| Age | Commit message (Collapse) | Author |
|
U-Boot currently reserves only 0x3000 bytes when copying the FDT
in copy_fdt(), which may not be sufficient if additional nodes
(such as FMAN firmware) are added later.
This patch uses the exisitng SYS_FDT_PAD to reserve space for FDT fixup
instead of hardcoded value.
This change prevents potential corruption when resizing FDT after
EFI boot, especially when firmware like FMAN requires additional
space.
Signed-off-by: Gabriel Nesteruk <[email protected]>
Signed-off-by: Pawel Kochanowski <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
When BLOBLIST_TABLES is used, the ACPI tables are not currently added to
the list of EFI tables. While we don't want to create a new memory
region, we do want to tell EFI about the tables.
Fix this by covering this case. At some point the non-bloblist code can
likely be removed.
Signed-off-by: Simon Glass <[email protected]>
Fixes: 3da59ee9579 ("efi_loader: Avoid mapping the ACPI tables twice")
Signed-off-by: Patrick Rudolph <[email protected]>
|
|
Now that capsule update sets the dfu_alt_info environment variable
explicitly, there is no need to support it in the set_dfu_alt_info()
function. Decouple SET_DFU_ALT_INFO from EFI_CAPSULE_FIRMWARE_FIT and
EFI_CAPSULE_FIRMWARE_RAW. For many boards, this was the only use of
set_dfu_alt_info() so remove the function entirely.
Fixes: a9e6f01a941f ("efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled")
Signed-off-by: Jonathan Humphreys <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
Reviewed-by: Neil Armstrong <[email protected]> # for board/libre-computer/*
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Wadim Egorov <[email protected]> # for
|
|
The current implementation of EFI capsule update uses set_dfu_alt_info() to
set the dfu_alt_info environment variable with the settings it requires.
However, set_dfu_alt_info() is doing this for all DFU operations, even
those unrelated to capsule update.
Thus other uses of DFU, such as DFU boot which sets its own value for the
dfu_alt_info environment variable, will have that setting overwritten with
the capsule update setting. Similarly, any user defined value for the
dfu_alt_info environment variable would get overwritten when any DFU
operation was performed, including simply performing a "dfu 0 list"
command.
The solution is stop using the set_dfu_alt_info() mechanism to set the
dfu_alt_info environment variable and instead explicitly set it to the
capsule update's setting just before performing the capsule update's DFU
operation, and then restore the environment variable back to its original
value.
This patch implements the explicit setting and restoring of the
dfu_alt_info environment variable as part of the EFI capsule update
operation.
The fix is fully implemented in a subsequent patch that removes the capsule
update dfu_alt_info support in set_dfu_alt_info().
Signed-off-by: Jonathan Humphreys <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Andre Przywara <[email protected]> says:
C's implicit fallthrough behaviour in switch/case statements can lead to
subtle bugs. Quite some while ago many compilers introduced warnings in
those cases, requiring intentional fallthrough's to be annotated.
So far we were not enabling that compiler option, so many ambiguities
and some bugs in the code went unnoticed.
This series adds the required annotations in code paths that the first
stage of the U-Boot CI covers. There is a large number of cases left
in the libbz2 code. The usage of switch/case is borderline insane there,
labels are hidden in macros, and there are no breaks, but just goto's.
Upstream still uses very similar code, without any annotations. I still
am not 100% sure those are meant to fall through or not, and plan to do
further investigations, but didn't want to hold the rest of the patches
back. You can see for yourself by applying patch 18/18 and building for
sandbox64, for instance.
Because of this we cannot quite enable the warning in the Makefile yet,
but those fixes are worth regardless, and be it to increase readability.
Please note that those patches do not fix anything, really, they just add
those fallthrough annotations, so the series is not really critical.
Link: https://lore.kernel.org/r/[email protected]
|
|
In some cases in the generic code, we were already using switch/case
fallthrough annotations comments, though in a way which might not be
understood by most compilers.
Replace two non-standard /* no break */ comments with our fallthrough;
statement-like macro, to make this visible to the compiler.
Also use this macro in place of an /* Fall through */ comment, to be
more consistent.
Signed-off-by: Andre Przywara <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
The inflate state machine in zlib uses switch/case fall-through's
extensively, as it sometimes advances the state, and lets the
conveniently placed next case statement handle the new state already.
