| Age | Commit message (Collapse) | Author |
|---|
|
This fixes CVE-2018-18439 ("insufficient boundary checks in network
image boot") by using lmb to check for a valid range to store
received blocks.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
[trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
lmb.h includes an extern declaration of "struct lmb lmb;" which
is not used anywhere, so remove it.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
This reduces duplicate code only.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem
image load") by using lmb to check the load size of a file against
reserved memory addresses.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This adds two new functions, lmb_alloc_addr and
lmb_get_unreserved_size.
lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a
pre-specified address range. Unlike lmb_reserve, this address range
must be inside one of the memory ranges that has been set up with
lmb_add.
lmb_get_unreserved_size returns the number of bytes that can be
used up to the next reserved region or the end of valid ram. This
can be 0 if the address passed is reserved.
Added test for these new functions.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
boot_fdt_add_mem_rsv_regions() adds reserved memory sections to an lmb
struct. Currently, it only parses regions described by /memreserve/
entries.
Extend this to the more commonly used scheme of the "reserved-memory"
node.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
lmb_add_region handles overlapping regions wrong: instead of merging
or rejecting to add a new reserved region that overlaps an existing
one, it just adds the new region.
Since internally the same function is used for lmb_alloc, change
lmb_add_region to reject overlapping regions.
Also, to keep reserved memory correct after 'free', reserved entries
created by allocating memory must not set their size to a multiple
of alignment but to the original size. This ensures the reserved
region is completely removed when the caller calls 'lmb_free', as
this one takes the same size as passed to 'lmb_alloc' etc.
Add test to assert this.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
The lmb code fails if base + size of RAM overflows to zero.
Fix this by calculating end as 'base + size - 1' instead of 'base + size'
where appropriate.
Added tests to assert this is fixed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
Add basic tests for the lmb memory allocation code used to reserve and
allocate memory during boot.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The spi_flash_read_env function is a wrapper over spi_flash_read, which
enables the env to read multiple flash page size from flash until '\0\0'
is read or the end of env partition is reached. Instead of reading the
entire env size. When it reads '\0\0', it stops reading further the env
and assumes that the rest of env is '\0'.
This is an optimization for large environments that contain few bytes
environment variables. In this case it doesn't need to read the entire
environment and only few pages.
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
|
|
Each ECC layout consumes about 2984 bytes in the .data section. Allow
to disable the default ECC layouts if a driver is known to provide its
own ECC layout.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
|
|
Fix recent changes to serial API for driver model
Buildman clang support and a few fixes
Small fixes to 'dm tree' and regmap test
Improve sandbox build compatibility
A few other minor fixes
|
|
|
|
1. Improve cache implementation.
2. Fix and improve standalone applications
|
|
- MediaTek improvements (eth support)
- DM conversion for HI6220
- ISEE, Toby Churchill, other platform updates
- Various format code printf fixes
- Build race fixes
- Command repeat functionality enhanced, command autocomplete support
enhanced.
|
|
Add the dollar_complete() function to auto-complete arguments starting
with a '$' and use it in the cmd_auto_complete() path such that all
args starting with a $ can be auto-completed based on the available env
vars.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
[trini: Fix some linking problems]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Switching private data manual allocation to driver model auto allocation
so users no longer need to deallocate themself because this would be
deallocated by driver model when the device is no longer required.
Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
And you get sub-command auto-completion for free.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
It's way simpler this way, and we also gain auto-completion support for
free (MTD name auto-completion has been added with mtd_name_complete())
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Most cmd/xxx.c source files expose several commands through a single
entry point. Some of them are doing the sub-command parsing manually in
their do_<cmd>() function, others are declaring a table of sub-commands
and then use find_cmd_tbl() to delegate the request to the sub command
handler.
In either case, the amount of code to do that is not negligible and
repetitive, not to mention that almost no commands are implementing
the auto-completion hook, which means most u-boot commands lack
auto-completion.
Provide several macros to easily define commands exposing sub-commands.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
The repeatable property is currently attached to the main command and
sub-commands have no way to change the repeatable value (the
->repeatable field in sub-command entries is ignored).
Replace the ->repeatable field by an extended ->cmd() hook (called
->cmd_rep()) which takes a new int pointer to store the repeatable cap
of the command being executed.
With this trick, we can let sub-commands decide whether they are
repeatable or not.
