The spec recommends to set the mapping_offset only when there are
ID mappings as indicated by the mapping_count field.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
The IORT spec says that reserved bits must be set to zero, thus clear
all fields of the struct before starting to fill out non-reserved
fields.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Check that the provided offsets are really pointing to a node
that have been previously written and are of the correct type.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Even though the RC node has the correct size and the ID mappings
are written to the end of the node, the ID 'mapping offset' and
'mapping count' are not written in the IORT RC node header, thus it
looks like that the RC node has no ID mappings.
The Linux kernel doesn't complain about the invalid IORT RC node,
even though the spec says that each RC node must have an ID mapping.
The kernel will fail to use MSI IRQs and fall back to a legacy IRQ
mechanism that's not working either.
Finally it will show strange behaviour around PCI interrupts, making it
hard to trace back to an invalid IORT RC nodes.
Add the missing ID mapping count and mapping offset.
TEST: Fixes IRQ usage of PCI devices on qemu/sbsa-ref.
Fixes: bf5d37662d "acpi: acpi_table: Add IORT support"
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
We have three warnings about needing to use quotes around some strings
in Kconfig files today. In two of these cases we can just add the
missing strings. In the case of INTEL_PINCTRL_PADCFG_PADTOL the symbol
is never referenced and should be dropped.
Signed-off-by: Tom Rini <trini@konsulko.com>
The EFI HTTP boot puts the ISO installer image at some location in
memory. Information about this image has to be passed on to the OS
kernel, which is done by adding a persistent memory(pmem) node to the
devicetree(DT) that is passed to the OS. The OS kernel then gets
information about the presence of this ISO image and proceeds with the
installation.
In U-Boot, this ISO image gets mounted as a memory mapped blkmap
device slice, with the 'preserve' attribute. Add a helper function
which iterates through all such slices, and invokes a callback. The
callback adds the pmem node to the DT and removes the corresponding
memory region from the EFI memory map. Invoke this helper function as
part of the DT fixup which happens before booting the OS.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
ACPI has NFIT and NVDIMM support to provide ramdisks to the OS. Linux
and device trees have support for persistent memory(pmem) devices. The
firmware can then add a pmem node for the region of memory occupied by
the ramdisk when passing the device-tree to the OS.
It's worth noting that for linux to instantiate the /dev/pmemX device,
the memory described in the pmem node has to be omitted from the EFI
memory map we hand over to the OS if ZONE_DEVICES and SPARSEMEM is
enabled. With those enabled the pmem driver ends up calling
devm_memremap_pages() instead of devm_memremap(). The latter works
whether the memory is omitted or marked as reserved, but mapping pages
only works if the memory is omitted.
On top of that, depending on how the kernel is configured, that memory
area must be page aligned or 2MiB aligned. PowerPC is an exception here
and requires 16MiB alignment, but since we don't have EFI support for
it, limit the alignment to 2MiB.
Ensure that the ISO image is 2MiB aligned and remove the region
occupied by the image from the EFI memory map.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With upcoming changes supporting pmem nodes, we need to remove the
pmem area from the EFI memory map. Rename efi_add_memory_map_pg() to
efi_update_memory_map(), and allow removing memory from the EFI memory
map.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The efi_install_fdt() function is called before booting an EFI binary,
either directly, or through a bootmanager. This function installs a
copy of the device-tree(DT) on the EFI configuration table, which is
passed on to the OS.
The current logic in this function does not install a DT if a
device-tree is already installed as an EFI configuration
table. However, this existing copy of the DT might not be up-to-date,
or it could be a wrong DT for the image that is being booted. Always
install a DT afresh to the configuration table before booting the EFI
binary.
