summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-01-18lib: Kconfig: spelling fixesChris Packham
Signed-off-by: Chris Packham <judge.packham@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2019-01-16tftp: prevent overwriting reserved memorySimon Goldschmidt
This fixes CVE-2018-18439 ("insufficient boundary checks in network image boot") by using lmb to check for a valid range to store received blocks. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> [trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT] Signed-off-by: Tom Rini <trini@konsulko.com>
2019-01-16fs: prevent overwriting reserved memorySimon Goldschmidt
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2019-01-16lib: lmb: extend lmb for checks at load timeSimon Goldschmidt
This adds two new functions, lmb_alloc_addr and lmb_get_unreserved_size. lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a pre-specified address range. Unlike lmb_reserve, this address range must be inside one of the memory ranges that has been set up with lmb_add. lmb_get_unreserved_size returns the number of bytes that can be used up to the next reserved region or the end of valid ram. This can be 0 if the address passed is reserved. Added test for these new functions. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16fdt: parse "reserved-memory" for memory reservationSimon Goldschmidt
boot_fdt_add_mem_rsv_regions() adds reserved memory sections to an lmb struct. Currently, it only parses regions described by /memreserve/ entries. Extend this to the more commonly used scheme of the "reserved-memory" node. Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2019-01-16lib: lmb: reserving overlapping regions should failSimon Goldschmidt
lmb_add_region handles overlapping regions wrong: instead of merging or rejecting to add a new reserved region that overlaps an existing one, it just adds the new region. Since internally the same function is used for lmb_alloc, change lmb_add_region to reject overlapping regions. Also, to keep reserved memory correct after 'free', reserved entries created by allocating memory must not set their size to a multiple of alignment but to the original size. This ensures the reserved region is completely removed when the caller calls 'lmb_free', as this one takes the same size as passed to 'lmb_alloc' etc. Add test to assert this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-16lmb: fix allocation at end of address rangeSimon Goldschmidt
The lmb code fails if base + size of RAM overflows to zero. Fix this by calculating end as 'base + size - 1' instead of 'base + size' where appropriate. Added tests to assert this is fixed. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-01-15Merge tag 'dm-pull-15jan19' of git://git.denx.de/u-boot-dmTom Rini
Fix recent changes to serial API for driver model Buildman clang support and a few fixes Small fixes to 'dm tree' and regmap test Improve sandbox build compatibility A few other minor fixes
2019-01-15common: command: Add support for $ auto-completionBoris Brezillon
Add the dollar_complete() function to auto-complete arguments starting with a '$' and use it in the cmd_auto_complete() path such that all args starting with a $ can be auto-completed based on the available env vars. Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> [trini: Fix some linking problems] Signed-off-by: Tom Rini <trini@konsulko.com>
2019-01-15lib: uuid: Do not enable UUID command SPLMarek Vasut
The uuid command is only really useful in U-Boot, but it's useless in SPL. Worse yet, it pulls in various environment manipulation functions as it call env_set(). Do not compile the command in in SPL. Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Tom Rini <trini@konsulko.com>
2019-01-14lib: fdtdec: fdtdec_get_addr_size_fixed remove checksKeerthy
With 8 bytes addressing even on 32 bit machines these checks are no longer valid. Remove them. Signed-off-by: Keerthy <j-keerthy@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2019-01-14efi_loader: Add a wchar_t cast in efi_file_open()Simon Glass
The printf() string here is not actually correct. Add a cast to avoid a warning when checking is enabled. Signed-off-by: Simon Glass <sjg@chromium.org>
2018-12-23efi_loader: Make RTS relocation more robustAlexander Graf
