In interactive payloads, the USB stack's poll procedure is implicitly
called from the UI loop. Since all USB control transfers are handled
synchronously, polling hubs with these slows the UI significantly down.
So switch to interrupt transfers that are done asynchronously and only
perform control transfers when the hub reported a status change.
We use the interrupt endpoint's max packet size instead of the theo-
retical transfer length of `(bNrPorts + 1) / 8` as Linux' code mentions
hubs that return too much data.
Change-Id: I5af02d63e4b8e1451b160b77f3611b93658a7a48
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/18499
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
USB 3.1 GEN2 report speed type 4, add into speed enum.
BUG=b:139787920
BRANCH=N/A
TEST=Build libpayload and depthcharge on sarien and boot with
USB GEN2 HUB with USB disk. Check ultra speed device in cbmem log.
Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com>
Change-Id: Ia0ef12b2f0d91bf0d0db766bbc9019de1614a4f4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35023
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
We're planning to have a use case with a custom USB device that
implements the USB mass storage protocol on its bulk endpoints, but does
not have the normal MSC class/protocol interface descriptors and does
not support class-specific control requests (Get Max LUN and Bulk-Only
Reset). We'd like to identify/enumerate the device via
usb_generic_create() in our payload but then reuse all the normal MSC
driver code. In order to make that possible, this patch factors a new
usb_msc_force_init() function out of usb_msc_init() which will
initialize an MSC device without checking its descriptors. It also adds
some "quirks" flags that allow devices registered this way to customize
behavior of the MSC stack.
Change-Id: I50392128409cb2a879954f234149a5e3b060a229
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34227
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Some broken USB mass storage devices send another zero-length packet at
the end of the data part of a transfer if the amount of data was evenly
divisible by the packet size (which is pretty much always the case for
block reads). This packet will get interpreted as the CSW and screw up
the MSC state machine.
This patch works around this issue by retrying the CSW transfer when it
was received as exactly 0 bytes. This is the same mitigation the Linux
kernel uses and harmless for correctly behaving devices. Also tighten
validation of the CSW a little, making sure we verify the length before
we read any fields and checking the signature in addition to the tag.
Change-Id: I24f183f27b2c4f0142ba6c4b35b490c5798d0d21
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34485
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Many peripheral drivers across different SoCs regularly face the same
task of piping a transfer buffer into (or reading it out of) a 32-bit
FIFO register. Sometimes it's just one register, sometimes a whole array
of registers. Sometimes you actually transfer 4 bytes per register
read/write, sometimes only 2 (or even 1). Sometimes writes need to be
prefixed with one or two command bytes which makes the actual payload
buffer "misaligned" in relation to the FIFO and requires a bunch of
tricky bit packing logic to get right. Most of the times transfer
lengths are not guaranteed to be divisible by 4, which also requires a
bunch of logic to treat the potential unaligned end of the transfer
correctly.
We have a dozen different implementations of this same pattern across
coreboot. This patch introduces a new family of helper functions that
aims to solve all these use cases once and for all (*fingers crossed*).
Change-Id: Ia71f66c1cee530afa4c77c46a838b4de646ffcfb
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34850
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Variable length arrays are dangerous, so let's make sure they don't
sneak back into coreboot or any of the payloads.
Change-Id: Idf2488cf0efab51c9569a3789ae953368b61880c
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33846
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Sometimes the display native orientation does not match the device
default orientation, so allow rotation of the framebuffer before
it is displayed on screen.
set_pixel now take coordinates in the rotated coordinate system,
and converts the coordinates before writing to the framebuffer.
Also, screen.size now matches the rotated system (_not_ the
framebuffer size).
BUG=b:132049716
TEST=Boot krane, see that FW screen is orientation properly.
Change-Id: If9316c0ce33c17057372ef5995a2c68de4f11f02
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34732
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
depthcharge prefers knowing where its input comes from
BUG=b:137378326
BRANCH=none
TEST=ctrl-d / enter to enter dev-mode works now.
