This follows the example of RISC-V where <asm/global_data.h> includes
<asm/u-boot.h> directly as "gd" includes a reference to bd_info already
and so the first must include the second anyhow. We then remove
<asm/u-boot.h> from all of the places which include references to "gd"
an so have <asm/global_data.h> already.
Signed-off-by: Tom Rini <trini@konsulko.com>
Eugene Uriev <eugeneuriev@gmail.com> says:
There was no "mcheck" for U-Boot before.
Since U-Boot has only 1 thread, and normally makes 4000+ - 6000+
mallocs, it's better to use havier canaries to protect heap-chunks.
My variant uses 2x8 = 16byte-long protector. And
the multiplier could be changed to tune speed/protection tradeoff.
This protects not only against memset()-s, but against "near" wild
pointers too, and makes more probable to catch "distant" ones.
The core file of the set is included into the C-file, not complied
separately in order to enable (potential) coexisting of
mcheck-protectors, e.g. malloc_simple(.) and dlmalloc simultaneously.
My tests were for ARM SoC, 64bit, so the patch is
aware of alignment.
Primary this patch is for using by developers: to verify,
if a change doesn't break the heap integrity.
By default the mcheck is disabled and wouldn't affect the boot.
I used pedantic mode, canary=16byte, registry-size=6608.
For my system the overhead was 230ms.
The using of pre-reloc/malloc_simple heap is
too hard to follow after the relocation.
So lets drop it from the pedantic registry
and switch to dlmalloc, when moved.
The offset is ignored, but kept in the API
for the probable case, when that early
heap is relocated too.
Signed-off-by: Eugene Uriev <eugeneuriev@gmail.com>
The pedantic mode is run-time contolled, so
appropriate registry take place everytime.
Maybe it's worth to use compile-time control only.
So, the registry could be optimized out by an #ifdef.
Signed-off-by: Eugene Uriev <eugeneuriev@gmail.com>
This changes are probable worth to be generalized in a
separate .h-file so, making it able to cover
libc-mallocs and others, without too much copy-paste.
But the malloc<=>mALLOc substitutions interfere
with an elegant way to do this.
Signed-off-by: Eugene Uriev <eugeneuriev@gmail.com>
These fast helpers sometimes breach mem-chunk boundaries.
Thus they trigger mcheck alarm. Standard ones are accurate though.
Signed-off-by: Eugene Uriev <eugeneuriev@gmail.com>
We may enter the command line interface in a state where on the remote
console the cursor is not shown. Send an escape sequence to enable it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Those keyboards do not return the current device state. Polling will
timeout unless there are key presses. This is not a problem during
operation but the initial device state query during probing will fail.
Skip this step in usb_kbd_probe_dev() to make these devices useable.
Not all Apple keyboards behave like this. A keyboard with USB
vendor/product ID 05ac:0221 is reported to work with the current code.
Unfortunately some Keychron keyboards "re-use" Apple's vendor ID and
show the same behavior (Keychron C2, 05ac:024f for example).
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Janne Grunau <j@jannau.net>
Add the environment variable "usb_ignorelist" to prevent USB devices
listed in it from being bound to drivers. This allows to ignore devices
which are undesirable or trigger bugs in u-boot's USB stack.
Devices emulating keyboards are one example of undesirable devices as
u-boot currently supports only a single USB keyboard device. Most
commonly, people run into this with Yubikeys, so let's ignore those in
the default environment.
Based on previous USB keyboard specific patches for the same purpose.
Link: https://lore.kernel.org/u-boot/7ab604fb-0fec-4f5e-8708-7a3a7e2cb568@denx.de/
Reviewed-by: Neal Gompa <neal@gompa.dev>
Reviewed-by: Marek Vasut <marex@denx.de>
Signed-off-by: Janne Grunau <j@jannau.net>
When Falcon Mode is enabled on RISC-V, use CONFIG_VAL
to check PAYLOAD_ARGS_ADDR, not CONFIG_IS_ENABLED.
Fixes: 10c4ab898c ("spl: riscv: falcon: move fdt blob to specified address")
Signed-off-by: Randolph <randolph@andestech.com>
Tested-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Add a test for the button_cmd feature. This validates that commands can
be mapped to two buttons, that the correct command runs based on which
button is pressed, that only 1 command is run, and that no command runs
if button_cmd_0_name is wrong or unset.