While changing the RTS alignment to 64KB in commit 7a82c3051c8f ("efi_loader: Align runtime section to 64kb") the relocation code started to break. The reason for that is that we didn't actually look at the real relocation data. We merely took the RUNTIME_CODE section as a hint and started to relocate based on self calculated data from that point on. That calculation was now out of sync though. To ensure we're not running into such a situation again, this patch makes the runtime relocation code a bit more robust. We can just trust the phys/virt hints from the payload. We also should check that we really only have a single section, as the code doesn't handle multiple code relocations yet. Fixes: 7a82c3051c8f ("efi_loader: Align runtime section to 64kb") Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reported-by: Loic Devulder <ldevulder@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Loic Devulder <ldevulder@suse.de> Tested-by: Jonathan Gray <jsg@jsg.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-23lib: crc32: mark static variable as __efi_runtime_dataHeinrich Schuchardt
In commit 483dbab9f931 ("lib: crc32: mark function crc32() as __efi_runtime") one local static variable was missed. It did not end up in the __efi_runtime_data section as it should. If CONFIG_DYNAMIC_CRC_TABLE=y a data abort execption may occur when the UEFI payload calls the SetVirtualAddressMap() runtime service. Reported-by: Dominik Adamski <dominik.adamski@northerntech.community> Fixes: 483dbab9f931 ("lib: crc32: mark function crc32() as __efi_runtime") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-23efi_selftest: block device: avoid read after freeHeinrich Schuchardt
Reading the position in a file after closing the same results in a read after free. Correct the sequence in the test. Reported-by: Marek Vasut <marek.vasut@gmail.com> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-15hashtable: fix length calculation in hexport_rAKASHI Takahiro
The commit below incorrectly fixed hexport_r(); > size = totlen + 1; One extra byte is necessary to NULL-terminate a whole buffer, "resp." Fixes: f1b20acb4a03 ("hashtable: Fix length calculation in hexport_r") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2018-12-12spl: fix build failure with !CONFIG_SPL_PCI_SUPPORTSekhar Nori
Building U-Boot with CONFIG_PCI and CONFIG_DM_PCI enabled, but CONFIG_SPL_PCI_SUPPORT disabled, results in following linker error: lib/built-in.o: In function `fdtdec_get_pci_bar32': lib/fdtdec.c:305: undefined reference to `dm_pci_read_bar32' fdtdec.c:305:(.text.fdtdec_get_pci_bar32+0x24): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `dm_pci_read_bar32' This is because reference to dm_pci_read_bar32() remains in lib/fdtdec.c while SPL build does not descend into drivers/pci directory in drivers/Makefile if CONFIG_SPL_PCI_SUPPORT is not enabled. Fix this by applying appropriate #define guards in lib/fdtdec.c. It looks like ns16550.c has the same problem, so fixed that too. To simplify this, CONFIG_SPL_PCI_SUPPORT is renamed to CONFIG_SPL_PCI (enables use of CONFIG_IS_ENABLED() macro). Suggested-by: Vignesh R <vigneshr@ti.com> Signed-off-by: Sekhar Nori <nsekhar@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2018-12-10lib: fdtdec: Add function re-setup the fdt more effecientlyJean-Jacques Hiblot
In some cases it may be useful to be able to change the fdt we have been using and use another one instead. For example, the TI platforms uses an EEPROM to store board information and, based on the type of board, different dtbs are used by the SPL. When DM_I2C is used, a first dtb must be used before the I2C is initialized and only then the final dtb can be selected. To speed up the process and reduce memory usage, introduce a new function fdtdec_setup_best_match() that re-use the DTBs loaded in memory by fdtdec_setup() to select the best match. Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com> Reviewed-by: Heiko Schocher <hs@denx.de>
2018-12-08Roll CRC16-CCITT into the hash infrastructurePhilipp Tomsich
The CRC16-CCITT checksum function is useful for space-constrained applications (such as obtaining a checksum across a 2KBit or 4KBit EEPROM) in boot applications. It has not been accessible from boot scripts until now (due to not having a dedicated command and not being supported by the hash infrstructure) limiting its applicability outside of custom commands. This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the list of available hashes and adds a new crc16_ccitt_wd_buf() to make this possible. Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> [trini: Fix building crc16.o for SPL/TPL] Signed-off-by: Tom Rini <trini@konsulko.com>
2018-12-08lib: merge CRC16-CCITT into u-boot/crc.hPhilipp Tomsich
This merges the CRC16-CCITT headers into u-boot/crc.h to prepare for rolling CRC16 into the hash infrastructure. Given that CRC8, CRC32 and CRC32-C already have their prototypes in a single header file, it seems a good idea to also include CRC16-CCITT in the same. Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
2018-12-05tpm: Fix a logging warning in unpack_byte_string()Simon Glass