Installing a new DT also involves some additional checks that are
needed to clean up memory associated with the existing DT copy. Check
for an existing copy, and free up that memory.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There is logic in the copy_fdt() function which is iterating over the
platform's DRAM banks and setting the fdt_ram_start variable. However,
this variable is not used subsequently in the function. Remove this
superfluous code.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When converting an IPv4 device path node to text, the
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL will produce the following string:
IPv4(5.6.7.8,TCP,UDP,0x6,DHCP,1.2.3.4,9.10.11.12,255.255.255.0)
This string erroneously contains multiple protocols: TCP, UDP and 0x6.
Add the missing `break' statements in the dp_msging() function to fix this
and obtain the following expected string instead:
IPv4(5.6.7.8,TCP,DHCP,1.2.3.4,9.10.11.12,255.255.255.0)
Fixes: aaf63429a1 ("efi_loader: add IPv4() to device path to text protocol")
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Adriano Cordova <adrianox@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Ben reports a failure to boot the kernel on hardware that starts its
physical memory from 0x0.
The reason is that lmb_alloc_addr(), which is supposed to reserve a
specific address, takes the address as the first argument, but then also
returns the address for success or failure and treats 0 as a failure.
Since we already know the address change the prototype to return an int.
Reported-by: Ben Schneider <ben@bens.haus>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ben Schneider <ben@bens.haus>
Reviewed-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Sughosh Ganu <sughosh.ganu@linaro.org> says:
The patch series contains some fixes and improvements in the lmb
code, along with addition of corresponding test cases for the changes
made.
The lmb_reserve() function currently does not check if the requested
reservation would overlap with existing reserved regions. While some
scenarios are being handled, some corner cases still exist. These are
being handled by patch 1, along with adding test cases for these
scenarios.
Patch 2 is handling the case of reserving a new region of memory, but
that region overlaps with an existing region. The current code only
handles one particular scenario, but prints a message for the other
scenario of an encompassing overlap and returns back. The patch
handles the encompassing overlap.
Patch 3 is an improvement whereby we allow coalescing a newly reserved
region with an existing region. The current code exits this check
prematurely.
Patch 4 is removing a now superfluous check for overlapping regions
with flag other than LMB_NONE. This now gets handled at an earlier
point in lmb_reserve().
Patch 5 is clubbing the functionality to check if two regions are
adjacent, or overlap, allowing some code re-use.
Patch 6 is optimising the lmb_alloc() function by having it call
_lmb_alloc_base() directly.
Link: https://lore.kernel.org/r/20250303133231.405279-1-sughosh.ganu@linaro.org
The actual logic to allocate a region of memory is in the
_lmb_alloc_base() function. The lmb_alloc() API function calls
lmb_alloc_base(), which then calls _lmb_alloc_base() to do the
allocation. Instead, call the _lmb_alloc_base() directly from both the
allocation API's, and move the error message to the _lmb_alloc_base().
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The functions to check if the two said regions are adjacent or overlap
are pretty similar in nature. Club the functionality into a single
function lmb_regions_check() and return the appropriate return value
to signify this aspect.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
U-Boot allows re-use of already reserved memory through the
lmb_reserve() and lmb_alloc_addr() API's. This memory re-use is
allowed only when the flag of the existing reserved region and that of
the requested region is LMB_NONE. A check was put in the
lmb_add_region_flags() in commit 8b8b35a4f5 to handle the scenario
where an already reserved region was re-requested with region flag
other than LMB_NONE -- the function then returns -EEXIST in such a
scenario.
The lmb_reserve() function now does a check for a reservation request
with existing reserved regions, and returns -EEXIST in case of an
overlap but when the flag check fails. Remove this now redundant check
from lmb_add_region_flags().
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The lmb_add_region_flags() first checks if the new region to be added
can be coalesced with existing regions. The check stops if the two
regions are adjecent but their flags do not match. However, it is
possible that the newly added region might be adjacent with the next
existing region and with matching flags. Check for this possibility by
not breaking out of the loop.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The lmb_fix_over_lap_regions() function is called if the added region
overlaps with an existing region. The function then fixes the overlap
and removes the redundant region. However, it makes certain
assumptions. One assumption is that the overlap would not encompass
the existing region. Another assumption is that the overlap only
occurs between two regions -- the scenario of the added region
overlapping multiple existing regions is not being handled. Handle
these cases by instead calling lmb_resize_regions(). Also remove the
now superfluous lmb_fix_over_lap_regions().