Additionally, fix a potential uninitialised variable use caught by these
tests, the btn variable in get_button_cmd() is assumed to be null if
button_get_by_label() fails, but it's actually used uninitialised in
that case.
CONFIG_BUTTON is now enabled automatically and was removed when running
save_defconfig.
Fixes: e761035b64 ("boot: add support for button commands")
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
There could be two memory allocation scheme in SPL phase.
Explicitly print the corresponding error message.
Signed-off-by: Leo Yu-Chi Liang <ycliang@andestech.com>
This commit allows users to choose the appropriate memory
allocation method between static allocated and dynamically
calloc. The previous static-array way will not obviously
contribute to the final binary size since it is uninitialized,
and might have better performance than the dynamical one.
Now we provide the users with both the two options.
Signed-off-by: Hanyuan Zhao <hanyuan-z@qq.com>
This commit simply modifies the history initialize function,
replacing the return value by panic with reasons. The calling
chains of hist_init don't have steps explicitly throwing or
dealing with the ENOMEM error, and once the init fails, the
whole system is died. Using panic here to provide error
information instead.
Signed-off-by: Hanyuan Zhao <hanyuan-z@qq.com>
Drop old implementation and use hash_command() instead, as
how it's currently done for crc32 and sha1sum cmds.
Test:
=> md5sum 0x60000000 0x200
md5 for 60000000 ... 600001ff ==> e6bbbe95f5b41996f4a9b9af7bbd4050
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Return value of a function 'malloc_cache_aligned'
is dereferenced at autoboot.c:207 without checking for NULL,
but it is usually checked for this function.
Found by RASU JSC.
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
When `gd` is relocated during `spl_relocate_stack_gd()` the
doubly-linked circular list in the `log_head` member is broken.
The last element of the list should point back to the initial
`list_head`, but as the initial `list_head` is moved the pointer becomes
stale. As a result the loop in `log_dispatch` would never finish.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
ARCH_NEXELL: Change calculation of monitor length (gd->mon_len) to fix
relocation at boards with s5p4418-SoC (ARCH_NEXELL). At s5p4418, _start
is after the header (NSIH). Therefore the monitor length has to be
calculated using __image_copy_start instead of _start in order the
whole monitor code is relocated.
Signed-off-by: Stefan Bosch <stefan_b@posteo.net>
Raymond Mao <raymond.mao@linaro.org> says:
This patch set adds/adapts a few bloblist APIs and implements Arm arch
custom function to retrieve the bloblist (aka. Transfer List) from
previous loader via boot arguments when BLOBLIST option is enabled and
all boot arguments are compliant to the register conventions defined
in the Firmware Handoff spec v0.9.
If an arch wishes to have different behaviors for loading bloblist
from the previous boot stage, it is required to implement the custom
function xferlist_from_boot_arg().
During bloblist initialization, load the bloblist via boot arguments
from the previous loader.
If a valid bloblist exists in boot arguments, relocate it into the
fixed bloblist memory region.
If not, fallback to support BLOBLIST_ADDR or BLOBLIST_ALLOC.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
The current bloblist pointer and size can be retrieved from global
data, so we don't need to pass them from the function arguments.
This change also help to remove all external access of gd->bloblist
outside of bloblist module.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of expecting the bloblist total size to be the same as the
pre-allocated buffer size, practically we are more interested in
whether the pre-allocated buffer size is bigger than the bloblist
total size.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add bloblist_check_reg_conv() to check whether the bloblist is compliant
to the register conventions defined in Firmware Handoff specification.
This API can be used for all Arm platforms.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Additional testing of the changes introduced in commit 33e06dcbe5 "common:
usb-hub: Reset hub port before scanning") revealed that some USB 2.0 and 3.0
flash drives didn't work in U-Boot on some Allwinner SoCs that support USB
2.0 interfaces only. More precisely, some of the tested USB 2.0 and 3.0
flash drives failed to be detected and work on an OrangePi Zero 3, based on
the Allwinner H616 SoC that supports USB 2.0 only, while the same USB flash
drives worked just fine on a Pine64 H64, based on the Allwinner H6 SoC that
supports both USB 2.0 and USB 3.0 interfaces.