The pattern here is:
state->mode = LEN;
case LEN:
Annotate those occasions with the "fallthrough;" macro, to let compilers
know this is fine when using -Wimplicit-fallthrough.
This mimics the upstream commit 76f70abbc73f:
Author: Mark Adler <[email protected]>
Date: Sun Mar 27 00:12:38 2022 -0700
Subject: Add fallthrough comments for gcc.
Signed-off-by: Andre Przywara <[email protected]>
Link: https://github.com/madler/zlib/commit/76f70abbc73f
Reviewed-by: Tom Rini <[email protected]>
|
|
Heinrich Schuchardt <[email protected]> says:
Introduce a new function to update ACPI table headers.
This allows to simplify the existing code.
Link: https://lore.kernel.org/r/[email protected]
|
|
If tiny printf is used with 0x%08X (upper case X) the output is
always 0x00000000. It could be confusing if upper case instead
of lower case is used intentionally or accidentally because the
actual value is not output. To avoid this confusion, treat output
of %X as %x. As a compromise for tiny printf, the hex value is
then output correctly, but in lower case. This is done to keep it
tiny printf small.
Signed-off-by: Christoph Niedermaier <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
|
|
Use acpi_update_checksum() for updating ACPI table header checksum.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Matthias Brugger <[email protected]>
|
|
Introduce a new function to update ACPI table headers.
This allows to simplify the existing code.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Matthias Brugger <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Note that this undoes the changes of commit cf6d4535cc4c ("x86:
emulation: Disable bloblist for now") as that was intended only for the
release due to time.
|
|
It has been reported that memory corruption can occurred because network
packages where received after EXIT_BOOT_SERVICES. See the thread
starting at [1].
We try to remove all drivers when EXIT_BOOT_SERVICES is called. But
* Some network drivers don't call their own stop method when removed.
* Some network drivers don't have a remove method.
* Some devices have CONFIG_DM_DEVICE_REMOVE=n.
Let's call eth_halt() in EXIT_BOOT_SERVICES explicitly.
[1]
https://lore.kernel.org/all/[email protected]/
Cc: Michael Brown <[email protected]>
Reported-by: Christian Kohlschütter <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Michael Brown <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Christian Kohlschütter <[email protected]>
|
|
S/MIME Capabilities (OID: 1.2.840.113549.1.9.15) attributes are
expected to be algorithms but neither data nor MS Inderect Data,
thus the checker for data type is incorrect.
This patch fixes a capsule authentication failure with PKCS#7
message that contains S/MIME capabilities, which formed by the EDK2
GenerateCapsule tool.
S/MIME Capabilities are not common attributes in an EFI capsule,
thus this failure cannot be reproduced with the capsules generated
via mkeficapsule.
Fixes: 7de0d155cce7 ("mbedtls: add PKCS7 parser porting layer")
Reported-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Raymond Mao <[email protected]>
|
|
empty/full"
Simon Glass <[email protected]> says:
The membuff implementation curently has no tests. It also assumes that
head and tail can never correspond unless the buffer is empty.
This series provides a compile-time flag to support a 'full' flag. It
also adds some tests of the main routines.
The data structure is also renamed to membuf which fits better with
U-Boot.
There may be some cases in the code which could be optimised a little,
but the implementation is functional.
Link: https://lore.kernel.org/r/[email protected]
|
|
Show the start in end in the comment. Comment a missing variable in
membuf_readline() and fix its line length.
Signed-off-by: Simon Glass <[email protected]>
|
|
This should free the pointer, not the address of the pointer. Fix it.
Signed-off-by: Simon Glass <[email protected]>
|
|
Rename the struct to match the function prefix and filenames.
Signed-off-by: Simon Glass <[email protected]>
|
|
Rename the C and header files to use the membuf basename, to match the
functions.
Add a MAINTAINERS entry while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
The double 'f' is not necessary and is a bit annoying as elsewhere in
U-Boot we use 'buf'. Rename all the functions before it is used more
widely.
Signed-off-by: Simon Glass <[email protected]>
|
|
Simon Glass <[email protected]> says:
U-Boot can start and boot an OS in both qemu-x86 and qemu-x86_64 but it
is not perfect.