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The logic used in lmb_alloc() takes into consideration the existing
reserved regions, and ensures that the allocated region does not
overlap with any existing allocated regions. The lmb_reserve()
function is not doing any such checks -- the requested region might
overlap with an existing region. This also shows up with
lmb_alloc_addr() as this function ends up calling lmb_reserve().
Add a function which checks if the region requested is overlapping
with an existing reserved region, and allow for the reservation to
happen only if both the regions have LMB_NONE flag, which allows
re-requesting of the region. In any other scenario of an overlap, have
lmb_reserve() return -EEXIST, implying that the requested region is
already reserved.
Add corresponding test cases which check for overlapping reservation
requests made through lmb_reserve() and lmb_alloc_addr(). And while
here, fix some of the comments in the test function being touched.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
EFI applications need to be relocatable. Ordinarily, this is achieved
through a PE-format .reloc section, but since that requires toolchain
tricks to achieve, U-Boot's EFI applications instead embed ELF-flavored
relocation information and use it for self-relocation; thus, the
.dynamic section needs to be preserved.
Before this patch, it was tacked on to the end of .text, but this was
not proper: A .text section is SHT_PROGBITS, while the .dynamic section
is SHT_DYNAMIC. Attempting to combine them like this creates a section
type mismatch. While GNU ld doesn't seem to complain, LLVM's lld
considers this a fatal linking error.
This patch moves .dynamic out to its own section, so that the output ELF
has the correct types. (They're all mashed together when converting to
binary anyway, so this patch causes no change in the final .efi output.)
Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Cc: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
- Check return value of fdt_getprop for NULL.
- Return -EFAULT if 'algo' property is missing.
- Prevent NULL pointer dereference in strcmp."
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Using HTTPS without root (CA) certificates is a security issue. Print a
warning in this case. Also, when certificate verification fail, print
an additional message because "HTTP client error 4" is not very
informative (4 is HTTPC_RESULT_ERR_CLOSED).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of relying on some build time configuration to determine if
server certificates need to be checked against CA certificates, do it
based on the availability of such certificates. If no CA is configured
then no check can succeed; on the other hand if we have CA certs then
we should not ignore them. It is always possible to remove the CA certs
(via 'wget cacert 0 0') to force an HTTPS download that would fail
certificate validation.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CONFIG_SYS_FDT_PAD defines the number of unused bytes added to a
device-tree and not the total size.
Fixes: 40ed7be4af ("Convert CONFIG_SYS_FDT_PAD to Kconfig")
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Structure jmp_buf_data provides the underlying format of jmp_buf, which
we actually don't care about. Clean up existing code to use the standard
jmp_buf type. This introduces no functional change.
Signed-off-by: Yao Zi <ziyao@disroot.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Separate setjmp.h into an architecture independent part and an architecture
specific part. This simplifies moving from using struct jmp_buf_data
directly to using type jmp_buf in our code which is the C compliant way.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add support for multiple efi_net_obj structs in efi_net.c. This comes
in preparation for an EFI network driver supporting multiple network
interfaces. For now the EFI network stack still registers a single ethernet
udevice as an EFI network device even if multiple are present, namely
the one that was the current device at the moment of EFI initialization.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
In preparation to support mutiple efi net udevices. Add a device path
cache to support device paths from multiple ethernet udevices.
The device paths can be added to the cache before EFI gets initialized and
the protocols get installed.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
In preparation to support multiple EFI net objects, support
constructing device paths using an ethernet device different
than the default. Add a udevice argument to the device path
generation, and keep the callsites with eth_get_dev() to
preserve existing functionality.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
This gets called each time a payload is to get executed by bootefi.
