u-boot.git/lib, branch v2025.01-rc3 Unnamed repository; edit this file 'description' to name the repository. Merge patch series "Fix device removal order for Apple dart iommu" 2024-11-24T21:41:32+00:00 Tom Rini trini@konsulko.com 2024-11-24T21:41:32+00:00 880fcc49eb40a78ed27ff575aa02034d7bd74e80 Janne Grunau <j@jannau.net> says: Starting with v2024.10 dev_iommu_dma_unmap calls during device removal trigger a NULL pointer dereference in the Apple dart iommu driver. The iommu device is removed before its user. The sparsely used DM_FLAG_VITAL flag is intended to describe this dependency. Add it to the driver. Adding this flag is unfortunately not enough since the boot routines except the arm one simply remove all drivers. Add and use a new function which calls dm_remove_devioce_flags(DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL); dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); to ensure this order dependency is head consistently. Link: https://lore.kernel.org/r/20241123-iommu_apple_dart_ordering-v2-0-cc2ade6dde97@jannau.net 
Janne Grunau <j@jannau.net> says:

Starting with v2024.10 dev_iommu_dma_unmap calls during device removal
trigger a NULL pointer dereference in the Apple dart iommu driver. The
iommu device is removed before its user. The sparsely used DM_FLAG_VITAL
flag is intended to describe this dependency. Add it to the driver.

Adding this flag is unfortunately not enough since the boot routines
except the arm one simply remove all drivers. Add and use a new function
which calls
    dm_remove_devioce_flags(DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL);
    dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);
to ensure this order dependency is head consistently.

Link: https://lore.kernel.org/r/20241123-iommu_apple_dart_ordering-v2-0-cc2ade6dde97@jannau.net
dm: Add dm_remove_devices_active() for ordered device removal 2024-11-24T21:41:28+00:00 Janne Grunau j@jannau.net 2024-11-23T21:44:05+00:00 dabaa4ae32062cb3f3d995e5c63e6cef54ad079b This replaces dm_remove_devices_flags() calls in all boot implementations to ensure non vital devices are consistently removed first. All boot implementation except arch/arm/lib/bootm.c currently just call dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL). This can result in crashes when dependencies between devices exists. The driver model's design document describes DM_FLAG_VITAL as "indicates that the device is 'vital' to the operation of other devices". Device removal at boot should follow this. Instead of adding dm_remove_devices_flags() with (DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL) everywhere add dm_remove_devices_active() which does this. Fixes a NULL pointer deref in the apple dart IOMMU driver during EFI boot. The xhci-pci (driver which depends on the IOMMU to work) removes its mapping on removal. This explodes when the IOMMU device was removed first. dm_remove_devices_flags() is kept since it is used for testing of device_remove() calls in dm. Signed-off-by: Janne Grunau <j@jannau.net> 
This replaces dm_remove_devices_flags() calls in all boot
implementations to ensure non vital devices are consistently removed
first. All boot implementation except arch/arm/lib/bootm.c currently
just call dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL). This can result
in crashes when dependencies between devices exists. The driver model's
design document describes DM_FLAG_VITAL as "indicates that the device is
'vital' to the operation of other devices". Device removal at boot
should follow this.

Instead of adding dm_remove_devices_flags() with (DM_REMOVE_ACTIVE_ALL |
DM_REMOVE_NON_VITAL) everywhere add dm_remove_devices_active() which
does this.

Fixes a NULL pointer deref in the apple dart IOMMU driver during EFI
boot. The xhci-pci (driver which depends on the IOMMU to work) removes
its mapping on removal. This explodes when the IOMMU device was removed
first.

dm_remove_devices_flags() is kept since it is used for testing of
device_remove() calls in dm.

