Alexander Graf [Wed, 26 Sep 2018 12:07:41 +0000 (14:07 +0200)]
sandbox: Fix set_working_fdt_addr users
When running sandbox with the new pointer sanitization we just recently
introduced, we're running into a case with FIT images where we end up
interpreting pointers as addresses.
What happened is that most callers of set_working_fdt_addr() simply
convert pointers into addresses without taking into account that they
might be 2 separate address spaces. Fix the callers up to map their
pointers into addresses.
Create the handle of loaded images and the EFI_LOADED_IMAGE_PROTOCOL
inside efi_setup_loaded_image(). Do not use local variables.
Currently we expect the loaded image handle to point to the loaded image
protocol. Additionally we have appended private fields to the protocol.
With the patch the handle points to a loaded image object and the private
fields are added here. This matches how we handle the net and the gop
object.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Sun, 23 Sep 2018 14:23:56 +0000 (16:23 +0200)]
efi_loader: Fix loaded_image handle passing from EL3
When running in EL3 mode on AArch64, we have to first drop to EL2
to execute a UEFI payload. When dropping down, the arguments to
the entry point have to stay identical to the ones for normal entry
though.
In commit ea54ad59286 ("efi_loader: pass handle of loaded image")
we incorrectly changed that logic and had the el3 entry path diverge.
Fix it up by syncing it back to what it's supposed to be.
Fixes: ea54ad59286 ("efi_loader: pass handle of loaded image") Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Since GRUB patch d0c070179d4d ("arm/efi: Switch to arm64 linux loader",
2018-07-09) we do not need a workaround for GRUB on 32bit ARM anymore.
So let's eliminate function efi_exit_caches().
This will require Linux distributions to update grub-efi-arm to the GRUB
git HEAD (a tag containing the aforementioned GRUB patch is not available
yet).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
CSI H can be used to position the cursor. The calling application may
specify a location that is beyond the limits of the screen. This may
lead to an illegal memory access.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Currently we assign a lot of protocols to loaded images though
these protocols are not related to them. Instead they should be
installed on a separate handle. Via the device path it is the
parent to the devices like the network adapter.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Not all terminals understand CSI [18t for querying the console size.
We should adhere to escape sequences documented in the console_codes
manpage and the ECMA-48 standard.
So here we follow a different approach. We position the cursor to the
bottom right and query its position. Before leaving the function we
restore the original cursor position.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Sun, 16 Sep 2018 15:05:29 +0000 (17:05 +0200)]
efi_loader: Merge memory map entries
We currently do not combine memory entries that are adjacent and have
the same attributes. The problem with that is that our memory map can
easily grow multiple hundreds of entries in a simple UEFI Shell
environment.
So let's make sure we always combine all entries to make the memory
map as small as possible. That way every other piece of code that
loops through it should also gain some nice speed ups.
Alexander Graf [Fri, 22 Jun 2018 12:44:13 +0000 (14:44 +0200)]
sandbox: Allow to execute from RAM
With efi_loader, we may want to execute payloads from RAM. By default,
permissions on the RAM region don't allow us to execute from there though.
So let's change the default allocation scheme for RAM to also allow
execution from it. That way payloads that live in U-Boot RAM can be
directly executed.
Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Fri, 22 Jun 2018 12:44:12 +0000 (14:44 +0200)]
sandbox: Fix setjmp/longjmp
In sandbox, longjmp returns to itself in an endless loop because
os_longjmp() calls into longjmp() which is provided by U-Boot which
again calls os_longjmp().
Setjmp on the other hand must not return because otherwise the
return freees up stack elements that we need during longjmp().
The only straight forward fix that doesn't involve nasty hacks I
could find is to directly link against the system setjmp/longjmp
implementations. That means we just provide the compiler with
hints that the symbol will be available and actually fill them
out with versions from libc.
This approach should be reasonably platform agnostic
Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Simon Glass [Sat, 15 Sep 2018 06:50:56 +0000 (00:50 -0600)]
sandbox: Enhance map_to_sysmem() to handle foreign pointers
At present map_sysmem() maps an address into the sandbox RAM buffer,
return a pointer, while map_to_sysmem() goes the other way.