For now this only updates the PXE IP address.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
The coomand bootefi calls efi_init_obj_list to do the efi set up
before launching an .efi payload, but efi_init_obj_list is called
only once. There are some initializations which depend on the
environment and should be done each time a payload gets launched and
not only once. A motivation for this changes is the following order
of events:
1. Launch an EFI application (e.g. bootefi hello)
2. Change the ip address
3. Launch another application which uses the pxe protocol
As the EFI pxe protocol was initialized when the handles
for efi net were created in 1., the ip was hardcoded there.
In this example, another possibility would be to make a callback for ip
address changes to go all the way up to efi_net.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
The following symbols are exposed:
- efi_reinstall_protocol_interface
This is done so that the device path protocol interface
of the network device can be changed internally by u-boot
when a new bootfile gets downloaded.
- eth_set_dev
To support multiple network udevices
- efi_close_event
This comes in preparation to support unregistering
an EFI network device from the EFI network stack when
the underlying U-boot device gets removed
- efi_[dis]connect_controller
The EFI network driver uses ConnectController to add a
NIC to the EFI network stack.
- efi_uninstall_protocol_interface
connect_controler for the efi network driver can install
protocols, which need to be uninstalled in disconnect_controller
- EFI_SIMPLE_NETWORK_PROTOCOL_GUID
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
This commit fixes an use after free introduced in Commit e55a4acb54
(" efi_loader: net: set EFI bootdevice device path to HTTP when loaded
from wget"). The logic in efi_net_set_dp is reworked so that when the
function is invoked it not only changes the value of the static variable
net_dp (this is how the function was implemented in e55a4acb54) but also
updates the protocol interface of the device path protocol in case efi
has started.
Fixes: e55a4acb54 ("efi_loader: net: set EFI bootdevice device path to HTTP when loaded from wget")
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
Gabriel Dalimonte <gabriel.dalimonte@gmail.com> says:
This series adds support for file renaming to EFI_FILE_PROTOCOL.SetInfo().
One of the use cases for renaming in EFI is to facilitate boot loader
boot counting.
No existing filesystems in U-Boot currently include file renaming,
resulting in support for renaming at the filesystem level and a
concrete implementation for the FAT filesystem.
Link: https://lore.kernel.org/r/20250217182648.31294-1-gabriel.dalimonte@gmail.com
Following the UEFI specification. The specification did not seem to
delineate if file_name was explicitly a file name only, or could
include paths to move the file to a different directory. The more
generous interpretation of supporting paths was selected.
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In order to support renaming via SetInfo(), path must allow for longer
values than what was originally present when file_handle was allocated.
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
The implementation roughly follows the POSIX specification for
rename() [1]. The ordering of operations attempting to minimize the chance
for data loss in unexpected circumstances.
The 'mv' command was implemented as a front end for the rename operation
as that is what most users are likely familiar with in terms of behavior.
The 'FAT_RENAME' Kconfig option was added to prevent code size increase on
size-oriented builds like SPL.
[1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/rename.html
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
- Ensure `free_ctx` is called in both error and success paths.
- Fix memory leak in `ctx.signature` when `do_add` fails."
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
The current code has a problematic corner case with formar "%c" and
0 as parameter. The proper zero byte is being emitted into digit buffer
but the final copy into outstr expects null-terminated string and doesn't
copy the required \0 byte. This has lead to malformed TFTP packets, refer
to tftp_send() which relies on %c to generate multiple zero-terminated
strings in one buffer.
Introduce a variable to force the copy of one character in this case.
The new behaviour is consistent with non-tiny implementation.
Reported-by: Chintan Vankar <c-vankar@ti.com>
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data
when building host tools.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Baocheng Su <baocheng.su@siemens.com> says:
This introduces a sysinfo driver which also permits SMBIOS support.
The first 10 patches of v2 have already been applied. The remaining is
solely the sysinfo driver. To maintain consistency and ease of searching
through the history, the series title remains unchanged.
Link: https://lore.kernel.org/r/20250218023614.52574-1-baocheng.su@siemens.com