We also patch mmc and dtimg who are testing the ->repeatable field
directly (they now use cmd_is_repeatable() instead), and fix the help
entry manually since it doesn't use the U_BOOT_CMD() macro.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Some commands have a table of sub-commands. With minor adjustments,
complete_cmdv() is able to provide auto-completion for sub-commands
(it's just about passing the table of commands instead of taking the
global one).
We rename this function into complete_subcmd() and implement
complete_cmdv() as a wrapper around complete_subcmdv().
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
When auto-completing command arguments, the last argument is not
necessarily the one we need to auto-complete. When the last character is
a space, a tab or '\0' what we want instead is list all possible values,
or if there's only one possible value, place this value on the command
line instead of trying to suffix the last valid argument with missing
chars.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Cache up to 4 kiB entries. 4 kiB is the default block size on ext4, yet
the underlying block layer devices usually report support for 512B . In
most cases, the 512B support is emulated (ie. SD cards, SSDs, USB sticks
etc.) and the real block size of those devices is much bigger.
To avoid performance degradation with such devices and FS setup, bump
the maximum cache entry size to 4 kiB.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
With the current Makefile, CONFIG_BOARD_SIZE_LIMIT is used to check
the U-Boot binary without devicetree only. This produces wrong results
when OF_SEPARATE is used.
To fix this, run the CONFIG_BOARD_SIZE_LIMIT check on all .img binaries
as well.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Based on the following Linux commits:
- 54a702f70589 ("kbuild: mark $(targets) as .SECONDARY and remove
.PRECIOUS markers")
- 8e9b61b293d9 ("kbuild: move .SECONDARY special target to
Kbuild.include")
GNU Make automatically deletes intermediate files that are updated
in a chain of pattern rules.
Example 1) %.dtb.o <- %.dtb.S <- %.dtb <- %.dts
Example 2) %.o <- %.c <- %.c_shipped
A couple of makefiles mark such targets as .PRECIOUS to prevent Make
from deleting them, but the correct way is to use .SECONDARY.
.SECONDARY
Prerequisites of this special target are treated as intermediate
files but are never automatically deleted.
.PRECIOUS
When make is interrupted during execution, it may delete the target
file it is updating if the file was modified since make started.
If you mark the file as precious, make will never delete the file
if interrupted.
Both can avoid deletion of intermediate files, but the difference is
the behavior when Make is interrupted; .SECONDARY deletes the target,
but .PRECIOUS does not.
The use of .PRECIOUS is relatively rare since we do not want to keep
partially constructed (possibly corrupted) targets.
.SECONDARY with no prerequisites causes all targets to be treated as
secondary. This agrees the policy of Kbuild.
scripts/Kbuild.include seems a suitable place to add it because it is
included from almost all sub-makes.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
Linux commit 9c2af1c7377a8a6ef86e5cabf80978f3dbbb25c0
If Make gets a fatal signal while a shell is executing, it may delete
the target file that the recipe was supposed to update. This is needed
to make sure that it is remade from scratch when Make is next run; if
Make is interrupted after the recipe has begun to write the target file,
it results in an incomplete file whose time stamp is newer than that
of the prerequisites files. Make automatically deletes the incomplete
file on interrupt unless the target is marked .PRECIOUS.
The situation is just the same as when the shell fails for some reasons.
Usually when a recipe line fails, if it has changed the target file at
all, the file is corrupted, or at least it is not completely updated.
Yet the file’s time stamp says that it is now up to date, so the next
time Make runs, it will not try to update that file.
However, Make does not cater to delete the incomplete target file in
this case. We need to add .DELETE_ON_ERROR somewhere in the Makefile
to request it.
scripts/Kbuild.include seems a suitable place to add it because it is
included from almost all sub-makes.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Multiple people have reported intermittent build failure in parallel
building.
Kever Yang reported this issue some time ago [1], but I could not
get enough clue at that time.
This time, Richard Purdie provided a full build log [2], which was
very helpful for me to root-cause it.
The cause of the problem is commit 0d982c585330 ("Makefile: add
dependencies to regenerate u-boot.cfg when lost").
That commit added the 'cfg' as the prerequisite of the 'all' target,
so the parallel build tries to run it simultaneously, then regenerates
a symlink while building objects.
When u-boot.cfg is accidentally lost, let's rebuild it before
descending into any subdirectories.
Also, what is annoying is u-boot.cfg is currently regenerated every
time since it depends on FORCE. We can get rid of all the prerequisites
of u-boot.cfg because u-boot.cfg is rebuilt anyway as the byproduct of
auto.conf when a user updates the .config file.
