This provides stack guards with checking and common
entry into postcar.
The code in cpu/intel/car/romstage.c is candidate
for becoming architectural so function prototype
is moved to <arch/romstage.h>.
Change-Id: I4c5a9789e7cf3f7f49a4a33e21dac894320a9639
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34893
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
We need to ensure uma_memory_size and uma_memory_base stay within a
32-bit address range. Both of these variables are 64 bits wide, so it is
simplest to use 64 bit math when doing the bit shifts and then check if
they are in range after.
Change-Id: Idd180f31e8cff797a6499b12bc685daa993aae05
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229665, 1229666
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32291
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
add_ivrs_device_entries() is a recursive function, and each recursive
call is passed a pointer to a root_level variable declared outside the
function. In an attempt to make the function self-contained, the initial
call is made with the root_level pointer set to NULL, and then the
function attempts to detect this and allocate a root_level variable for
the rest of the calls. This makes memory management very tricky - for
example, the pi code incorrectly attempts to free the root_level
variable at the end of *each* recursive call, which only avoids being a
double-free because free() in coreboot is currently a no-op. Let's
keep life simple and declare root_level as a local variable outside the
first function call instead.
Change-Id: Ifd63ee368fb89345b9b42ccb86cebcca64f32ac8
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1362811
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34387
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
When entry to romstage is via cpu/intel/car/romstage.c
BIST has not been passed down the path for sometime.
Change-Id: I345975c53014902269cee21fc393331d33a84dce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34908
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
As most platforms will share the subset of enabling
both low RAM WB and high ROM WP MTRRs, provide them
with a single function.
Add possibility for the platform to skip these if
required.
Change-Id: Id1f8b7682035e654231f6133a42909a36e3e15a1
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34809
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There are benefits in placing the postcar_frame structure
in .bss and returning control to romstage_main().
Change-Id: I0418a2abc74f749203c587b2763c5f8a5960e4f9
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Do this for consistency with remaining cpu/intel sources.
Also wipe out some spurious includes.
Change-Id: I1adde58966eae9205703b87e7aa17c50e5791a85
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34807
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
It is easier to track CAR_GLOBAL_MIGRATION which is
the approach to be deprecated with the next release.
This change enforces new policy; POSTCAR_STAGE=y is
not allowed together with CAR_GLOBAL_MIGRATION=y.
Change-Id: I0dbad6a14e68bf566ac0f151dc8ea259e5ae2250
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34804
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Almost all platforms force it on. Make it enabled by
default but under user control to optionally disable it.
Change-Id: I6b0f19c8bfd6ffed93023d57a1d28ca6acc06835
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34803
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Martin Roth <martinroth@google.com>
The <inttypes.h> header currently does nothing but include the
definitions from <stdint.h>, so let's #include that directly instead.
Change-Id: I9d83ad37d0d7300a093001596ce3f0b3830c5701
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34800
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add explicit CBMEM_STAGE_CACHE option. Rename
CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE.
Platforms with SMM_TSEG=y always need to implement
stage_cache_external_region(). It is allowed to return with a
region of size 0 to effectively disable the cache.
There are no provisions in Kconfig to degrade from
TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE.
As a security measure CBMEM_STAGE_CACHE default is changed to
disabled. AGESA platforms without TSEG will experience slower
S3 resume speed unless they explicitly select the option.
Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Use a name consistent with the more recent soc/intel.
Change-Id: Ie69583f28f384eb49517203e1c3867f27e6272de
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34699
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Use a name consistent with the more recent soc/intel.
Change-Id: I704d7cb637e4e12039ade99f57e10af794c8be97
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34698
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: David Guckian
Let garbage-collection take care of stage_cache_external_region()
if it is no needed and move implementation to a suitable file already
building for needed stages.
Remove aliasing CONFIG_RESERVED_SMM_SIZE as RESERVED_SMM_SIZE and
(unused) aliasing of CONFIG_IED_REGION_SIZE as IED_SIZE.
Change-Id: Idf00ba3180d8c3bc974dd3c5ca5f98a6c08bf34d
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34672
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The cache is at the end of TSEG. As SMM_RESERVED_SIZE was
half of TSEG size, offseting from the start gave same
position.
