summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
37 hoursefi_loader: Measure secure boot variables in the correct PCR if DeployedMode ↵Ilias Apalodimas
is set PK, KEK, db, dbx etc must always be measured in PCR7. DeployedMode and AuditMode should be measured in PCR1 if DeployedMode is set and PCR7 otherwise. Fix the u16_strcmp to only change the PCR value for those two variables. Signed-off-by: Ilias Apalodimas <[email protected]> Acked-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_loader: Change the return values if a TPM is missing during GetEventLogIlias Apalodimas
The function defined by the TCG spec looks like: typedef EFI_STATUS (EFIAPI *EFI_TCG2_GET_EVENT_LOG) ( IN EFI_TCG2_PROTOCOL *This, IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, OUT BOOLEAN *EventLogTruncated ); and the spec mandates that "If no TPM is present, the function SHALL set the following values and return EFI_SUCCESS: EventLogLocation = NULL EventLogLastEntry = NULL EventLogTruncated = FALSE" However, if we set it to NULL the local assignment is discarded when the function returns. Set it to 0, although on some platforms that's a valid address. Signed-off-by: Ilias Apalodimas <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_loader: Correctly count the size on DTB measurementsIlias Apalodimas
When doing a sha256_update() for the measured DT, the size arguments for fdt_size_dt_struct() and fdt_size_dt_strings() are inversed. Signed-off-by: Ilias Apalodimas <[email protected]> Acked-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_loader: fix buffer overrun in efi_sigstore_parse_siglistHeinrich Schuchardt
In efi_sigstore_parse_siglist() sigdata is allocated. But instead of an allocation matching the size of sigdata, tainted external data was used to calculate the allocation size. This may lead to buffer overflows. * Correct the allocation size. * Follow the man-page. Use the structure size as second argument for calloc. Reviewed-by: Ilias Apalodimas <[email protected]> Signed-off-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_selftest: test block io revision and pointersVincent Stehlé
Enhance the unit test to verify all Revision fields and all pointers of all the EFI_BLOCK_IO_PROTOCOL structures. As the unit test registers its own block io protocol for test purposes, make sure to initialize its revision properly, as it will be verified as well. This can run on the sandbox with the following command: ./u-boot -T -c 'setenv efi_selftest block device; bootefi selftest' Suggested-by: Heinrich Schuchardt <[email protected]> Signed-off-by: Vincent Stehlé <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_selftest: free handles on teardown()Vincent Stehlé
In the block device selftest, make the handles pointer global and free it also in teardown(), to simplify error handling. We also need to nullify the pointer after freeing it on the normal path, to avoid freeing it a second time during teardown(). Signed-off-by: Vincent Stehlé <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_loader: fix building with CONFIG_EFI_VARIABLES_PRESEED=yHeinrich Schuchardt
Since commit bd3f9ee679b4 ("kbuild: Bump the build system to 6.1") out-of-tree builds with CONFIG_EFI_VARIABLES_PRESEED=y fail with errors like: ../lib/efi_loader/efi_var_seed.S:14: Error: file not found: ubootefi.var For out-of-tree build we cannot use CONFIG_EFI_VAR_SEED_FILE in the .incbin statement of file efi_var_seed.S. * We have to prepend $(srctree) if the path is relative. * We must not prepend $(srctree) if the path is absolute. Fixes: bd3f9ee679b4 ("kbuild: Bump the build system to 6.1") Reported-by: Jon Mason <[email protected]> Closes: https://lore.kernel.org/u-boot/CAPoiz9zg4OXgHo5J3WtJHKOEuWOdCDrugWfAt6Z+d71j=+q8oA@mail.gmail.com/T/#mffaca10a9e812d03eceafad59999a02e57258b9a Tested-by: Nora Schiffer <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Tested-by: Ilias Apalodimas <[email protected]> Signed-off-by: Heinrich Schuchardt <[email protected]>
37 hoursefi_loader: fix missing EFI_EXIT in efi_disconnect_controllerVincent Stehlé
