Many peripheral drivers across different SoCs regularly face the same
task of piping a transfer buffer into (or reading it out of) a 32-bit
FIFO register. Sometimes it's just one register, sometimes a whole array
of registers. Sometimes you actually transfer 4 bytes per register
read/write, sometimes only 2 (or even 1). Sometimes writes need to be
prefixed with one or two command bytes which makes the actual payload
buffer "misaligned" in relation to the FIFO and requires a bunch of
tricky bit packing logic to get right. Most of the times transfer
lengths are not guaranteed to be divisible by 4, which also requires a
bunch of logic to treat the potential unaligned end of the transfer
correctly.
We have a dozen different implementations of this same pattern across
coreboot. This patch introduces a new family of helper functions that
aims to solve all these use cases once and for all (*fingers crossed*).
Change-Id: Ia71f66c1cee530afa4c77c46a838b4de646ffcfb
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34850
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
With RELOCATABLE_RAMSTAGE, S3 resume path only uses
memory that is reserved from OS. So there is no need
for low memory backup and recovery.
Change-Id: If7f83711685ac445abf4cd1aa6b66c3391e0e554
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/26834
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
ACPI S3 resume path can only modify low memory where
the non-relocatable ramstage resides, there is no need
to maintain a bigger backup copy.
Change-Id: Ifae41b51b359010ec02269c674936a87bd15623b
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/15476
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The panel description may be pretty large (for example, 1.3k for BOE
TV101) due to init commands and we should only load the right config
when display is needed.
BUG=None
TEST=make -j; boots and see display on Krane.
Change-Id: I2560a11ecf7badfd0605ab189d57ec9456850f75
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34877
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
With C_ENVIRONMENT_BOOTBLOCK, CONFIG_DCACHE_BSP_STACK_SIZE needs to be
set to define a stack region that can be shared over all stages using
CAR. It makes sense to use that Kconfig option's value instead of a
hardcoded value. This will result in less false positives when the
stack size is big, for instance with FSP using the coreboot stack.
In many configurations with C_ENVIRONMENT_BOOTBLOCK the stack_base is
at the base of CAR. If the stack grows too large it operates out of
CAR, typically resulting in a hang. Therefore the stack guards are
extended to cover 256 bytes at the base to at least provide a warning
when the romstage is dangerously close of running out of stack.
Change-Id: I2ce1dda4d1f254e6c36de4d3fea26e12c34195ff
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34976
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
These platforms use different signature for this function, so
declare them with different name to make room in global namespace.
Change-Id: I77be9099bf20e00ae6770e9ffe12301eda028819
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34909
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
corebootpayload package in upstream TianoCore was replaced with
UEFIPayload, add external payload build option for UEFIPayload.
BUG=N/A
TEST=Select TianoCore payload as UEFIPayload, build and able to boot up on
QEMU q35 after PCIE_BASE set.
Change-Id: I0b7785fde9f4113b2cd91323ac0358b229c5a6e6
Signed-off-by: Lijian Zhao <lijian.zhao@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34459
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
SMI trap handler was missing a printk statement, which caused
Coverity to flag "data &= mask;" as a redundant operation.
Change-Id: I71da74e5e08e7d7e6d61c1925db19324efd73f0a
Found-by: Coverity CID 1381621
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34797
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
To make explicit when vboot2 error codes should be returned,
use the new vb2_error_t type on all functions which return
VB2_ERROR_* constants.
Additionally, add required vboot submodule commit id e6700f4c:
2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t)
NOTE: This patch was merged separately on the Chromium tree:
https://chromium-review.googlesource.com/c/1728499
BUG=b:124141368, chromium:988410
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728292
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Updating from commit id 9c906110:
2019-08-06 06:07:01 +0000 - (vboot/tpm: fix return type inconsistencies)
to commit id a5afd01f:
2019-08-08 11:02:44 -0700 - (Minor fixes for clang)
This brings in 6 new commits.
Change-Id: Ic334ce8a5f24a0119fa2aaf000ce76c4c9e4932a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34859
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
There is no need to change the default value for the RX Level/Edge
Configuration parameter if the pad is not used/connected (PAD_NC)
Change-Id: Ie7eee83fba9320d52240166371fe0c757dbdce49
Signed-off-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34843
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Set the controller state to D0 during the uart init sequence, this
ensures the controller is up and active.