Change-Id: I74b5be18c3583be17c73950ced93fad883690090
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34451
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
vboot_handoff is no longer used in coreboot, and is not
needed in CBMEM or cbtable.
BUG=b:124141368, b:124192753
TEST=make clean && make runtests
BRANCH=none
Change-Id: I782d53f969dc9ae2775e3060371d06e7bf8e1af6
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33536
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
size_t is the natural integer type for strlen() and array indices, and
this fixes several integer conversion and sign comparison warnings.
Change-Id: I5658b19f990de4596a602b36d9533b1ca96ad947
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33794
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
- Constify the string argument
- Change int to size_t, which is what xmalloc expects
Change-Id: I8b5a13319ded4025f883760f2b6d4d7a9ad9fb8b
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33793
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The documented return value for strlcat is horribly wrong, as is the
return value itself. It should not return the number of appended bytes,
but rather the length of the concatenated string. From the man page:
The strlcpy() and strlcat() functions return the total length of the
string they tried to create. For strlcpy() that means the length of
src. For strlcat() that means the initial length of dst plus the
length of src. While this may seem somewhat confusing, it was done
to make truncation detection simple.
This change is more likely to fix existing code than break it, since
anyone who uses the return value of strlcat will almost certainly rely
on the standard behaviour rather than investigate coreboot's source code
to see that we have a quirky version.
Change-Id: I4421305af85bce88d12d6fdc2eea6807ccdcf449
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33787
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The JUnit output from the libpayload builds was getting deleted by the
coreinfo build. Move the libpayload to later in the coreboot-gerrit
job.
Also add messages to stdout indicating the various libpayload configs
that are built and a message indicating when all libpayload builds are
complete.
BUG=b:137380189
TEST=Upload test commit that includes a libpayload compile error and
verify buildbot fails.
Change-Id: I43b55f402216582dcf81be34171437be345572ab
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34183
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
A typo introduced in commit bf2c693f89
made the driver not build: DWC_SLEEP_TIME_US instead of
DWC2_SLEEP_TIME_US.
Change-Id: I197b25fd4f568cce7a4bbcee8cc285b25b26afb1
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34131
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Keith Short <keithshort@chromium.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Increase the timeout for USB requests to 5 seconds for all USB host
controllers.
Prior to this fix, the xCHI driver was detecting false timeouts during
SET ADDRESS requests when nested downstream hubs were connected to the
xHCI root hub.
BUG=b:124730179
BRANCH=sarien
TEST=Build libpayload and depthcharge on sarien/arcada.
TEST=Without change replicate USB set address timeouts in depthcharge
when dock and 4K monitor connected (which includes a total of 4 USB
hubs). With timeout fix, depthcharge boots OS with no USB errors and
the same USB topology. Note that this tests xHCI operation only.
Change-Id: I53e3e67d893420e7c9e8b52c47dd0edb979e5468
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33671
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
calculate_color() uses the 'fbinfo' global that is initialized by
cbgfx_init(), so we need to run the latter before we can run the former
or we get a null pointer access.
Change-Id: I73ca8e20ca36f64d699379d504fd41dc2084f157
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33855
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
UART RX needs to be re-initialized in libpayload
as it is getting reset at the end of coreboot.
Change-Id: I7820bd7afd2e5f81e21a43f330ed42d3a732d577
Signed-off-by: Prudhvi Yarlagadda <pyarlaga@codeaurora.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33424
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
and make a configuraton for QEMU/ARM.
This CL allows building a sample libpayload for QEMU/ARM.
Change-Id: Ia32872c43a99357aa966de3582f6fdb2e2652517
Signed-off-by: Asami Doi <doiasami1219@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33287
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
We had a value that was overloaded thrice.
By moving them in a common structure and ordering them by value such
issues are hopefully avoided in the future.
Also add a few values to libpayload that were only defined in
commonlib.
Change-Id: I227d078eebee2d92488454707d4dab8ecc24a4d8
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32958
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
We had a value that was overloaded thrice.