We are missing a call to EFI_EXIT() when returning from efi_disconnect_controller(), which we need after having called EFI_ENTRY(). Fix this by jumping to the common error path, which does call EFI_EXIT(). Even though the common error path may try to free child_handle_buffer, this cannot harm in our case as it always NULL. This is inspired by a barebox fix. [1] Link: https://git.pengutronix.de/cgit/barebox/commit/?id=080db65e39a877b000baaf843c997a69821dfe69 [1] Fixes: 314bed6c854e ("efi_loader: fix DisconnectController() for sole child") Signed-off-by: Vincent Stehlé <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
4 dayspower: regulator: add generic PMBus UCLASS_REGULATOR adapterVincent Jardin
PMBus regulators differ in numeric formats and quirks, not in how they are driven. Share that common behaviour as a regulator-uclass adapter so chip drivers and the pmbus CLI do not each reimplement the decode and transport, and add a catch-all driver on compatible = "pmbus" for compliant chips that have no dedicated driver yet. Gated by CONFIG_DM_REGULATOR_PMBUS_HELPER and CONFIG_DM_REGULATOR_PMBUS_GENERIC. Signed-off-by: Vincent Jardin <[email protected]> Signed-off-by: Peng Fan <[email protected]>
4 dayspmbus: add PMBus 1.x framework, CLI, and bindingVincent Jardin
Add U-Boot's PMBus 1.x layer: the decoder/transport library, the pmbus CLI command and a generic DT binding. The subsequent commits provide the UCLASS_REGULATOR adapter and per-chip drivers. U-Boot's PMBus support is not a hwmon clone of Linux's drivers/hwmon/pmbus/. Linux owns the runtime side (polling, sysfs, alert IRQs, fan loops). U-Boot owns the boot-time side in order to, - identify the PMBus regulators a board carries: MFR_ID/ MFR_MODEL/MFR_REVISION + sanity checks. - print telemetry (VIN/VOUT/IIN/IOUT/POUT/TEMP) so an operator can confirm rail voltages and faults before the kernel - decode any chip alerts (STATUS_VOUT/STATUS_IOUT/STATUS_INPUT/ STATUS_TEMPERATURE/STATUS_CML) so a boot log shows why the previous boot failed or the board had been power cycled because of an outage (typically over temperature or under current). Out of scope by design: no periodic polling, no sysfs, no fan-speed control loop, no PMBUS_VIRT_* sensor virtualisation, no caching. If a use case needs any of those, the answer should be "wait until Linux comes up". It shall remain a thin layer. The constants and structural shape (command codes, status bit names, sensor-class enum, format enum, struct pmbus_driver_info) are mirrored from Linux drivers/hwmon/pmbus/pmbus.h verbatim. The decoders/encoders are reimplemented from the PMBus 1.3 specification because the surrounding hwmon context (struct pmbus_data, sysfs caching, hwmon publication) does not apply. The main benefits: - One framework + CLI for any board carrying PMBus regulators: no per-board PMBus implementation required anymore. - Boards call pmbus_print_telemetry() / pmbus_print_status_word() directly from boot init for a snapshot, sharing all decode + format-dispatch with the CLI. - Linux-compatible constants and DT binding so porting an existing drivers/hwmon/pmbus/ chip is mechanical. - Boot-time AVS/VID rail trim reuses the same decoders and encoders as the CLI and the regulator path: no duplicate math. Signed-off-by: Vincent Jardin <[email protected]> Signed-off-by: Peng Fan <[email protected]>
10 daysMerge branch 'next'Tom Rini
14 daystreewide: change email links from mailman to patch.msgid.link with message-idNeil Armstrong
In preparation of the migration of the mailman mailing-list currently hosted on the denx.de infrastructure, migrate the links in the code, comments and documentation to https://patch.msgid.link to be future proof and always link to the expected content data and uses the message-id in the URL which will help find the appropriate e-mail in the future. Signed-off-by: Neil Armstrong <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Tom Rini <[email protected]>
2026-06-25Kconfig: lib: restyleJohan Jonker
Restyle all Kconfigs for "lib": Menu entries : no space left Menu attributes: 1 TAB Help text : 1 TAB + 2 spaces Replace '---help---' by 'help' Signed-off-by: Johan Jonker <[email protected]>
2026-06-24treewide: move bi_dram[] from bd to gdIlias Apalodimas