One more argument "const struct device *dev" has been added
to uart_lpss_init function.
BUG=b:135941367
TEST=Verify no timeouts seen during UART controller enumeration
sequence in CML, ICL and APL platforms
Change-Id: Ie91b502a38d1a40a3dea3711b015b7a5b7ede2db
Signed-off-by: Usha P <usha.p@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34810
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Aamir Bohra <aamir.bohra@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enlarge PRERAM_CBFS_CACHE region from (16K - 4) to (48K - 4) bytes to
decompress and load more data from CBFS in romstage.
BUG=b:134351649
BRANCH=none
TEST=emerge-kukui coreboot
Change-Id: Idc23a67c886718e910ca3c50468e5793f19c8d66
Signed-off-by: Tristan Shieh <tristan.shieh@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34896
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Since SRAM space is too small to fit all needed features, enable
VBOOT_RETURN_FROM_VERSTAGE and overlap decompressor, verstage and
romstage to gain more space.
BUG=b:134351649
BRANCH=none
TEST=emerge-kukui coreboot
Change-Id: Ibe336cf93b01fa2ea57b4c2e0a89685424878c91
Signed-off-by: Tristan Shieh <tristan.shieh@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34871
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Some boards (e.g., Kukui) need GPIO based CS for SPI0. This patch
changes the pinmux and binds the pins to the correponding SPIs.
When using GPIO based SPI CS, we need to manually make CS log/high
before/after SPI transactions.
BUG=b:132311067
BRANCH=none
TEST=Verified that b/132311067 is irreproducible
Change-Id: I61653fb19242b6ee6be9a45545a8b66e5c9c7cad
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33165
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The bootsplash.jpg needs to match the framebuffer resolution.
Configuration errors are more visible if they can be compared
easily.
Changed message to be always printed:
"Setting up bootsplash in ${FRAMEBUFFER_RESOLUTION}"
Added message:
"Bootsplash image resolution: ${IMAGE_RESOLUTION}"
Change-Id: Ib4a06d53c0134b99d3e9e6d3eda9fa30fca9ef7d
Signed-off-by: Johanna Schander <coreboot@mimoja.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34598
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Previously, the initial value for secdatak was embedded
in secdata_tpm.c as a uint8_t array. Switch to using
vb2api_secdatak_create instead, and write the value in
ctx->secdatak.
Remove an unnecessary call to vb2api_secdata_create in
_factory_initialize_tpm.
BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none
TEST=Check that size and value of initial secdatak
has not changed. Apply the patch below and
check for this output:
_factory_initialize_tpm():266: _factory_initialize_tpm: secdatak sizes are identical? 1
_factory_initialize_tpm():269: _factory_initialize_tpm: secdatak values are identical? 1
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index ff62185107..c1818b482f 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -148,6 +148,18 @@ static uint32_t write_secdata(uint32_t index,
return TPM_E_CORRUPTED_STATE;
}
+/*
+ * This is derived from rollback_index.h of vboot_reference. see struct
+ * RollbackSpaceKernel for details.
+ */
+static const uint8_t secdata_kernel[] = {
+ 0x02,
+ 0x4C, 0x57, 0x52, 0x47,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00,
+ 0xE8,
+};
+
/*
* This is used to initialize the TPM space for recovery hash after defining
* it. Since there is no data available to calculate hash at the point where TPM
@@ -250,6 +262,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
* indication that TPM factory initialization was successfully
* completed.
*/
+ VBDEBUG("%s: secdatak sizes are identical? %d\n", __func__,
+ sizeof(secdata_kernel) == sizeof(ctx->secdatak));
+ VBDEBUG("%s: secdatak values are identical? %d\n", __func__,
+ memcmp(secdata_kernel, ctx->secdatak,
+ sizeof(secdata_kernel)) == 0);
RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak));
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
@@ -452,7 +469,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
/* Read the firmware space. */
rv = read_space_firmware(ctx);
- if (rv == TPM_E_BADINDEX) {
+ if (true) {
/*
* This seems the first time we've run. Initialize the TPM.
