From f13cd90762247661f9bd508303d830055e135ec0 Mon Sep 17 00:00:00 2001
From: Raymond Mao <raymond.mao@linaro.org>
Date: Mon, 3 Feb 2025 14:08:13 -0800
Subject: mbedtls: access mbedtls private members in mscode and pkcs7 parser

U-Boot requires to access x509_internal.h, mbedtls_sha256_context and
mbedtls_sha1_context in the porting layer, and this requires to
enable MBEDTLS_ALLOW_PRIVATE_ACCESS.

Enable it to mscode and pkcs7_parser to fix a mbedtls internal building
error when X509 is selected.

Moreover, Move it to a separate file to avoid enabling it in multiple
places.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 include/crypto/mscode.h       |  1 +
 include/crypto/pkcs7_parser.h |  1 +
 include/u-boot/sha1.h         | 12 +-----------
 include/u-boot/sha256.h       | 12 +-----------
 4 files changed, 4 insertions(+), 22 deletions(-)

(limited to 'include')

diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h
index 678e69001b9..55501c22acb 100644
--- a/include/crypto/mscode.h
+++ b/include/crypto/mscode.h
@@ -10,6 +10,7 @@
 #include <crypto/hash_info.h>
 #endif
 #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
+#include "mbedtls_options.h"
 #include <mbedtls/asn1.h>
 #include <mbedtls/oid.h>
 #endif
diff --git a/include/crypto/pkcs7_parser.h b/include/crypto/pkcs7_parser.h
index 469c2711fa6..fd1e48da09e 100644
--- a/include/crypto/pkcs7_parser.h
+++ b/include/crypto/pkcs7_parser.h
@@ -12,6 +12,7 @@
 #include <crypto/pkcs7.h>
 #include <crypto/x509_parser.h>
 #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
+#include "mbedtls_options.h"
 #include <mbedtls/pkcs7.h>
 #include <library/x509_internal.h>
 #include <mbedtls/asn1.h>
diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h
index dd66258bbe9..c2d62e9cf0f 100644
--- a/include/u-boot/sha1.h
+++ b/include/u-boot/sha1.h
@@ -18,17 +18,7 @@
 #include <linux/types.h>
 
 #if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
-/*
- * FIXME:
- * MbedTLS define the members of "mbedtls_sha256_context" as private,
- * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue.
- * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
- * access.
- * Directly including <external/mbedtls/library/common.h> is not allowed,
- * since this will include <malloc.h> and break the sandbox test.
- */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
+#include "mbedtls_options.h"
 #include <mbedtls/sha1.h>
 #endif
 
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
index d7a3403270b..2d86508332e 100644
--- a/include/u-boot/sha256.h
+++ b/include/u-boot/sha256.h
@@ -7,17 +7,7 @@
 #include <linux/types.h>
 
 #if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
-/*
- * FIXME:
- * MbedTLS define the members of "mbedtls_sha256_context" as private,
- * but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue.
- * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
- * access.
- * Directly including <external/mbedtls/library/common.h> is not allowed,
- * since this will include <malloc.h> and break the sandbox test.
- */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
+#include "mbedtls_options.h"
 #include <mbedtls/sha256.h>
 #endif
 
-- 
cgit v1.2.3


From 7e0370f37d242f45d2fcfa3ab727d48f88ccace9 Mon Sep 17 00:00:00 2001
From: Weijie Gao <hackpascal@gmail.com>
Date: Sat, 25 Jan 2025 23:26:32 +0800
Subject: miiphy: define mii_devs with LIST_HEAD()

When enabling net console and console multiplexing, a boot crash was
observed using mtk_eth driver with stdin/stdout set to "serial,nc"
in persistent environment:

> CPU:   MediaTek MT7981
> Model: OpenWrt One
> DRAM:  1 GiB
> Core:  35 devices, 15 uclasses, devicetree: separate
> spi-nand: spi_nand spi_nand@0: Winbond SPI NAND was found.
> spi-nand: spi_nand spi_nand@0: 128 MiB, block size: 128 KiB, page size: 2048, OOB size: 64
> Loading Environment from UBI... SF: Detected w25q128 with page size 256 Bytes, erase size 4 KiB, total 16 MiB
> mtd: partition "ubi" extends beyond the end of device "spi-nand0" -- size truncated to 0x7f00000
> Read 126976 bytes from volume ubootenv to 000000007f7bf0c0
> Read 126976 bytes from volume ubootenv2 to 000000007f7de100
> OK
> "Synchronous Abort" handler, esr 0x96000004, far 0xeafffffeea000018
> elr: 0000000041e63cd4 lr : 0000000041e1b844 (reloc)
> elr: 000000007ff9ecd4 lr : 000000007ff56844
> x0 : eafffffeea000018 x1 : 000000007fb552e0
> x2 : 00000000000000fe x3 : 0000000000000000

The cause is that "serial,nc" forced the console subsystem to
initialize the ethernet driver before ethernet subsystem
initialization (console_init_r() is called before initr_net()).

During the mtk_eth driver initialization, mdio_register() will be
called, and miiphy_get_dev_by_name() will then be called.

The miiphy_get_dev_by_name() will check the list "mii_devs" to see
if the passed device name exists. However the mii_devs is defined
without initialization:
> static struct list_head mii_devs;
and the actual initialization is done in the following chain:
initr_net -> eth_initialize -> eth_common_init -> miiphy_init
Since initr_net() hasn't be called, iterating over the mii_devs
will access to physical address 0 (mii_devs.next == NULL) and will
cause the crash.

The fix is to define mii_devs using:
> static LIST_HEAD(mii_devs);

As the "current_mii" is defined as a static variable, it will
always be NULL in board_r stage and initializing it will NULL is
unnecessary. So the entire miiphy_init() can be remove.

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
---
 include/miiphy.h | 2 --
 1 file changed, 2 deletions(-)

(limited to 'include')

diff --git a/include/miiphy.h b/include/miiphy.h
index 1e6c7041fdc..63ec3bcc76b 100644
--- a/include/miiphy.h
+++ b/include/miiphy.h
@@ -33,8 +33,6 @@ int miiphy_is_1000base_x(const char *devname, unsigned char addr);
 int miiphy_link(const char *devname, unsigned char addr);
 #endif
 
-void miiphy_init(void);
-
 int miiphy_set_current_dev(const char *devname);
 const char *miiphy_get_current_dev(void);
 struct mii_dev *mdio_get_current_dev(void);
-- 
cgit v1.2.3


From 31378bd6fc909afabee69f425bf663002277eecf Mon Sep 17 00:00:00 2001
From: Diederik de Haas <didi.debian@cknow.org>
Date: Sat, 1 Mar 2025 11:14:12 +0100
Subject: mcheck: Fix SPDX License Identifier to LGPL-2.1-or-later

The GPL-2.1+ SPDX License Identifier doesn't exist, but luckily the full
license text was available which shows that GPL-2.1+ was a typo and it
should have been LGPL-2.1-or-later.
As the '+' in LGPL-2.1+ is deprecated in SPDX 3.0, use the preferred
identifier, which is '-or-later'.

Normally the full license header is removed when switching to SPDX
License Identifiers, so do that now.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
---
 include/mcheck.h | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'include')

diff --git a/include/mcheck.h b/include/mcheck.h
index bd506ae6291..4b11751ebcc 100644
--- a/include/mcheck.h
+++ b/include/mcheck.h
@@ -1,18 +1,7 @@
-/* SPDX-License-Identifier: GPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
 /*
  * Copyright (C) 1996-2024 Free Software Foundation, Inc.
  * This file is part of the GNU C Library.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- * <https://www.gnu.org/licenses/>.
  */
 #ifndef _MCHECK_H
 #define _MCHECK_H       1
-- 
cgit v1.2.3