Signed-off-by: Janne Grunau <j@jannau.net>
lmb: Correctly unmap and free memory on errors 2024-11-24T14:25:03+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-11-24T09:00:03+00:00 967d57ab592ce1bcab0785f8483b1b43c2d881aa We never free and unmap the memory on errors and we never unmap it when freeing it. The latter won't cause any problems even on sandbox, but for consistency always use unmap_sysmem() Fixes: commit 22f2c9ed9f53 ("efi: memory: use the lmb API's for allocating and freeing memory") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We never free and unmap the memory on errors and we never unmap it when
freeing it. The latter won't cause any problems even on sandbox, but for
consistency always use unmap_sysmem()

Fixes: commit 22f2c9ed9f53 ("efi: memory: use the lmb API's for allocating and freeing memory")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: allow EFI_LOADER_BOUNCE_BUFFER on all architectures 2024-11-23T22:36:54+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-21T14:25:21+00:00 3fbbaf139cd8942c58255170aa49f5fedfc0846f Commit 775f7657ba58 ("Kconfig: clean up the efi configuration status") by mistake revoked commit dcd1b63b7072 ("efi_loader: allow EFI_LOADER_BOUNCE_BUFFER on all architectures"). Fixes: 775f7657ba58 ("Kconfig: clean up the efi configuration status") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Loic Devulder <ldevulder@suse.com> 
Commit 775f7657ba58 ("Kconfig: clean up the efi configuration status")
by mistake revoked commit dcd1b63b7072 ("efi_loader: allow
EFI_LOADER_BOUNCE_BUFFER on all architectures").

Fixes: 775f7657ba58 ("Kconfig: clean up the efi configuration status")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Loic Devulder <ldevulder@suse.com>
efi_loader: simplify efi_tcg2_hash_log_extend_event() 2024-11-23T22:14:15+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-05T04:20:45+00:00 a152e149991dd062ba47f41c06cc44723c30375f The value of variable nt is never used. Just use NULL when calling efi_check_pe(). The API function is not expected to write to the console. Such output might have unwanted side effects on the screen layout of an EFI application. Leave error handling to the caller. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The value of variable nt is never used. Just use NULL when calling
efi_check_pe().

The API function is not expected to write to the console. Such output might
have unwanted side effects on the screen layout of an EFI application.

Leave error handling to the caller.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: use memmove() for overlapping buffers 2024-11-16T17:21:59+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-02T10:27:37+00:00 6c717d952d455d2efc267496fa9797a656459e6f The behavior of memcpy() for overlapping buffers is undefined. Fixes: 4c57ec76b725 ("tpm: Implement state command for Cr50") Addresses-Coverity-ID: 356664 Overlapping buffer in memory copy Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The behavior of memcpy() for overlapping buffers is undefined.

Fixes: 4c57ec76b725 ("tpm: Implement state command for Cr50")
Addresses-Coverity-ID: 356664 Overlapping buffer in memory copy
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lmb.c: add missing comma in lmb_dump_region() 2024-11-15T00:14:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-07T10:14:42+00:00 dfe7ab35147c2a2c8a63b2155227a86684d6dd4d In the message string " %s[%d]\t[0x%llx-0x%llx], 0x%08llx bytes flags: " a comma is missing before flags. To avoid increasing the code size replace '0x%' by '%#'. Printing the size with leading zeros but not the addresses does not really make sense. Remove the leading zeros from the size output. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> [trini: Fix test/cmd/bdinfo.c for these changes] Signed-off-by: Tom Rini <trini@konsulko.com> 
In the message string " %s[%d]\t[0x%llx-0x%llx], 0x%08llx bytes flags: "
a comma is missing before flags.

To avoid increasing the code size replace '0x%' by '%#'.