*/
Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1652874, chromium:1655049
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33386
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
google_chromec_get_event() depends on the main copy of EC which is
used by ACPI subsytem in the kernel for querying events.
google_chromeec_get_event() also clears the event from EC. Thus if the
kernel has to identify the wake source, it has no way to do that. Thus
instead depend on events_copy_b to log the wake source. Please look at
go/hostevent-refactor for more info.
BUG=b:133262012
BRANCH=None
TEST=Hack hatch bios and make sure hostevent log is correct.
Change-Id: I39caae2689e0c2a7bec16416978877885a9afc6c
Signed-off-by: Ravi Chandra Sadineni <ravisadineni@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34801
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Treeya doesn't support the keyboard backlight.
BUG=b:135551210
BRANCH=grunt
TEST=emerge-grunt coreboot
Signed-off-by: Chris Wang <chris.wang@amd.corp-partner.google.com>
Change-Id: I02dfc77d3cb7ac00b3f10d577d92775db99c1bdf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Use AGPIO 10 as the EC sync interrupt for MKBP events for sensor data.
Reference to Aleena project.
BUG=b:135551210
BRANCH=grunt
TEST=emerge-grunt coreboot
Signed-off-by: Chris Wang <chris.wang@amd.corp-partner.google.com>
Change-Id: Ie0b719ebce90710bca2109b7ff255e19329f9cac
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34902
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Enable ACPI TBMC notification on tablet mode change to support
convertible treeya devices.
BUG=b:135551210
BRANCH=grunt
TEST=emerge-grunt coreboot
Signed-off-by: Chris Wang <chris.wang@amd.corp-partner.google.com>
Change-Id: Id0618c8df66267b88008dc5057892de6b530629f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34899
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Synaptics touchscreen
BUG=b:139699619
TEST=emerge-grunt coreboot chromeos-bootimage
flash bios image to DUT and make sure the touchpad and
touchscreen can work
Signed-off-by: Peichao.Wang <peichao.wang@bitland.corp-partner.google.com>
Change-Id: I002badd49e678e1c32c802352923ca51efb45cef
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Variable length arrays are dangerous, so let's make sure they don't
sneak back into coreboot or any of the payloads.
Change-Id: Idf2488cf0efab51c9569a3789ae953368b61880c
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33846
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
We need to ensure uma_memory_size and uma_memory_base stay within a
32-bit address range. Both of these variables are 64 bits wide, so it is
simplest to use 64 bit math when doing the bit shifts and then check if
they are in range after.
Change-Id: Idd180f31e8cff797a6499b12bc685daa993aae05
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229665, 1229666
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32291
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
coreboot would clear CMOS by request via IPMI command, for example
BMC can issue "bios-util server --boot_order enable --clear_CMOS"
to set the request and reboot the system, then coreboot would clear CMOS
on the next boot.
Tested on Mono Lake
Change-Id: I21d44557896680cfac3c3b6d83e07b755b242cad
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34857
Reviewed-by: Johnny Lin
Reviewed-by: Andrey Petrov <andrey.petrov@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Cometlake FSP allows provison to configure SD controller WP pin, As
some of board design might choose not to use the SD WP pin from SD
card controller. This implementation adds a config that allows to
enable/disable SD controller WP pin configuration from FSP.
BUG=b:123907904
Change-Id: Ic1736a2ec4b9370d23a8e3349603eb363e6f59b9
Signed-off-by: Aamir Bohra <aamir.bohra@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34900
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
C strict aliasing rules state that it is undefined behaviour to access
any pointer using another pointer of a different type (with several small
exceptions). Eg.
uint64_t x = 3;
uint16_t y = *((uint16_t *)&x); // undefined behaviour
From an architectural point of view there is often nothing wrong with
pointer aliasing - the problem is that since it is undefined behaviour,
the compiler will often use this as a cop-out to perform unintended or
unsafe optimizations. The "safe" way to perfom the above assignment is
to cast the pointers to a uint8_t * first (which is allowed to alias
anything), and then work on a byte level:
*((uint8_t *)&y) = *((uint8_t *)&x);
*((uint8_t *)&y + 1) = *((uint8_t *)&x + 1);
Horribly ugly, but there you go. Anyway, in an attempt to follow these
strict aliasing rules, the ReadMEM() function in SB800 does the above
operation when reading a uint16_t. While perfectly fine, however, it
doesn't have to - all calls to ReadMEM() that read a uint16_t are passed
a uint16_t pointer, so there are no strict aliasing violations to worry
about (the WriteMEM() function is exactly similar). The problem is that
using this unnecessary workaround generates almost 50 false positive
warnings in Coverity. Rather than manually ignore them one-by-one, let's
just remove the workaround entirely. As a side note, this change makes
ReadMEM() and WriteMEM() now match their definitions in the SB900 code.