Fix the printf() string to avoid a warning. Signed-off-by: Simon Glass <sjg@chromium.org>
2018-12-05tpm: Remove use of build-time TPM versionsSimon Glass
There is only one place in the code which assumes at build-time that we are using either a v1 or a v2 TPM. Fix this up and add a new function to return the version of a TPM. Supported TPM versions (v1 and v2) can be enabled independently and it is possible to use both versions at once. This is useful for sandbox when running tests. Signed-off-by: Simon Glass <sjg@chromium.org>
2018-12-05sandbox: physmem: Use mapping to support sandboxSimon Glass
Replace the raw cast with a map_sysmem() call so this code works with sandbox. Signed-off-by: Simon Glass <sjg@chromium.org>
2018-12-03Merge tag 'signed-efi-next' of git://github.com/agraf/u-bootTom Rini
Patch queue for efi - 2018-12-03 This release is fully packed with lots of glorious improvements in UEFI land again! - Make PE images more standards compliant - Improve sandbox support - Improve correctness - Fix RISC-V execution on virt model - Honor board defined top of ram (fixes a few boards) - Imply DM USB access when distro boot is available - Code cleanups
2018-12-03rsa: add support of padding pssPhilippe Reynes
We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03rsa: add a structure for the paddingPhilippe Reynes
The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03rsa: use new openssl API to create signaturePhilippe Reynes
Previous implementation of the rsa signature was using the openssl API EVP_Sign*, but the new openssl API EVP_DigestSign* is more flexible. So we move to this new API. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03efi_loader: bootmgr: add load option helper functionsAKASHI Takahiro
In this patch, helper functions for an load option variable (BootXXXX) are added: * efi_deserialize_load_option(): parse a string into load_option data (renamed from parse_load_option and exported) * efi_serialize_load_option(): convert load_option data into a string Those functions will be used to implement efishell command. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-03efi_loader: allow device == NULL in efi_dp_from_name()AKASHI Takahiro
This is a preparatory patch for use in efi_serialize_load_option() as a load option's file_path should have both a device path and a file path. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: Align runtime section to 64kbAlexander Graf
The UEFI spec mandates that runtime sections are 64kb aligned to enable support for 64kb page size OSs. This patch ensures that we extend the runtime section to 64kb to be spec compliant. Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_selftest: rename setup_okHeinrich Schuchardt
The variable name setup_ok might suggest a boolean with true indicating OK. Let's avoid the misleading name. %s/setup_ok/setup_status/g Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: fix simple network protocolHeinrich Schuchardt
We should not call eth_rx() before the network interface is initialized. The services of the simple network protocol should check the state of the network adapter. Add and correct comments. Without this patch i.mx6 system Wandboard Quad rev B1 fails to execute bootefi selftest. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: correctly aligned transmit bufferHeinrich Schuchardt
Calling net_send_packet() requires that the buffer is aligned to a multiple of PKTALIGN (= ARCH_DMA_MINALIGN). The UEFI spec does not require efi_net_transmit() to be called with a buffer with any special alignment. So we have to copy to an aligned buffer. The current coding copies to an aligned buffer only if CONFIG_EFI_LOADER_BOUNCE_BUFFER=y. Many boards like the Odroid C2 do not use a bounce buffer. With the patch we copy to a correctly aligned buffer in all cases. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_selftest: fix simple network protocol testHeinrich Schuchardt
To use the simple network protocol we have to call the start service first and the initialize service second. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_selftest: check fdt is marked as runtime dataHeinrich Schuchardt
Check that the memory area containing the device tree is marked as runtime data. Update the Python test to pass ${fdtcontroladdr} to bootefi. Update the description of the Python test. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02fdt: sandbox: correct use of ${fdtcontroladdr}Heinrich Schuchardt
The sandbox uses a virtual address space that is neither the physical nor the virtual address space of the operating system. All address used on the command line live in this address space. So also the environment variable ${fdtcontroladdr} has to be in this address space. Commands like bootefi and booti receive the fdt address as parameter. Without the patch ${fdtcontroladdr} cannot be used as parameter value on the sandbox. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: macro efi_size_in_pages()Heinrich Schuchardt