The mapping is currently just 1:1 since a case was not found where a more
flexible mapping was needed. PCI does have a separate and more complex
mapping, but uses its own mechanism.
However this arrange cannot handle one important case, which is where a
test declares a stack variable and passes a pointer to it into a U-Boot
function which uses map_to_sysmem() to turn it into a address. Since the
pointer is not inside emulated DRAM, this will fail.
Add a mapping feature which can handle any such pointer, mapping it to a
simple tag value which can be passed around in U-Boot as an address.
Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Simon Glass [Sat, 15 Sep 2018 06:50:55 +0000 (00:50 -0600)]
sandbox: Add support for calling abort()
This function is useful to signal that the application needs to exit
immediate. It can be caught with a debugger (e.g. gdb). Add a stub for it
so that it can be called from within sandbox when an internal error
occurs.
Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Simon Glass [Sat, 15 Sep 2018 06:50:54 +0000 (00:50 -0600)]
sandbox: Align RAM buffer to the machine page size
At present the sandbox RAM buffer is not aligned to any particular
address boundary. This makes the internal pointers somewhat random with
respect to the associated RAM buffer addresses.
Align the buffer to the page size of the machine to help with this. Note
that there is a header at the start of the allocated pointer. To avoid
returning a pointer which is not aligned to a page boundary, we waste
almost an entire page of memory for each allocation.
Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
In this commit and the following, test scripts for new filesystem
functionalities introduced by my patch set, "fs: fat: extend FAT write
operations," are provided.
In particular, this patch adds test cases for sub-directory write
and write with non-zero offset.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
In this commit, the same set of test cases as in test/fs/fs-test.sh
is provided using pytest framework.
Actually, fs-test.sh provides three variants:"sb" (sb command), "nonfs"
(fatxx and etc.) and "fs" (hostfs), and this patch currently supports
only "nonfs" variant; So it is not a replacement of fs-test.sh for now.
In this patch, unlink support is added to FAT file system.
A directory can be deleted only if it is empty.
In this implementation, only a directory entry for a short file name
will be removed. So entries for a long file name can and should be
reclaimed with fsck.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
In efi world, there is no obvious "mkdir" interface, instead, Open()
with EFI_FILE_MODE_CREATE in mode parameter and EFI_FILE_DIRECTORY
in attributes parameter creates a directory.
In this patch, efi_file_open() is extended so as to accept such
a combination of parameters and call u-boot's mkdir interface for
expected action.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Please note that, as there is no notion of "current directory" on u-boot,
a directory name specified must contains an absolute directory path as
a parent directory. Otherwise, "/" (root directory) is assumed.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
In this patch, all the necessary code for allowing for a file offset
at write is implemented. What plays a major roll here is get_set_cluster(),
which, in contrast to its counterpart, set_cluster(), only operates on
already-allocated clusters, overwriting with data.
So, with a file offset specified, set_contents() seeks and writes data
with set_get_cluster() until the end of a file, and, once it reaches
there, continues writing with set_cluster() for the rest.
Please note that a file will be trimmed as a result of write operation if
write ends before reaching file's end. This is an intended behavior
in order to maintain compatibility with the current interface.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
fs: fat: refactor write interface for a file offset
The current write implementation is quite simple: remove existing clusters
and then allocating new ones and filling them with data. This, inevitably,
enforces always writing from the beginning of a file.
As the first step to lift this restriction, fat_file_write() and
set_contents() are modified to accept an additional parameter, file offset
and further re-factored so that, in the next patch, all the necessary code
will be put into set_contents().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
In this patch, write implementation is overhauled and rewritten by
making full use of directory iterator. The obvious bonus is that we are
now able to write to a file with a directory path, like /A/B/C/FILE.
Please note that, as there is no notion of "current directory" on u-boot,
a file name specified must contain an absolute directory path. Otherwise,
"/" (root directory) is assumed.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
It would be good that FAT write function return error code instead of
just returning -1 as fat_read_file() does.