Change-Id: Ia7e3a1eff88b855a05b33c7dafba16ed23784e43
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34783
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Port_List is an array of 8 elements, and GCC 9 is warning that there
are no 'others' when all 8 elements are explicitly initialized, which is
causing the build to fail. Remove the 'others => Disabled' clause to
silence this.
Change-Id: Id082e7a76641438f3fb4c4d976dbd254a7053473
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34918
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
add_ivrs_device_entries() is a recursive function, and each recursive
call is passed a pointer to a root_level variable declared outside the
function. In an attempt to make the function self-contained, the initial
call is made with the root_level pointer set to NULL, and then the
function attempts to detect this and allocate a root_level variable for
the rest of the calls. This makes memory management very tricky - for
example, the pi code incorrectly attempts to free the root_level
variable at the end of *each* recursive call, which only avoids being a
double-free because free() in coreboot is currently a no-op. Let's
keep life simple and declare root_level as a local variable outside the
first function call instead.
Change-Id: Ifd63ee368fb89345b9b42ccb86cebcca64f32ac8
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1362811
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34387
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This brings in 4 new commits from the upstream repository.
65a6d94 Free image buffer on read error
9de64c7 Fix various abort(), crashes, and memory errors
7c9db58 Bump to version 1.8
3b3c3cc Use C99 uintXX_t instead of implementation-specific u_intXX_t types
Change-Id: If949309a7481537de6529c205fe745d5509906a9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34409
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Doing this allows to call console_init() earlier in romstage.
This also fixes IO UART in bootblock, although it appears there
is currently no board that was affected.
Change-Id: Iec363a8c651cc1b05b24229db09d686938118f3a
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34969
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This variable is overwritten on one branch of the next if statement, and
the other branch returns, so this assignment does nothing.
Change-Id: I63737929d47c882bbcf637182bc8bf73c19daa9f
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: scan-build 8.0.0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34644
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Print an error message and die if the PCI device cannot be found.
Change-Id: I10c58502658ebf12d1a8fe826ee7d47a618fd1c8
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1403000
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34353
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
DqByteMapCh0 and DqByteMapCh1 are declared adjacently in the
FSP_M_CONFIG struct, so it is tempting to begin memcpy at the address of
the first array and overwrite both of them at once. However, FSP_M_CONFIG
is not declared with the packed attribute, so this is not guaranteed to
work and is undefined behaviour to boot. It is cleaner and less tricky
to copy them independently. The same is true for DqsMapCpu2DramCh0 and
DqsMapCpu2DramCh1, so we change those as well.
Change-Id: Ic6bb2bd5773af24329575926dbc70e0211f29051
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 136538{8,9}, 140134{1,4}
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33135
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
DqByteMapCh0 and DqByteMapCh1 are declared adjacently in the
FSP_M_CONFIG struct, so it is tempting to begin memcpy at the address of
the first array and overwrite both of them at once. However, FSP_M_CONFIG
is not declared with the packed attribute, so this is not guaranteed to
work and is undefined behaviour to boot. It is cleaner and less tricky
to copy them independently. The same is true for DqsMapCpu2DramCh0 and
DqsMapCpu2DramCh1, so we change those as well.
Change-Id: If394f14c4a39d6787ae31868241229646c26be7a
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1365730, 14013{38,39,40,42,43}
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33066
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
It probably doesn't make sense to continue if the CK804 isn't found, and
doing so would perform uninitialized reads of the busn and io_base
arrays anyway, so let's return early.
Change-Id: I13c663314496caf51a57da7f27f9ea24e3d7fcbd
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1370586
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34573
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
For files built in ramstage and smm -classes, testing
for !__PRE_RAM__ is redundant.
All chip_operations are exluded with use of DEVTREE_EARLY
in static devicetree, so garbage collection will take care
of the !__SMM__ cases.
Change-Id: Id7219848d6f5c41c4a9724a72204fa5ef9458e43
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34940
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>