When allocating EFI memory pages the size in bytes has to be converted to pages. Provide a macro efi_size_in_pages() for this conversion. Use it in the EFI subsystem and correct related comments. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_selftest: building sandbox with EFI_SELFTESTHeinrich Schuchardt
Enable building the sandbox with CONFIG_EFI_SELFTEST. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_selftest: add test for memory allocationHeinrich Schuchardt
This unit test checks the following runtime services: AllocatePages, FreePages, GetMemoryMap Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: eliminate sandbox addressesHeinrich Schuchardt
Do not use the sandbox's virtual address space for the internal structures of the memory map. This way we can eliminate a whole lot of unnecessary conversions. The only conversion remaining is the one when adding known memory. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: Reserve unaccessible memoryAlexander Graf
On some systems, not all RAM may be usable within U-Boot. Maybe the memory maps are incomplete, maybe it's used as workaround for broken DMA. But whatever the reason may be, a platform can say that it does not wish to have its RAM accessed above a certain address by defining board_get_usable_ram_top(). In the efi_loader world, we ignored that hint, mostly because very few boards actually have real restrictions around this. So let's honor the board's wish to not access high addresses during boot time. The best way to do so is by indicating the respective pages as "allocated by firmware". That way, Operating Systems will still use the pages after boot, but before boot no allocation will use them. Reported-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Baruch Siach <baruch@tkos.co.il>
2018-12-02efi_selftest: incorrect use of bitwise orHeinrich Schuchardt
We should use a logical or when combining logical values. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02sandbox: smbios: Update to support sandboxSimon Glass
At present this code casts addresses to pointers so cannot be used with sandbox. Update it to use mapmem instead. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02Revert "efi_loader: remove efi_exit_caches()"Alexander Graf
This reverts commit 3170db63c41a2eda6ee6573353bb4de8c7c1b9d5. It reportedly breaks OpenBSD/armv7 booting and I've already received complaints from people that it breaks some Linux armv7 systems as well. We'll have to give this whole caching story a good bit more thought. Reported-by: Jonathan Gray <jsg@jsg.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: use u16* for UTF16 stringsHeinrich Schuchardt
We should be consistent in the types that we use to store Unicode strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: SetVirtualAddressMap() should return EFI_UNSUPPORTEDAKASHI Takahiro
See UEFI specification 2.7, section 8.4. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: correct a function prototype of QueryCapsuleCapabilities()AKASHI Takahiro
See UEFI specification v2.7, section 8.5.3. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: correct efi_add_known_memory()Heinrich Schuchardt
If a memory bank is not EFI_PAGE_SIZE aligned efi_add_known_memory() the number of memory pages may be incorrectly calculated. We have to round up the start address and to round down the end address to determine which complete pages are provided by the memory bank. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: do not use unsupported printf codeHeinrich Schuchardt
Using %zu for efi_intn_t (ssize_t) creates a build warning. Anyway %zu is not supported by efi_st_error(). So let's convert to int. Our implementation of StriColl() only returns -1, 0, or 1. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2018-12-02efi_loader: Ensure memory allocations are page alignedAlexander Graf
When the max_addr parameter of efi_find_free_memory() is within bounds of an existing map and fits the reservation, we just return that address as allocation value. That breaks however if max_addr is not page aligned. So ensure that it always comes to us page aligned, simplifying the allocation logic. Without this, I've seen breakage where we were allocating pages at -1U (32bit) which fits into a region that spans beyond 0x100000000. In that case, we would return 0xffffffff as a valid memory allocation, although we usually do guarantee they are all page aligned. Fix this by aligning the max address argument always. Signed-off-by: Alexander Graf <agraf@suse.de>