By moving them in a common structure and ordering them by value such
issues are hopefully avoided in the future.
Change-Id: I0c7762601d7620413989b458fa634d7606accc9d
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32957
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Documentation is scarce on the matter, however the related coreboot
code suggests that after the ACK, the keyboard also sends the result
of the self test (passed/failed). It looks like this result is never
consumed here, probably resulting in further confusion for later com-
mands.
Let's revert this for now (if it's not too late for the 4.10 release)
and break things later again. IMHO, due to the fact that there are
dozens of different keyboard controller and keyboard implementations
and no accurate specification followed, such changes should be tested
on a lot of hardware before merge.
This reverts commit a99ed13e33.
This reverts commit 7ae606f57f.
Change-Id: I4d4304d5d8a01e013feac61016c59bcaeea81140
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33244
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Martin Kepplinger <martink@posteo.de>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Furquan Shaikh <furquan@google.com>
CB:32951 ("libpayload: Reset PS/2 keyboard") added a call to reset
keyboard and check the return value of keyboard_cmd() to compare
against I8042_KBCMD_ACK. However, keyboard_cmd() already checks for
ACK and returns 1 or 0 based on whether ACK is received.
This change fixes the check introduced by CB:32951 to compare against
0 just like the other checks for keyboard_cmd(). Additionally, it adds
error messages for all failed commands in keyboard_init() to make the
prints consistent in case of failure.
BUG=b:134366527
TEST=Verified that logs do not contain "ERROR: Keyboard reset failed"
anymore.
Change-Id: Idcadaae12e0a44e404a1d98c6deb633d97058203
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33185
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frank Wu <frank_wu@compal.corp-partner.google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Loading a libpayload based payload like coreinfo or FILO from SeaBIOS or
GRUB pressing keys does not give the expected results.
For example, pressing F1 gives the character 24 translated to scan code
6a. ESC for example 43 (111) in coreinfo loaded from SeaBIOS on QEMU
Q35.
The problem is not reproducible using the payload directly, that means
without SeaBIOS or GRUB. The problem seems to be, that those have already
initialized the PS/2 controller and AT keyboard.
Comparing it with coreboot’s PS/2 keyboard code, the keyboard needs to
be reset. That seems to fix the issue, when the keyboard was initialized
before.
TEST=Build coreboot for QEMU Q35 with SeaBIOS, and coreinfo as secondary
payload. Run
qemu-system-i386 -M q35 -L /dev/shm -bios build/coreboot.rom -serial stdio
press 3 to select the coreinfo payload, and verify that the keys F1 and
F2 are working.
Same with coreinfo loaded from GRUB on the ASRock E350M1.
Change-Id: I2732292ac316d4bc0029ecb5c95fa7d1e7d68947
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32951
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
We got another tag in the meantime, so resolve the conflict.
Change-Id: I64cb5e02a9bed3d8746b75e451c13a1598341ba1
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32954
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Pass the return value from early_mmc_wake_hw() to the payload so that
payload can skip sending CMD0 and resetting the card in case of success
or in case of a failure in firmware, payload can recover by sending
CMD0 and resetting the card.
BUG=b:78106689
TEST=Boot to OS
Change-Id: Ia4c57d05433c3966118c3642913d7017958cce55
Signed-off-by: Bora Guvendik <bora.guvendik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/25464
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Needed to make libpayload build clean with -Wconversion.
BUG=b:111443775
BRANCH=none
TEST=make junit.xml shows fewer warnings with -Wconversion enabled
Change-Id: Ie193e39854d2231b6d09a2b0deeeef2873e900ab
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32184
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Free several resources when AHCI initialization fails. Note that it is
only safe to free resources when the command engine has stopped, since
otherwise they may still be used for DMA.
Found-by: Coverity CID 1260719, 1260727, 1261090, 1261098
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Change-Id: I6826d79338b26ff9696ab6ac9eb4c59f734687d8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32778
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Ctrl-delete does nothing, so it falls through to the default case.