With both builds, executing the VESA ROM causes an intermittent hang, at
least on some AMD CPUs.
With qemu-x86_64 kvm cannot be used since the move to long mode (64-bit)
is done in a way that works on real hardware but not with QEMU. This
means that performance is 4-5x slower than it could be, at least on my
CPU.
We can work around the first problem by using Bochs, which is anyway a
better choice than VESA for QEMU. The second can be addressed by using
the same descriptor across the jump to long mode.
With an MTRR fix this allows booting into Ubuntu on qemu-x86_64
In v3 some e820 patches are included to make booting reliable and avoid
ACPI tables being dropped. Also, several MTTR problems are addressed, to
support memory sizes above 4GB reliably.
Link: https://lore.kernel.org/all/[email protected]/
|
|
This table lacks a correct checksum at present, so fix it.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The values in the FADT are pointers so should not go through sandbox's
normal addr<->pointer mapping. Fix this.
Signed-off-by: Simon Glass <[email protected]>
|
|
This series from Patrick Rudolph <[email protected]> brings
in an assortment of ACPI related fixes.
Link: https://lore.kernel.org/r/[email protected]
|
|
The spec recommends to set the mapping_offset only when there are
ID mappings as indicated by the mapping_count field.
Signed-off-by: Patrick Rudolph <[email protected]>
|
|
The IORT spec says that reserved bits must be set to zero, thus clear
all fields of the struct before starting to fill out non-reserved
fields.
Signed-off-by: Patrick Rudolph <[email protected]>
|
|
Check that the provided offsets are really pointing to a node
that have been previously written and are of the correct type.
Signed-off-by: Patrick Rudolph <[email protected]>
|
|
Even though the RC node has the correct size and the ID mappings
are written to the end of the node, the ID 'mapping offset' and
'mapping count' are not written in the IORT RC node header, thus it
looks like that the RC node has no ID mappings.
The Linux kernel doesn't complain about the invalid IORT RC node,
even though the spec says that each RC node must have an ID mapping.
The kernel will fail to use MSI IRQs and fall back to a legacy IRQ
mechanism that's not working either.
Finally it will show strange behaviour around PCI interrupts, making it
hard to trace back to an invalid IORT RC nodes.
Add the missing ID mapping count and mapping offset.
TEST: Fixes IRQ usage of PCI devices on qemu/sbsa-ref.
Fixes: bf5d37662da5 "acpi: acpi_table: Add IORT support"
Signed-off-by: Patrick Rudolph <[email protected]>
|
|
We have three warnings about needing to use quotes around some strings
in Kconfig files today. In two of these cases we can just add the
missing strings. In the case of INTEL_PINCTRL_PADCFG_PADTOL the symbol
is never referenced and should be dropped.
Signed-off-by: Tom Rini <[email protected]>
|
|
The EFI HTTP boot puts the ISO installer image at some location in
memory. Information about this image has to be passed on to the OS
kernel, which is done by adding a persistent memory(pmem) node to the
devicetree(DT) that is passed to the OS. The OS kernel then gets
information about the presence of this ISO image and proceeds with the
installation.
In U-Boot, this ISO image gets mounted as a memory mapped blkmap
device slice, with the 'preserve' attribute. Add a helper function
which iterates through all such slices, and invokes a callback. The
callback adds the pmem node to the DT and removes the corresponding
memory region from the EFI memory map. Invoke this helper function as
part of the DT fixup which happens before booting the OS.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Tobias Waldekranz <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
ACPI has NFIT and NVDIMM support to provide ramdisks to the OS. Linux
and device trees have support for persistent memory(pmem) devices. The
firmware can then add a pmem node for the region of memory occupied by
the ramdisk when passing the device-tree to the OS.
It's worth noting that for linux to instantiate the /dev/pmemX device,
the memory described in the pmem node has to be omitted from the EFI
memory map we hand over to the OS if ZONE_DEVICES and SPARSEMEM is
enabled. With those enabled the pmem driver ends up calling
devm_memremap_pages() instead of devm_memremap(). The latter works
whether the memory is omitted or marked as reserved, but mapping pages
only works if the memory is omitted.
On top of that, depending on how the kernel is configured, that memory
area must be page aligned or 2MiB aligned. PowerPC is an exception here
and requires 16MiB alignment, but since we don't have EFI support for
it, limit the alignment to 2MiB.