The USB ID of the above-mentioned USB 3.0 flash drive that failed to work is
1f75:0917 (Innostor Technology Corporation IS917 Mass storage), it is 32 GB
in size and sold under the PNY brand. The mentioned USB 2.0 drive is some
inexpensive no-name drive with an invalid USB ID.
Resetting USB 3.0 hubs only, which this patch introduces to the USB hub
resets, has been tested to work as expected, resolving the identified issues
on the Allwinner H616, while not introducing any new issues on other tested
Allwinner SoCs. Thus, let's fix it that way.
According to the USB 3.0 specification, resetting a USB 3.0 port is required
when an attached USB device transitions between different states, such as
when it resumes from suspend. Though, the Linux kernel performs additional
USB 3.0 port resets upon initial USB device attachment, as visible in commit
07194ab7be63 ("USB: Reset USB 3.0 devices on (re)discovery") in the kernel
source, to ensure proper state of the USB 3.0 hub port and proper USB mode
negotiation during the initial USB device attachment and enumeration.
These additional types of USB port resets don't exist for USB 2.0 hubs,
according the USB 2.0 specification. The resets seem to be added to the USB
3.0 specification as part of the port and device mode negotiation.
The Linux kernel resets USB 3.0 (i.e. SuperSpeed) hubs only, as visible in
commit 10d674a82e55 ("USB: When hot reset for USB3 fails, try warm reset.")
in the kernel source. The check for SuperSpeed hubs is performed in a way
that also applies to newer SuperSpeed Plus (USB 3.1 or 3.2) hubs as well,
which hopefully makes it future proof.
Fixes: 33e06dcbe5 ("common: usb-hub: Reset hub port before scanning")
Link:
https://lore.kernel.org/u-boot/20240207102327.35125-1-i@shantur.com/T/#u
Link:
https://lore.kernel.org/u-boot/20240201164604.13315fa6@donnerap.manchester.arm.com/T/#u
Signed-off-by: Shantur Rathore <i@shantur.com>
Helped-by: Dragan Simic <dsimic@manjaro.org>
Tested-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Introduce str_avb_io_error() and str_avb_slot_error() functions,
that provide a pointer to AVB runtime error message.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-6-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Make error prints more verbose with additional context.
Also s/print/debug/g for prints, which might be relevant only
for debugging purposes.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-4-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Move SPDX license identifiers to the first line, so it conforms
to license placement rule [1]:
Placement:
The SPDX license identifier in kernel files shall be added at the first
possible line in a file which can contain a comment. For the majority
of files this is the first line, except for scripts which require the
'#!PATH_TO_INTERPRETER' in the first line. For those scripts the SPDX
identifier goes into the second line.
[1] https://www.kernel.org/doc/Documentation/process/license-rules.rst
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
mmc_switch_part() is used for switching between hw partitions
on eMMC (boot0, boot1, user, rpmb).
There is no need to do that for SD card.
This fixes the avb command usage on SD cards.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
Link: https://lore.kernel.org/r/20240209192045.3961832-2-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
With the relatively new button API in U-Boot, it's now much easier to
model the common usecase of mapping arbitrary actions to different
buttons during boot - for example entering fastboot mode, setting some
additional kernel cmdline arguments, or booting with a custom recovery
ramdisk, to name a few.
Historically, this functionality has been implemented in board code,
making it fixed for a given U-Boot binary and requiring the code be
duplicated and modified for every board.
Implement a generic abstraction to run an arbitrary command during boot
when a specific button is pressed. The button -> command mapping is
configured via environment variables with the following format:
button_cmd_N_name=<button label>
button_cmd_N=<command to run>
Where N is the mapping number starting from 0. For example:
button_cmd_0_name=vol_down
button_cmd_0=fastboot usb 0
This will cause the device to enter fastboot mode if volume down is held
during boot.
After we enter the cli loop the button commands are no longer valid,
this allows the buttons to additionally be used for navigating a boot
menu.