Currently, the bi_dram[] information is stored in the board info structure (bd). Because bd is only valid after reserve_board(), dram_init_banksize() must be called late in the initialization process. This limitation is problematic, as it forces us to rely on a variety of bespoke functions to determine board RAM, bank memory sizes, and other early setup requirements. By moving bi_dram[] into the global data (gd), we can run it earlier. This is particularly convenient since boards define their own dram_init_banksize() routines, which do not always rely on parsing Device Tree (DT) memory nodes. Additionally, U-Boot defaults to relocating to the top of the first memory bank. While boards currently use custom functions to override this behavior, having the DRAM bank information available earlier in gd makes relocating to a different bank trivial and standardizes the process. Reviewed-by: Anshul Dalal <[email protected]> Tested-by: Michal Simek <[email protected]> # Versal Gen 2 Vek385 Tested-by: Anshul Dalal <[email protected]> Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]> Tested-by: Christophe Leroy (CS GROUP) <[email protected]>
2026-06-22Merge tag 'v2026.07-rc5' into nextTom Rini
Prepare v2026.07-rc5
2026-06-21efi_selftest: fix use-after-freeVincent Stehlé
When the `memory' efi selftest verifies the Devicetree memory reservation, it accesses the memory_map buffer after it has been freed with free_pool(). Move the verification earlier to fix this. Fixes: 34c96659ed57 ("efi_selftest: check fdt is marked as runtime data") Signed-off-by: Vincent Stehlé <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
2026-06-21lib/efi_loader: fix block io revisionVincent Stehlé
The Revision field of the EFI_BLOCK_IO_PROTOCOL structure must be set to one of the two valid values [1], but this is not initialized in the efi_loader; fix it. Link: https://uefi.org/specs/UEFI/2.11/13_Protocols_Media_Access.html#efi-block-io-protocol [1] Signed-off-by: Vincent Stehlé <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
2026-06-21efi_loader: fix memory leak in efi_var_collectIlias Apalodimas
Barebox has now ported some of the UEFI code. In the process they found some bugs. In this case when the variable buffer is too small, efi_var_collect() returns EFI_BUFFER_TOO_SMALL but doesn't free the allocated 'buf'. Fixes: 5f7dcf079de8c ("efi_loader: UEFI variable persistence") Signed-off-by: Ilias Apalodimas <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
2026-06-21efi_selftest: fix guid comparisonVincent Stehlé
The `loaded image' efi selftest is comparing protocol GUIDs with the wrong polarity. This can be verified on the sandbox, where two protocols GUIDs are retrieved by the test from the image handle in the following order: 1. Loaded Image Device Path Protocol GUID 2. Loaded Image Protocol GUID The test matches on the first GUID, while it is in fact looking for the second one; fix the comparison polarity. Fixes: efe79a7c0de0 ("efi_selftest: test for loaded image protocol") Signed-off-by: Vincent Stehlé <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]> Cc: Alexander Graf <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
2026-06-17Merge patch series "dtc: Resync fdt_check_full function"Tom Rini
Tom Rini <[email protected]> says: As part of the resync to dtc version v1.7.2-35-g52f07dcca47c from the Linux Kernel, we missed updating the fdt_check_full function because it exists in its own file in upstream dtc and the kernel doesn't import it, as reported by Anton Ivanov. This short series brings in the upstream fdt_check.c file and then implements our size-saving option, but in the modern way. The size-saving portion has been upstreamed. Link: https://lore.kernel.org/r/[email protected]
2026-06-17dtc: Resync fdt_check_full() with upstream version v1.7.2-35-g52f07dcca47cTom Rini
In the upstream project, the function fdt_check_full has been moved from fdt_ro.c to its own file, fdt_check.c. This file is not included in the Linux kernel copy and so has not been synced over. As we do need and use the fdt_check_full function, bring that file over as of the current upstream we are synced to. Remove our copy of this function from fdt_ro.c and add fdt_check.o and 1-liner fdt_check.c where needed. Note that for now, this will increase size in some cases as upstream does not have a size reduction method here. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Tom Rini <[email protected]>
2026-06-15lmb: Add the Rockchip architecture as requiring DMA below 4GHeiko Stuebner
