 19 Dec 2018 11:26:27 +0000 (12:26 +0100)]
i2c: xiic: Add Xilinx AXI I2C driver
Add Xilinx AXI I2C controller driver based on the Linux i2c-xiic driver.
This driver is stripped of all the IRQ handling and uses pure polling,
yet tries to retain most of the structure of the Linux driver to make
backporting of fixes easy.
Note that the IP has a known limitation on 255 bytes read and write,
according to xilinx this is still being worked on [1].
Lukas Auer [Fri, 4 Jan 2019 00:37:32 +0000 (01:37 +0100)]
riscv: replace use of callee-saved register in standalone
Register x19 (s3) is a callee-saved register. It must not be used to
load and jump to exported functions without saving it beforehand.
Replace it with t0, a temporary and caller-saved register.
Change the code comment to reflect this and fix it to correctly list gp
as the register with the pointer to global data.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com>
Lukas Auer [Fri, 4 Jan 2019 00:37:31 +0000 (01:37 +0100)]
riscv: remove RISC-V standalone linker script
Standalone applications do not require a separate linker script and can
use the default linker script of the compiler instead. Remove the RISC-V
standalone linker script.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com>
Lukas Auer [Fri, 4 Jan 2019 00:37:30 +0000 (01:37 +0100)]
riscv: use invalidate/flush_*cache_range functions in cache.c
The flush_cache() function in lib/cache.c ignores its arguments and
flushes the complete data and instruction caches. Use the
invalidate/flush_*cache_range() functions instead to only flush the
requested memory region.
This patch does not change the current behavior of U-Boot, since the
implementation of the invalidate/flush_*cache_range() functions flush
the complete data and instruction caches. It is in preparation for CPUs
with the necessary functionality for flushing a selectable memory range.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Lukas Auer [Fri, 4 Jan 2019 00:37:29 +0000 (01:37 +0100)]
riscv: move the AX25-specific implementation of flush_dcache_all
The fence instruction is used to enforce device I/O and memory ordering
constraints in RISC-V. It can not be relied on to directly affect the
data cache on every CPU.
Andes' AX25 does not have a coherence agent. Its fence instruction
flushes the data cache and is used to keep data in the system coherent.
The implementation of flush_dcache_all in lib/cache.c is therefore
specific to the AX25. Move it into the AX25-specific cache.c in
cpu/ax25/.
This also adds a missing new line between flush_dcache_all and
flush_dcache_range in lib/cache.c.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Lukas Auer [Fri, 4 Jan 2019 00:37:28 +0000 (01:37 +0100)]
riscv: clarify error message on undefined exceptions
Undefined exceptions are treated as reserved. This is not clearly
communicated to the user. Adjust the error message to clarify that a
reserved exception has occurred and add additional details.
Fixes: e8b522b ("riscv: treat undefined exception codes as reserved") Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
sandbox: i2c_emul_find() No emulators for device 'rtc@43'
when running the date command on sandbox_defconfig an error occurs:
./u-boot -D u-boot.dtb
=> date
i2c_emul_find() No emulators for device 'rtc@43'
## Get date failed
Correct the references to the emulator devices in the sandbox device trees
using test.dts as a reference.
Fixes: 031a650e1309 ("dm: sandbox: i2c: Use new emulator parent uclass") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
Dropped unnecessary #address/size-cells property in i2c_emul: Signed-off-by: Simon Glass <sjg@chromium.org>
Simon Glass [Mon, 17 Dec 2018 16:12:16 +0000 (09:12 -0700)]
sandbox: Correct SDL build flags
The check for CONFIG_SANDBOX_SDL in config.mk does not work since the
build config is not available by the time that file is included. Remove it
so that we always call sdl-config except when NO_SDL is used.
Simon Glass [Mon, 10 Dec 2018 16:05:23 +0000 (09:05 -0700)]
buildman: Deal nicely with invalid build-status file
The 'done' files created by buildman may end up being empty if buildman
runs out of disk space while writing them. This error is then persistent,
since even if disk space is reclaimed and the build retries, the empty
file causes an exception in the builder thread.
Simon Glass [Mon, 10 Dec 2018 00:11:10 +0000 (17:11 -0700)]
test: dm: regmap: Fix the long test delay
At present one of the regmap tests takes 5 seconds to run since it waits
for a timeout. This should be handled using sandbox_timer_add_offset()
which advances time for test purposes.
This requires a little change to make the regmap_read_poll_timeout()
testable.
Simon Glass [Thu, 6 Dec 2018 01:42:52 +0000 (18:42 -0700)]
dm: Tidy up 'dm tree' output when there are many devices
At present the 'Index' column assumes there is only one digit. But on some
devices (e.g. snow) there are a lot of regulators and GPIO banks. Adjust
the output to allow for two digits without messing up the display.
Also capatalise the heading to match.
Fixes: 5197dafc42 (dm: core: Widen the dump tree to show more of the
driver's name.)
Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Liviu Dudau <liviu.dudau@foss.arm.com>
Shawn Guo [Tue, 18 Dec 2018 09:52:06 +0000 (17:52 +0800)]
poplar: add DWC2 OTG gadget support
It enables DWC2 OTG gadget driver support for Poplar board. As
usb2_phy_init() is being always called from board_init(), we can save
the call from board_usb_init().
Booting an image currently sets the environment variable "fdtaddr"
by calling into 'cmd/fdt.c'. As a result, linking U-Boot fails if
CMD_FDT is not enabled.
Fix this by adding 'if (CONFIG_IS_ENABLED(CMD_FDT))' to the two
places where 'set_working_fdt_addr()' is called.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
projects / u-boot.git / log