Tested-by: Svyatoslav Ryhel <clamor95@gmail.com> # Tegra30
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
In event_type_name() we should avoid possible buffer overruns by checking
the type argument.
Addresses-Coverity-ID: 478862 Out-of-bounds access
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In Falcon Boot mode, the fdt blob should be move to the RAM from
kernel BSS section. To avoid being cleared by BSS initialisation.
SPL_PAYLOAD_ARGS_ADDR is the address where SPL copies.
Signed-off-by: Randolph <randolph@andestech.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Don't compile ubifs splash mount command for SPL build as this command
is not supported (and also not enabled) during SPL stage.
This fixes below compilation error, when CONFIG_CMD_UBIFS is enabled in
defconfig along with splash screen enabled at SPL stage:
"aarch64-none-linux-gnu-ld.bfd: common/cli.o: in function `run_command':
u-boot-next/u-boot/common/cli.c:51: undefined reference to
`parse_string_outer'
u-boot-next/u-boot/common/cli.c:51:(.text.run_command+0x10): relocation
truncated to fit: R_AARCH64_JUMP26 against undefined symbol
`parse_string_outer' make[2]: ***
[u-boot-next/u-boot/scripts/Makefile.spl:527: spl/u-boot-spl] Error 1
make[1]: *** [u-boot-next/u-boot/Makefile:2053: spl/u-boot-spl] Error 2
make[1]: Leaving directory 'u-boot-next/u-boot/out/a53' make: ***
[Makefile:177: sub-make] Error 2"
Fixes: eb9217dc03 ("common: Enable splash functions at SPL")
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Nikhil M Jain <n-jain1@ti.com>
Devarsh Thakkar <devarsht@ti.com> says:
Move video memory reservation for SPL at end of RAM so that it does
not interefere with reservations for next stage so that the next stage
need not have holes in between for passed regions and instead it can
maintain continuity in reservations.
Also catch the bloblist before starting reservations to avoid the same
problem.
While at it, also fill missing fields in video handoff struct before
passing it to next stage.
This is as per discussions at :
For moving SPL framebuffer reservation at end of RAM:
https://lore.kernel.org/all/CAPnjgZ3xSoe_G3yrqwuAvoiVjUfZ+YQgkOR0ZTVXGT9VK8TwJg@mail.gmail.com/
For filling missing video handoff fields :
https://lore.kernel.org/all/CAPnjgZ1Hs0rNf0JDirp6YPsOQ5=QqQSP9g9qRwLoOASUV8a4cw@mail.gmail.com/
Skip framebufer reservation if it was already reserved from previous
stage and whose information was passed using a bloblist.
Return error in case framebuffer information received from bloblist is
invalid i.e NULL or empty.
While at it, improve the debug message to make it more clear that
address in discussion is of framebuffer and not bloblist and also match
it with printing scheme followed in video_reserve function.
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Start reservations needed for init sequence only after catching
bloblists from previous stage.
This is to avoid catching bloblists in the middle causing gaps while
u-boot is reserving.
Adjust the relocaddr as per video hand-off information received from
previous stage so that further reservations start only after regions
reserved for previous stages
Skip reservation for video memory if it was already filled by a
bloblist.
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add an API which enforces framebuffer reservation from end of RAM.
This is done so that next stage can directly skip this region before
carrying out further reservations.
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that 32-bit SoCs can load U-Boot proper (and possibly other firmware)
from a FIT, people can use that by enabling CONFIG_SPL_LOAD_FIT.
However SPL_FIT_IMAGE_TINY is required to stay within the 24 or 32 KiB
SPL size limit on early SoCs; for consistency, enable it everywhere.
Signed-off-by: Samuel Holland <samuel@sholland.org>
[Andre: drop unconditional FIT image enablement for all SoCs]
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Starting with H6, Allwinner removed the artificial 32 KiB SPL size limit
from the boot ROM. Now SPL size is only limited by the available SRAM.
This limit ranges from 152 KiB on H6 to a whopping 2052 KiB on R329. To
take advantage of this additional space, we must increase SPL_MAX_SIZE.
Since we do not want to unnecessarily pad SPL out to these giant sizes,
we must set SPL_PAD_TO to zero. This causes no problems because binman
already takes care of appending the SPL payload at the right offset.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