Loading EFI parts like a Debian-Installer on Rockchip SoCs creates interesting results, in that on some boards the Grub bootloader can't find any partitions on a USB-Stick, or loading a kernel from Grub spews EHCI fail timeout STS_IAA set messages before failing and on others the loading something like efivars from an eMMC creates read errors and making the MMC vanish from U-Boot. This only affected boards with at least 4GB of RAM. These boards have at least 256MB of memory placed above the actual 4GB address space (due to the iomem being in between) and while kernel, initramfs, dt are generally loaded to predefined addresses, additional EFI parts (efivars, etc) are likely just loaded "somewhere" and it seems this always landed in that higher up memory part. Also in the Linux-kernel peripherals like EMMC, USB, etc already run with a 32bit dma-mask set. So far, I've seen this on RK3568 and RK3588, but as the same peripherals are used on most Rockchip SoCs, it makes sense to limit this on all. So add ARCH_ROCKCHIP to the default-y list of LMB_LIMIT_DMA_BELOW_RAM_TOP. Signed-off-by: Heiko Stuebner <[email protected]> Reviewed-by: Jonas Karlman <[email protected]> Reviewed-by: Peter Robinson <[email protected]>
2026-06-15Merge patch series "various memory related fixups"Tom Rini
[email protected] <[email protected]> says: From: Randolph Sapp <[email protected]> Nitpicks and fixes from the discovery thread on adding PocketBeagle2 support [1]. This does a lot of general setup required for the device, but these modifications themselves aren't device specific. For those specifically interested in PocketBeagle2 support and don't care about these details, my development branch is public [2]. That first patch may provoke some opinions, but honestly if that warning was still present I wouldn't have spent a week poking holes in both the EFI and LMB allocations systems. Please let me know if there is a specific usecase that it breaks though. [1] https://lore.kernel.org/all/[email protected]/ [2] https://github.com/StaticRocket/u-boot/tree/feature/pocketbeagle2 Link: https://lore.kernel.org/r/[email protected]
2026-06-15memory: reserve from start_addr_sp to initial_relocaddrRandolph Sapp
Add a new global data struct member called initial_relocaddr. This stores the original value of relocaddr, directly from setup_dest_addr. This is specifically to avoid any adjustments made by other init functions. Reserve the memory from gd->start_addr_sp - CONFIG_STACK_SIZE to gd->initial_relocaddr instead of gd->ram_top. This allows platform specific relocation addresses to work without unnecessarily painting over a large range. Signed-off-by: Randolph Sapp <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2026-06-09Merge tag 'efi-2026-07-rc5' of ↵Tom Rini
https://source.denx.de/u-boot/custodians/u-boot-efi Pull request efi-2026-07-rc5 CI: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/30365 Documentation: * Update urllib3 version for building * usb: typos 'requird', 'current' UEFI * Improve PE-COFF relocation data validation Devicetree-to-C generator: * dtoc: test: add missing escape in help text
2026-06-08Merge tag 'v2026.07-rc4' into nextTom Rini
Prepare v2026.07-rc4
2026-06-08smbios: Fix wrong sysinfo ID for Type 3 enclosure asset tagFrank Böwingloh
smbios_write_type3() uses SYSID_SM_BASEBOARD_ASSET_TAG (Type 2) instead of SYSID_SM_ENCLOSURE_ASSET_TAG (Type 3) for the enclosure asset tag. This causes the enclosure's asset tag to be read from the baseboard sysinfo field rather than the enclosure-specific one. Fixes: bcf456dd ("smbios: add detailed smbios information") Signed-off-by: Frank Böwingloh <[email protected]> Cc: Raymond Mao <[email protected]> Cc: Tom Rini <[email protected]> Cc: Ilias Apalodimas <[email protected]> Reviewed-by: Raymond Mao <[email protected]>
2026-06-08lmb: Rename LMB_LIMIT_DMA_BELOW_4G to LMB_LIMIT_DMA_BELOW_RAM_TOPMarek Vasut
Rename LMB_LIMIT_DMA_BELOW_4G to LMB_LIMIT_DMA_BELOW_RAM_TOP to make the Kconfig option more descriptive. No functional change. Suggested-by: Ilias Apalodimas <[email protected]> Signed-off-by: Marek Vasut <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2026-06-07efi_loader: validate PE-COFF relocation dataHeinrich Schuchardt