This patch attempts to address this issue although it is 'best effort
(or estimate)' for now.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
FAT file system's long file name support is a bit complicated and has some
restrictions on its naming. We should be careful about it especially for
write as it may easily end up with wrong file system.
normalize_longname() check for the rules and normalize a file name
if necessary. Please note, however, that this function is yet to be
extended to fully comply with the standard.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
fs: fat: assure iterator's ->dent belongs to ->clust
In my attempt to re-work write operation, it was revealed that iterator's
"clust" does not always point to a cluster to which a current directory
entry ("dent") belongs.
This patch assures that it is always true by adding "next_clust" which is
used solely for dereferencing a cluster chain.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
fs: fat: handle "." and ".." of root dir correctly with fat_itr_resolve()
FAT's root directory does not have "." nor ".."
So care must be taken when scanning root directory with fat_itr_resolve().
Without this patch, any file path starting with "." or ".." will not be
resolved at all.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
get_fs_info() was introduced in major re-work of read operation by Rob.
We want to reuse this function in write operation by extending it with
additional members in fsdata structure.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Add the missing SPDX-License-Identifier based on Linux kernel commit b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier to
files with no license").
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Add the missing SPDX-License-Identifier based on Linux kernel commit b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier to
files with no license").
Correct formatting errors.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Stephen Warren [Thu, 30 Aug 2018 21:43:44 +0000 (15:43 -0600)]
ARM: tegra: reserve unmapped RAM so EFI doesn't use it
Tegra U-Boot ensures that board_get_usable_ram_top() never returns a value
over 4GB, since some peripherals can't access such addresses. However, on
systems with more than 2GB of RAM, RAM bank 1 does describe this extra
RAM, so that Linux (or whatever OS) can use it, subject to DMA
limitations. Since board_get_usable_ram_top() points at the top of RAM
bank 0, the memory locations describes by RAM bank 1 are not mapped by
U-Boot's MMU configuration, and so cannot be used for anything.
For some completely inexplicable reason, U-Boot's EFI support ignores the
value returned by board_get_usable_ram_top(), and EFI memory allocation
routines will return values above U-Boot's RAM top. This causes U-Boot to
crash when it accesses that RAM, since it isn't mapped by the MMU. One
use-case where this happens is TFTP download of a file on Jetson TX1
(p2371-2180).
This change explicitly tells the EFI code that this extra RAM should not
be used, thus avoiding the crash.
A previous attempt to make EFI honor board_get_usable_ram_top() was
rejected. So, this patch will need to be replicated for any board that
implements board_get_usable_ram_top().
Fixes: aa909462d018 ("efi_loader: efi_allocate_pages is too restrictive") Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Alexander Graf <agraf@suse.de>
The number of bytes in an utf-8 string is an upper limit for the number of
words in the equivalent utf-16 string. In so far the inumbant coding works
correctly. For non-ASCII characters the utf-16 string is shorter. With the
patch only the necessary buffer size is allocated for the load options.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
The length of a string printed to the console by the
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL is not limited by the UEFI spec.
Hence should not allocate a buffer for it on the stack.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
utf8_get() - get next UTF-8 code point from buffer
utf8_put() - write UTF-8 code point to buffer
utf8_utf16_strnlen() - length of a utf-8 string after conversion to utf-16
utf8_utf16_strncpy() - copy a utf-8 string to utf-16
utf16_get() - get next UTF-16 code point from buffer
utf16_put() - write UTF-16 code point to buffer
utf16_strnlen() - number of codes points in a utf-16 string
utf16_utf8_strnlen() - length of a utf-16 string after conversion to utf-8
utf16_utf8_strncpy() - copy a utf-16 string to utf-8
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
The function names utf16_strlen() and utf16_strnlen() are misnomers.
The functions do not count utf-16 characters but non-zero words.
So let's rename them to u16_strlen and u16_strnlen().
In utf16_dup() avoid assignment in if clause.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>