Ensure that the ISO image is 2MiB aligned and remove the region
occupied by the image from the EFI memory map.
Signed-off-by: Sughosh Ganu <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
With upcoming changes supporting pmem nodes, we need to remove the
pmem area from the EFI memory map. Rename efi_add_memory_map_pg() to
efi_update_memory_map(), and allow removing memory from the EFI memory
map.
Signed-off-by: Sughosh Ganu <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The efi_install_fdt() function is called before booting an EFI binary,
either directly, or through a bootmanager. This function installs a
copy of the device-tree(DT) on the EFI configuration table, which is
passed on to the OS.
The current logic in this function does not install a DT if a
device-tree is already installed as an EFI configuration
table. However, this existing copy of the DT might not be up-to-date,
or it could be a wrong DT for the image that is being booted. Always
install a DT afresh to the configuration table before booting the EFI
binary.
Installing a new DT also involves some additional checks that are
needed to clean up memory associated with the existing DT copy. Check
for an existing copy, and free up that memory.
Signed-off-by: Sughosh Ganu <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
There is logic in the copy_fdt() function which is iterating over the
platform's DRAM banks and setting the fdt_ram_start variable. However,
this variable is not used subsequently in the function. Remove this
superfluous code.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
When converting an IPv4 device path node to text, the
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL will produce the following string:
IPv4(5.6.7.8,TCP,UDP,0x6,DHCP,1.2.3.4,9.10.11.12,255.255.255.0)
This string erroneously contains multiple protocols: TCP, UDP and 0x6.
Add the missing `break' statements in the dp_msging() function to fix this
and obtain the following expected string instead:
IPv4(5.6.7.8,TCP,DHCP,1.2.3.4,9.10.11.12,255.255.255.0)
Fixes: aaf63429a112 ("efi_loader: add IPv4() to device path to text protocol")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Adriano Cordova <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Andre Przywara <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Prepare v2025.04-rc5
|
|
Ben reports a failure to boot the kernel on hardware that starts its
physical memory from 0x0.
The reason is that lmb_alloc_addr(), which is supposed to reserve a
specific address, takes the address as the first argument, but then also
returns the address for success or failure and treats 0 as a failure.
Since we already know the address change the prototype to return an int.
Reported-by: Ben Schneider <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Tested-by: Ben Schneider <[email protected]>
Reviewed-by: Sughosh Ganu <[email protected]>
|
|
Sughosh Ganu <[email protected]> says:
The patch series contains some fixes and improvements in the lmb
code, along with addition of corresponding test cases for the changes
made.
The lmb_reserve() function currently does not check if the requested
reservation would overlap with existing reserved regions. While some
scenarios are being handled, some corner cases still exist. These are
being handled by patch 1, along with adding test cases for these
scenarios.
Patch 2 is handling the case of reserving a new region of memory, but
that region overlaps with an existing region. The current code only
handles one particular scenario, but prints a message for the other
scenario of an encompassing overlap and returns back. The patch
handles the encompassing overlap.
Patch 3 is an improvement whereby we allow coalescing a newly reserved
region with an existing region. The current code exits this check
prematurely.
Patch 4 is removing a now superfluous check for overlapping regions
with flag other than LMB_NONE. This now gets handled at an earlier
point in lmb_reserve().
Patch 5 is clubbing the functionality to check if two regions are
adjacent, or overlap, allowing some code re-use.
Patch 6 is optimising the lmb_alloc() function by having it call
_lmb_alloc_base() directly.
Link: https://lore.kernel.org/r/[email protected]
|
|
The actual logic to allocate a region of memory is in the
_lmb_alloc_base() function. The lmb_alloc() API function calls
lmb_alloc_base(), which then calls _lmb_alloc_base() to do the
allocation. Instead, call the _lmb_alloc_base() directly from both the
allocation API's, and move the error message to the _lmb_alloc_base().
Signed-off-by: Sughosh Ganu <[email protected]>
|
|
The functions to check if the two said regions are adjacent or overlap
are pretty similar in nature. Club the functionality into a single
function lmb_regions_check() and return the appropriate return value
to signify this aspect.