When applying base relocations from a PE-COFF binary all data must be treated as untrusted. Add the following checks to efi_loader_relocate(): * Reject relocation blocks that don't start on a 32-bit aligned address. * Reject relocation blocks whose SizeOfBlock is smaller than the block header, which would cause an unsigned underflow when computing the entry count. * A block with SizeOfBlock == 0 is invalid and does not mark the end of the relocation table. * Reject relocation blocks that extend beyond the end of the relocation section. * Reject individual relocation entries whose target offset, together with the access width, exceeds the mapped image size, preventing out-of-bounds writes. Pass virt_size to efi_loader_relocate() from efi_load_pe() to enable the per-entry bounds check. Reported-by: Anas Cherni <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Signed-off-by: Heinrich Schuchardt <[email protected]>
2026-06-04lmb: Optionally limit available memory to 4 GiB on limited systemsMarek Vasut
Some architectures can not DMA above 4 GiB boundary, limit available memory to memory below 4 GiB boundary. Signed-off-by: Marek Vasut <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Tested-by: Ilias Apalodimas <[email protected]> #rpi4 8GiB
2026-06-02Merge patch series "Clean up bloblist initialization"Tom Rini
Tom Rini <[email protected]> says: This series does a few small but important cleanups to how we check for, and initialize a bloblist. The first thing is that the way things are done today, our HANDOFF code can only work with a fixed bloblist location, so express that requirement in Kconfig. Next, we demote the scary message about "Bloblist at ... not found" to a debug because we most often see that because the bloblist doesn't (and can't) exist yet. Finally, we remove bloblist_maybe_init and split this in to an exists and a real init. This results in practically no growth (between 8 bytes growth to 12 bytes saved, with some outliers saving much more thanks to knowing it's impossible to have been passed a bloblist yet). This also cleans up some of the code around checking for / knowing about a bloblist existing. Link: https://lore.kernel.org/r/[email protected]
2026-06-02bloblist: Rework bloblist_init and bloblist_maybe_initTom Rini
With bloblist, we need to both see if one already exists as well as create one if it does not. However, the current implementation leads to odd cases where we attempt to create a bloblist before this is possible and have things be overly complicated when we are given one to work with. This reworks things to instead have a bloblist_exists function, which as the name implies checks for an existing bloblist. This is used in the case of booting, to see if we have one and in turn if we have a device tree there as well as in the bloblist_init function to see if we need to do anything. In practical details, we move the logic from bloblist_init that was checking for a bloblist to the new bloblist_exists function and then can clarify the logic as it is much easier to state when we know we do not have one rather than all the ways we might have one. Then we have the locations that set gd->bloblist now also set the GD_FLG_BLOBLIST_READY flag. Reviewed-by: Raymond Mao <[email protected]> Tested-by: Alexander Stein <[email protected]> Signed-off-by: Tom Rini <[email protected]>
2026-05-25Merge tag 'v2026.07-rc3' into nextTom Rini
Prepare v2026.07-rc3
2026-05-18efi_selftest: test hii keyboard layouts moreVincent Stehlé
The HII database test for keyboard layouts register two package lists with two keyboard layouts each, but the test verifies only the GUID of the first keyboard layout. This does not catch the bugs happening with the keyboard layouts after the first one in a package. Verify all the keyboard layout GUIDs in the unit test to prevent this. Signed-off-by: Vincent Stehlé <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]>
2026-05-18efi_loader: fix hii keyboard layout pointer computationVincent Stehlé
The EFI_HII_KEYBOARD_LAYOUT field `layout_length' is expressed in bytes, but we add it to the `layout' pointer with (scaled) pointer arithmetic. When adding an HII keyboard package with multiple keyboard layouts, this results in only the first layout being added correctly; fix it. Fixes: 8d3b77e36e10 ("efi: hii: add keyboard layout package support") Signed-off-by: Vincent Stehlé <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Ilias Apalodimas <[email protected]> Cc: Tom Rini <[email protected]> Cc: AKASHI Takahiro <[email protected]>
2026-05-18efi_loader: fix AllocatePages overlap statusHarsimran Singh Tungal