Add a comment to make this explicit.
Found-by: Coverity Scan #1260878
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Change-Id: I4a6f51cb04696b6ebcb554c5667a5bbea58622c1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32750
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Depthcharge uses the keyboard type to help determine whether
it can trust the keyboard for security-sensitive confirmations.
Currently it trusts anything except usb, but now there's a need
to distrust ec-based ps/2 keyboards that are associated with untrusted
ECs. To help facilitate this, coreboot needs to report more
details about non-usb keyboards, so this change replaces the current
instances of unknown with enum values that distinguish uart and gpio
from ec-based keyboards.
BUG=b:129471321
BRANCH=None
TEST=Local compile and flash to systems with trusted and non-trusted
ECs. Confirmed that security confirmation can't be performed via
keyboard on a system with an untrusted EC but can still be performed
on a system with a trusted EC.
Change-Id: Iee6295dafadf7cb3da98b62f43b0e184b2b69b1e
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32717
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
GPT4 is a 32-bit timer and the counter of GPT4 will overflow in about
330 seconds (0xffffffff / 13MHz). Timer and delay functions will not
work properly if the counter overflows. To fix that we should use the
64-bit timer (GPT6).
BUG=b:80501386
BRANCH=none
Test=emerge-elm coreboot; emerge-kukui coreboot
Change-Id: I9f080e47253a1b1bab4636a45cb86c8666a25302
Signed-off-by: Tristan Shieh <tristan.shieh@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32245
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: You-Cheng Syu <youcheng@google.com>
set_option_with() expects a buffer of the exact size of the option.
Change-Id: I21332394f88cf2daa4f733a544627d6d3c6ef26c
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31348
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The firmware is basically ignoring F11 and F12 without this change.
BUG=b:130143385
TEST=local compile and flash to device. Confirmed that press of F11 and F12
keys now generates appropriate keypress events (and the same codes that
are already generated by these keys on an external USB keyboard).
Signed-off-by: Matt Delco <delco@chromium.org>
Change-Id: Ic43114aa99fc0a1345782c81ed2b90f5569af383
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32256
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Our strtol() and strtoull() function contain almost exactly the same
code. This is a) bad in general and b) may cause the code to get out of
sync, such as it recently happened with CB:32029.
This patch changes strtol() to be based on strtoull() so that the main
parsing code exists only once, and also adds a strtoll() to round off
the library. Also fix the bounds imposed by strtoul() to be based on the
actual length of a 'long', not hardcoded to 32-bits (which is not
equivalent on all architectures).
Change-Id: I919c65a773cecdb11739c3f22dd0d182ed50c07f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32086
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Our current limits.h only provides (U)INT_MAX constants. This patch adds
most others expected by POSIX. Since some of these may be different
depending on architecture (e.g. 'long' is 32-bit on x86 and 64-bit on
arm64), provide a definition that will automatically figure out the
right value for the data model the compiler is using (as long as it's
using two's complement for signed integers, which I think we can assume
these days).
Change-Id: I1124a41279abd4f53d208270e392e590ca8eaada
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32085
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
New compilers are a little more stringent about defining the same
prototype more than once, so some of our CONFIG_LP_DEBUG_MALLOC wrappers
don't quite work the way they are written anymore. Also, several of the
printf()s weren't written 64-bit safe. And let's add some
double-evaluation safety while I'm here anyway... and I have no idea why
this ever depended on CONFIG_LP_USB, that just seems like a typo.
Change-Id: Ib54ebc3cfba99f372690365b78c7ceb372c0bd45
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/14921
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Cast cpu_khz to a 64 bit integer to prevent possible
integer overflow (the multiplication is currently done
using 32 bit math). Similar to 61dac13 (libpayload:
timer: cast cpu_khz to make sure 64bit math is used).
Found-by: Coverity Scan, CID 1261177
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Change-Id: Iadb0abb7c7cc078f31a6d88d971f5d1b8ac62a9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32223
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
One of many steps to compile with -Wconversion, as unsigned int and int
aren't the same thing.