Signed-off-by: Sughosh Ganu <[email protected]>
|
|
U-Boot allows re-use of already reserved memory through the
lmb_reserve() and lmb_alloc_addr() API's. This memory re-use is
allowed only when the flag of the existing reserved region and that of
the requested region is LMB_NONE. A check was put in the
lmb_add_region_flags() in commit 8b8b35a4f5e to handle the scenario
where an already reserved region was re-requested with region flag
other than LMB_NONE -- the function then returns -EEXIST in such a
scenario.
The lmb_reserve() function now does a check for a reservation request
with existing reserved regions, and returns -EEXIST in case of an
overlap but when the flag check fails. Remove this now redundant check
from lmb_add_region_flags().
Signed-off-by: Sughosh Ganu <[email protected]>
|
|
The lmb_add_region_flags() first checks if the new region to be added
can be coalesced with existing regions. The check stops if the two
regions are adjecent but their flags do not match. However, it is
possible that the newly added region might be adjacent with the next
existing region and with matching flags. Check for this possibility by
not breaking out of the loop.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The lmb_fix_over_lap_regions() function is called if the added region
overlaps with an existing region. The function then fixes the overlap
and removes the redundant region. However, it makes certain
assumptions. One assumption is that the overlap would not encompass
the existing region. Another assumption is that the overlap only
occurs between two regions -- the scenario of the added region
overlapping multiple existing regions is not being handled. Handle
these cases by instead calling lmb_resize_regions(). Also remove the
now superfluous lmb_fix_over_lap_regions().
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The logic used in lmb_alloc() takes into consideration the existing
reserved regions, and ensures that the allocated region does not
overlap with any existing allocated regions. The lmb_reserve()
function is not doing any such checks -- the requested region might
overlap with an existing region. This also shows up with
lmb_alloc_addr() as this function ends up calling lmb_reserve().
Add a function which checks if the region requested is overlapping
with an existing reserved region, and allow for the reservation to
happen only if both the regions have LMB_NONE flag, which allows
re-requesting of the region. In any other scenario of an overlap, have
lmb_reserve() return -EEXIST, implying that the requested region is
already reserved.
Add corresponding test cases which check for overlapping reservation
requests made through lmb_reserve() and lmb_alloc_addr(). And while
here, fix some of the comments in the test function being touched.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
EFI applications need to be relocatable. Ordinarily, this is achieved
through a PE-format .reloc section, but since that requires toolchain
tricks to achieve, U-Boot's EFI applications instead embed ELF-flavored
relocation information and use it for self-relocation; thus, the
.dynamic section needs to be preserved.
Before this patch, it was tacked on to the end of .text, but this was
not proper: A .text section is SHT_PROGBITS, while the .dynamic section
is SHT_DYNAMIC. Attempting to combine them like this creates a section
type mismatch. While GNU ld doesn't seem to complain, LLVM's lld
considers this a fatal linking error.
This patch moves .dynamic out to its own section, so that the output ELF
has the correct types. (They're all mashed together when converting to
binary anyway, so this patch causes no change in the final .efi output.)
Signed-off-by: Sam Edwards <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
|
|
- Check return value of fdt_getprop for NULL.
- Return -EFAULT if 'algo' property is missing.
- Prevent NULL pointer dereference in strcmp."
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <[email protected]>
|
|
Using HTTPS without root (CA) certificates is a security issue. Print a
warning in this case. Also, when certificate verification fail, print
an additional message because "HTTP client error 4" is not very
informative (4 is HTTPC_RESULT_ERR_CLOSED).
Signed-off-by: Jerome Forissier <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Instead of relying on some build time configuration to determine if
server certificates need to be checked against CA certificates, do it
based on the availability of such certificates. If no CA is configured
then no check can succeed; on the other hand if we have CA certs then
we should not ignore them. It is always possible to remove the CA certs
(via 'wget cacert 0 0') to force an HTTPS download that would fail
certificate validation.
Signed-off-by: Jerome Forissier <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
This uses Heinrich's merge of lib/efi_loader/efi_net.c which results in
no changes.
|
|
https://source.denx.de/u-boot/custodians/u-boot-dfu into next
u-boot-dfu-next-20250310
CI:
- https://source.denx.de/u-boot/custodians/u-boot-dfu/-/pipelines/25060
Usb gadget:
- Remove legacy CONFIG_USB_DEVICE
- Remove legacy usbtty driver
|