Return EFI_NOT_FOUND for EFI_ALLOCATE_ADDRESS overlap When efi_allocate_pages() is called with EFI_ALLOCATE_ADDRESS, UEFI expects EFI_NOT_FOUND if the requested address range is already allocated or unavailable. U-Boot currently returns EFI_OUT_OF_RESOURCES when efi_update_memory_map() detects an overlap after a successful lmb_alloc_mem(), which does not match EFI_ALLOCATE_ADDRESS semantics. Return EFI_NOT_FOUND for EFI_ALLOCATE_ADDRESS requests that fail due to an overlapping EFI memory descriptor, while keeping EFI_OUT_OF_RESOURCES for other allocation types. The UEFI specification [1] specifies that EFI_BOOT_SERVICES.AllocatePages must return EFI_NOT_FOUND when the requested address range is unavailable or already allocated; EFI_OUT_OF_RESOURCES applies to non‑address‑specific allocation failures. [1] https://uefi.org/specs/UEFI/2.10_A/07_Services_Boot_Services.html Signed-off-by: Harsimran Singh Tungal <[email protected]> The UEFI specification does not clearly specify the behavior. But let's follow the EDK II precedent here. Reviewed-by: Heinrich Schuchardt <[email protected]>
2026-05-15smbios: Do not fall back on devicetree without valid mappingMark Kettenis
The smbios_get_val_si() function may get called for a sysinfo property for which there is no mapping to a devicetree property. Avoid a NULL pointer dereference in this case by skipping the read of the mapped property from the device tree. Fixes: 83b28b55d74f ("smbios: add support for dynamic generation of Type 9 system slot tables") Signed-off-by: Mark Kettenis <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Raymond Mao <[email protected]>
2026-05-12Merge patch series "add memdup_nul(), use it and memdup() in a few places"Tom Rini
Rasmus Villemoes <[email protected]> says: There are quite a few places where we allocate X+1 bytes, initialize the first X bytes via memcpy() and then set the last byte to 0. The kernel has a helper for that, kmemdup_nul(). Introduce a similar one, and start making use of it in a few places. Also the existing memdup() helper can be put to more use. There are lots more places one could modify. But for code shared with host tools, one would need to do some refactoring, putting memdup() and memdup_nul() in their own str-util.c TU which could then also be included in the tools build. Link: https://lore.kernel.org/r/[email protected]
2026-05-12lib/hashtable.c: use memdup_nul() in himport_rRasmus Villemoes
We have memdup_nul() for exactly this pattern of duplicating a block of memory and ensuring there's a nul byte after the copy. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Rasmus Villemoes <[email protected]>
2026-05-12lib/string.c: implement strdup() and strndup() in terms of memdup_nul()Rasmus Villemoes
With the addition of memdup_nul(), strdup() and strndup() can be implemented as one-liners. While not required by POSIX or C, do keep the behaviour of gracefully accepting a NULL source and simply return NULL. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Rasmus Villemoes <[email protected]>
2026-05-12lib/string.c: introduce memdup_nul() helperRasmus Villemoes
This is completely analogous to the linux kernel's kmemdup_nul() helper, apart from the lack of the gfp_t argument: Allocate a buffer of size {len}+1, copy {len} bytes from the given buffer, and add a final nul byte. This pattern exists in a number of places, so this helper can reduce some boilerplate code. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Rasmus Villemoes <[email protected]>
2026-05-12lib/string.c: drop pointless __HAVE_ARCH_STRDUPRasmus Villemoes
There has never been an arch-specific optimized implementation of str[n]dup, nor is there likely to ever be one, because unlike their cousins strlen(), strcpy() and similar that simply read/write the src/dst, the dup functions by definition involve memory allocation. So drop this irrelevant cpp guard. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Rasmus Villemoes <[email protected]>
2026-05-12string: fix prototype of memdup()Rasmus Villemoes
It doesn't make sense to restrict memdup() to only return char* pointers, especially when it is already defined to accept void*. This makes it uglier to use to e.g. duplicate a struct. Make it return void*, just as kmemdup() does in the kernel (and which our kmemdup() in fact also does). While in here, make a small optimization: memcpy() is defined to return the destination register, so we write this in a way that the compiler may do a tail call. Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Rasmus Villemoes <[email protected]>