[1] https://lists.denx.de/pipermail/u-boot/2018-June/330341.html
[2] https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/160/steps/7/logs/step1b
Fixes: 0d982c585330 ("Makefile: add dependencies to regenerate u-boot.cfg when lost")
Reported-by: Kever Yang <kever.yang@rock-chips.com>
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
If _debug_uart_putc() is called before _debug_uart_init(), the
ns16550 debug uart driver hangs in a tight loop waiting for the
tx FIFO to get empty.
As this can happen via a printf sneaking in before the port calls
debug_uart_init(), introduce a config option to ignore characters
before the debug uart is initialized.
This is done by reading the baudrate divisor and aborting if is zero.
The Kconfig option is required as reading the baudrate divisor does
not seem to work for all ns16500 compatibles (which is why the last
attempt on this has been reverted in 1a67969a99).
Tested on socfpga_cyclone5_socrates.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
DEBUG_UART_SKIP_INIT is used only by debug UART and thus should depend
on DEBUG_UART.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
|
|
Commit 2c77c0d6524eb ("xyz-modem: Change getc timeout loop waiting")
fixes the loop delay when using a hw watchdog, assuming that watchdog
kicking is taken care of by getc(). But the xyzmodem driver tries to
do a getc only after confirming that a character is available like below:
while (!tstc()) {
till timeout;
}
if (tstc())
*c = getc();
and getc() does a watchdog reset only if it fails to see a character.
In this case, getc() always sees a character and never does a
watchdog reset. So to make sure that watchdog doesn't get reset
while loading the file, do a watchdog reset just before starting the
image loading.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Vignesh R <vigneshr@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
pylibfdt needs Python 2 to build.
Replace $(PYTHON) with $(PYTHON2) in pylibfdt Makefile
to ensure Python 2 is used to build it.
This fixes build on systems where Python 3 is the default version
of the "python" interpreter.
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The uuid command is only really useful in U-Boot, but it's useless in
SPL. Worse yet, it pulls in various environment manipulation functions
as it call env_set(). Do not compile the command in in SPL.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
|
|
Add support for gunzip-ing gzip-compressed uImages in the SPL Ymodem code.
Loading data over Ymodem can be gruelingly slow, gzip-ing the data can
reduce that aggravating slowness at least slightly (depends on the data,
u-boot.bin compresses to ~1/3 of it's original size on ARM64), hence add
optional support for decompressing gzip-compressed uImages.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
|
|
The platdata initialization structs are currently generated into .rwdata.
Make sure the are put into .rodata by generating them as const.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
dst_len is defined as unsigned long. So use %lu for printf().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
src_len is defined as unsigned long. So use %lu for printf().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
It does not make sense to check if argc < 2 a second time, especially after
accessing argv[1].
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
updates is defined as unsigned int. So use %u for printf().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
test->time_ms[] is defined as unsigned. So use %u for printf().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
len is defined as unsigned. So use %u for printf().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
gpio is defined as unsigned int. So we should use %u when calling printf().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Building with CONFIG_OF_EMBED generates build warnings, as it should
only be used for debugging purposes.
Remove CONFIG_OF_EMBED from all stm32 config files which are using
this flag.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
|
|
Make sure the block cache is cleared for the MMC device after it was
reinitialized to avoid having any stale data in the cache, like e.g.
partition tables or such.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
|
|
In case the card is removed, force-init the MMC to start the internal
machinery which deregisters and invalidate the MMC device.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
|
|
The mmc_select_mode_and_width() function can be called while the card
is in HS200/HS400 mode and can be used to downgrade the card to lower
mode, e.g. HS. This is used for example by mmc_boot_part_access_chk()
which cannot access the card in HS200/HS400 mode and which is in turn
called by saveenv if env is in the MMC.
In such case, forcing the card clock to legacy frequency cannot work.
Instead, the card must be switched to HS mode first, from which it can
then be reprogrammed as needed.
However, this procedure needs additional code changes, since the current
implementation checks whether the card correctly switched to HS mode in
mmc_set_card_speed(). The check only expects that the card will be going
to HS mode from lower modes, not from higher modes, hence add a parameter
which indicates that the HS200/HS400 to HS downgrade is happening. This
makes the code send the switch command first, reconfigure the controller
next and finally perform the EXT_CSD readback check. The last two steps
cannot be done in reverse order as the card is already in HS mode when
the clock are being switched on the controller side.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
|
|
This adds device tree and the DM_MMC driver for the AM335x IGEP based
boards.
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
|
|
This adds device tree and the DM_MMC driver for the SL50 board.
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
|