Printing the size with leading zeros but not the addresses does not really
make sense. Remove the leading zeros from the size output.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
[trini: Fix test/cmd/bdinfo.c for these changes]
Signed-off-by: Tom Rini <trini@konsulko.com>
lmb: do not panic in lmb_print_region_flags 2024-11-15T00:14:05+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-02T06:32:26+00:00 1f66c0e1f4ffb2f9f0fea8fcb7118028039e76a2 Commit c3cf0dc64f1c ("lmb: add a check to prevent memory overrun") addressed a possible buffer overrun using assert_noisy(). Resetting via panic() in lmb_print_region() while allowing invalid lmb flags elsewhere is not reasonable. Instead of panicking print a message indicating the problem. fls() returns an int. Using a u64 for bitpos does not match. Use int instead. fls() takes an int as argument. Using 1ull << bitpos generates a u64. Use 1u << bitpos instead. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
Commit c3cf0dc64f1c ("lmb: add a check to prevent memory overrun")
addressed a possible buffer overrun using assert_noisy().

Resetting via panic() in lmb_print_region() while allowing invalid
lmb flags elsewhere is not reasonable.

Instead of panicking print a message indicating the problem.

fls() returns an int. Using a u64 for bitpos does not match.
Use int instead.

fls() takes an int as argument. Using 1ull << bitpos generates a u64.
Use 1u << bitpos instead.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
lib: rsa: Set conventional salt length RSA-PSS parameter 2024-11-15T00:14:05+00:00 Loic Poulain loic.poulain@linaro.org 2024-10-31T09:15:31+00:00 1b99c15d73c10a7f5953e7cd69264754f5f604ba RFC 3447 says that Typical salt length are either 0 or the length of the output of the digest algorithm, RFC 4055 also recommends hash value length as the salt length. Moreover, By convention, most of the signing infrastructures/libraries use the length of the digest algorithm (such as google cloud kms: https://cloud.google.com/kms/docs/algorithms). If the salt-length parameter is not set, openssl default to the maximum allowed value, which is a openssl 'specificity', so this works well for local signing, but restricts compatibility with other engines (e.g pkcs11/libkmsp11): ``` returning 0x71 from C_SignInit due to status INVALID_ARGUMENT: at rsassa_pss.cc:53: expected salt length for key XX is 32, but 478 was supplied in the parameters Could not obtain signature: error:41000070:PKCS#11 module::Mechanism invalid ``` To improve compatibility, we set the default RSA-PSS salt-length value to the conventional one. A further improvement could consist in making it configurable as signature FIT node attribute. rfc3447: https://datatracker.ietf.org/doc/html/rfc3447 rfc4055: https://datatracker.ietf.org/doc/html/rfc4055 Signed-off-by: Loic Poulain <loic.poulain@linaro.org> 
RFC 3447 says that Typical salt length are either 0 or the length
of the output of the digest algorithm, RFC 4055 also recommends
hash value length as the salt length. Moreover, By convention,
most of the signing infrastructures/libraries use the length of
the digest algorithm (such as google cloud kms:
                      https://cloud.google.com/kms/docs/algorithms).

If the salt-length parameter is not set, openssl default to the
maximum allowed value, which is a openssl 'specificity', so this
works well for local signing, but restricts compatibility with
other engines (e.g pkcs11/libkmsp11):

```
returning 0x71 from C_SignInit due to status INVALID_ARGUMENT:
    at rsassa_pss.cc:53: expected salt length for key XX is 32,
    but 478 was supplied in the parameters
Could not obtain signature: error:41000070:PKCS#11 module::Mechanism invalid
```

To improve compatibility, we set the default RSA-PSS salt-length
value to the conventional one. A further improvement could consist
in making it configurable as signature FIT node attribute.

rfc3447: https://datatracker.ietf.org/doc/html/rfc3447
rfc4055: https://datatracker.ietf.org/doc/html/rfc4055

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
lwip: fix code style issues 2024-11-15T00:14:05+00:00 Jerome Forissier jerome.forissier@linaro.org 2024-11-07T11:27:57+00:00 356011f7ac25113d44869350d352a3fc64a7ee75 Fix various code style issues in the lwIP code. Reported-by: Tom Rini <trini@konsulko.com> Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Fix various code style issues in the lwIP code.

Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>