2026-05-12fwu: add helper to get image GUID by type and bank indexDario Binacchi
Introduce fwu_mdata_get_image_guid() to retrieve a specific image GUID from the FWU metadata based on the bank index and image type GUID. This allows identifying the correct partition in multi-bank (A/B) scenarios, ensuring the correct image is targeted depending on the current bank. Signed-off-by: Dario Binacchi <[email protected]> Reviewed-by: Simon Glass <[email protected]> Acked-by: Ilias Apalodimas <[email protected]>
2026-05-12lib: uuid: add partition type GUID for extended bootloaderDario Binacchi
The Extended Boot Loader Partition (XBOOTLDR) is a standard defined by the Discoverable Partitions Specification (DPS) to host boot loader resources outside of the EFI System Partition ([1], [2]). Defining this GUID (bc13c2ff-59e6-4262-a352-b275fd6f7172) allows U-Boot to correctly identify and label these partitions using the "xbootldr" shorthand. [1] https://uapi-group.org/specifications/specs/discoverable_partitions_specification/#extended-boot-loader-partition:~:text=UEFI%20Specification.-,Extended%20Boot%20Loader%20Partition,-bc13c2ff%2D59e6%2D4262 [2] https://uapi-group.org/specifications/specs/boot_loader_specification/ Signed-off-by: Dario Binacchi <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-11acpi: fix initial RSDT and XSDT sizeHeinrich Schuchardt
When creating the RSDT and the XSDT table they contain no entries. The table size therefore must equal the header size. Without this change a NULL deference has been observed in acpi_find_table() when running `ut dm` on sandbox64_defconfig executed via `sudo ./u-boot -D`. Fixes: 94ba15a3f13f ("x86: Move base tables to a writer function") Fixes: 7e586f69070d ("acpi: Put table-setup code in its own function") Fixes: ab5efd576c4e ("x86: acpi: Adjust order in acpi_table.c") Fixes: 867bcb63e79f ("x86: Generate a valid ACPI table") Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Simon Glass <[email protected]> Update dm_test_acpi_ctx_and_base_tables() in test/dm/acpi.c to expect sizeof(struct acpi_table_header) for the initial table length (instead of sizeof(*rsdt) / sizeof(*xsdt)), and to compute the checksum over header->length bytes rather than the full struct size: Signed-off-by: Simon Glass <[email protected]>
2026-05-08lib: fdtdec: validate bloblist FDT before consuming libfdt sizeRaymond Mao
Coverity Scan defects are observed in fdtdec_apply_bloblist_dtos(), since the live FDT taken from the bloblist is passed to libfdt helpers which consume header size/offset fields: - fdt_open_into() - fdt_pack() Validate the bloblist FDT with fdt_check_full() before calling fdt_open_into() and again after applying overlays before calling fdt_pack(). This makes the libfdt consumers operate on a checked FDT blob while keeping the existing flow unchanged. Also normalize libfdt return codes from this path to errno values, including the overlay callback path through bloblist_apply_blobs(). Fixes: b70cbbfbf94f ("fdtdec: apply DT overlays from bloblist") Addresses-Coverity-ID: CID 645837: (TAINTED_SCALAR) Signed-off-by: Raymond Mao <[email protected]> Reviewed-by: Alexander Sverdlin <[email protected]>
2026-05-05efi_mem_sort: use list_for_each_entry_safe insteadRandolph Sapp
Use list_for_each_entry_safe and comparisons against the current and next efi_mem_desc. This reduces the computation required for merging regions, prevents unnecessary additional iterations of the list, and requires less temporary values. Signed-off-by: Randolph Sapp <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-05efi_selftest_memory: check for duplicates firstRandolph Sapp
Check for duplicate memory mappings before reporting any incorrect attributes. Could be that second allocation has the correct type while the first doesn't. Knowing there is a duplicate in this scenario is more helpful than just reporting the first mismatch. Signed-off-by: Randolph Sapp <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Simon Glass <[email protected]>
2026-05-05efi_dt_fixup: use fdtdec_get_boolRandolph Sapp
Use the more straightforward fdtdec_get_bool instead of fdt_getprop and a return code check. Signed-off-by: Randolph Sapp <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Anshul Dalal <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Simon Glass <[email protected]>