Change-Id: I2d5df90b40ff7cd9fde3cbe3cc5090aac74825f7
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34671
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Let garbage-collection take care of stage_cache_external_region()
when it is not needed and move implementation to a suitable file
already building for needed stages.
Change-Id: Ic32adcc62c7ee21bf38e2e4e5ece00524871b091
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34670
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Let garbage-collection take care of stage_cache_external_region()
if it is no needed and move implementation to a suitable file already
building for needed stages.
Remove aliasing CONFIG_RESERVED_SMM_SIZE as RESERVED_SMM_SIZE.
Change-Id: Ie6fcc40fba14575e8ee058f45a1a359a05f00aca
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34668
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
The amdht code currently relies on an idiosyncratic ASSERT() macro,
which actually doesn't do anything right now, and even it did would only
print a janky error message. Replace this with the normal ASSERT() macro
from <assert.h>. The default behaviour now is to print an error message
but do nothing else, and failed assertions will only halt if you enable
FATAL_ASSERT, in which case, well, you asked for it.
Change-Id: I6db7565171a345f9afbc9fb37cff8fda58f942df
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1402076
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34375
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
- Use log2() when rounding down size_mb to the closest power of 2.
Do a sanity check beforehand that size_mb is nonzero, else log2()
will return -1 and there will be an undefined integer shift.
- The framebuffer size needs to be between 8 and 512 MiB, so check
after all the calculations are done to make sure this is the case.
Change-Id: I3962e5cdc094c8da22d8dbadf16637e02fa98689
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1391086
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34355
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
This switch was likely copy-pasted from the one right above it. However,
the MEM_CLOCK_800MHz case isn't needed, since that is explicitly checked
and avoided before the while loop. With that gone, only the
667MHz/default case is left, which we don't need to switch over anymore.
Change-Id: Idfb9cc27dd8718f627d15ba92a9c74c51c2c1c2d
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1347372
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33407
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Read the northbridge BARs from device PCI0:0.0.
Untested.
Change-Id: I27bfb5721d9ae3dc5629942ebac29b12a7308441
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Here, vga_disable stored but we read it only if MAINBOARD_DO_NATIVE_VGA_INIT.
Found-by: scan-build 7.0.1-8
Change-Id: I5c359df71568b56f48eca9615c6265da33d4a073
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34331
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The GCFC (Graphics Clock Frequency Control) read is not used at
the line below.
As the default value is zero, let's remove unused read.
Found-by: scan-build 7.0.1-8
Change-Id: I82c567e3a5b0c0c4a8596ea0cb7693667c71b720
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34329
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The speed argument should be one of the six values from the mem_clock
enum, so something is very wrong if this is not the case. Better to
die now than return 0, which will cause a division-by-zero error
later on where this function is called. The first two speeds are also
unsupported and have the same problem with returning 0, so die on those
as well.
Change-Id: Ib628c0eed3d6571bdde1df27ae213ca0691ec256
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1391088
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33409
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
If the decoded SPD DRAM frequency is slower than the controller minimum,
then there will be an unsigned integer underflow in the following loop,
which will lead to a very large out of bounds array access. Ensure this
does not happen.
Change-Id: Ic8ed1293adfe0866781bd638323977abd110777e
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229675
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33383
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
In our codebase, this is only coupled with intel/e7505.
The PCI registers reference here were for intel/i945.
Also aseg_smm_lock() was previously not called.
Change-Id: I21d991c8c2f5c2dde1f148fd80963e39d9836d3c
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34149
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
- Remove unnecessary braces
- Move variable assignment out of function call
- Do not find lowest bit set of 0, which is undefined
- Use unsigned integer when bit shifting
Change-Id: I8651f8cd04165d8d31c44f7919ad5e43499d3d4c
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229562
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33381
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Die if there are no memory ranks found to prevent a division by zero.
Change-Id: I6146dd8420f3734d1a672a9f29a098f47fcb739c
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229628
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33403
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This is only a qualifier between TSEG and ASEG.
Change-Id: I8051df92d9014e3574f6e7d5b6f1d6677fe77c82
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34135
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
While common to many Intel CPUs, this is not an architectural
MSR that should be globally defined for all x86.
Change-Id: Ibeed022dc2ba2e90f71511f9bd2640a7cafa5292
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34090
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: David Guckian
Kyösti Mälkki