BUG=b:111443775
BRANCH=none
TEST=make junit.xml shows fewer warnings with -Wconversion enabled
Change-Id: I9673ca70da32a1e5117b27fa89167e03379af9c1
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32183
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
I just got hit by a double-evaluation bug again, it's time to attempt
to fix this once more. Unfortunately there are several issues that don't
make this easy:
- bitfield variables don't support typeof()
- local macro variables that shadow others trigger -Werror=shadow
- sign warnings with integer literal and unsigned var in typeof-MIN()
- ({ statement expressions }) can not be used outside functions
- romcc doesn't support any of the fancy GCC/clang extensions
This patch tries to address all of them as far as possible with macro
magic. We don't have the technology to solve the bitfield and
non-function context issues yet (__builtin_choose_expr() still throws a
"no statement expression outside a function" error if it's only in the
branch that's not chosen, unfortunately), so we'll have to provide
alternative macros for use in those cases (and we'll avoid making
__ALIGN_MASK() double-evaluation safe for now, since it would be
annoying to do that there and having an alignment mask with side
effects seems very unlikely). romcc can continue using unsafe versions
since we're hopefully not writing a lot of new code for it. Sign
warnings can be avoided in literal/variable comparisons by always using
the type of the variable there. Shadowing is avoided by picking very
explicit local variable names and using a special __COUNTER__ solution
for MIN() and MAX() (the only ones of these you're likely to nest).
Also add DIV_ROUND_UP() to libpayload since it's a generally quite
useful thing to have.
Change-Id: Iea35156c9aa9f6f2c7b8f00991418b746f44315d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32027
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
strtoull() can optionally take a second pointer as an out-parameter that
will be adjusted to point to the end of the parsed string. This works
almost right, but misses two important edge cases: firstly,when the
parsed string is "0", the function will interpret the leading '0' as an
octal prefix, so that the first actually parsed digit is already the
terminating '\0' byte. This will cause the function to early abort,
which still (correctly) returns 0 but doesn't adjust *endptr.
The early abort is pointless anyway -- the only other thing the function
does is run a for-loop whose condition is the exact inverse (so it's
guaranteed to run zero iterations in this case) and then adjust *endptr
(which we want). So just take it out. This also technically corrects the
behavior of *endptr for a completely invalid string, since the strtoull
man page says
> If there were no digits at all, strtoul() stores the original value of
> nptr in *endptr (and returns 0).
The second issue occurs when the parsed string is "0x" without another
valid digit behind it. In this case, we will still jump over the 0x
prefix so that *endptr is set to the first byte after that. The correct
interpretation in this case is that there is no 0x prefix, and instead a
valid 0 digit with the 'x' being invalid garbage at the end. By not
skipping the prefix unless there's at least one valid digit after it, we
get the correct behavior of *endptr pointing to the 'x'.
Change-Id: Idddd74e18e410a9d0b6dce9512ca0412b9e2333c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32029
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Create a new cbtable entry called VBOOT_WORKBUF for
storing a pointer to the vboot workbuf within the
vboot_working_data structure.
BUG=b:124141368, b:124192753
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
BRANCH=none
Change-Id: Id68f43c282939d9e1b419e927a14fe8baa290d91
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31887
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch is a raw application of
find payloads/ -type f | \
xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I883b03b189f59b5d998a09a2596b0391a2d5cf33
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31775
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The IS_ENABLED() macro is pretty long and unwieldy for something so
widely used, and often forces line breaks just for checking two Kconfigs
in a row. Let's replace it with something that takes up less space to
make our code more readable. From now on,
if (IS_ENABLED(CONFIG_XXX))
#if IS_ENABLED(CONFIG_XXX)
shall become
if (CONFIG(XXX))
#if CONFIG(XXX)
Change-Id: I2468427b569b974303084574125a9e1d9f6db596
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31773
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Nico Huber