Age | Commit message (Collapse) | Author | Files | Lines |
|
Annotate io accessor pointer types with endian.
sparse caught a bug in memcpy_from_ci, which is fixed.
From: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
SPDX makes it a simpler diff.
I have audited the commit history of each file to ensure that they are
exclusively authored by IBM and thus we have the right to relicense.
The motivation behind this is twofold:
1) We want to enable experiments with coreboot, which is GPLv2 licensed
2) An upcoming firmware component wants to incorporate code from skiboot
and code from the Linux kernel, which is GPLv2 licensed.
I have gone through the IBM internal way of gaining approval for this.
The following files are not exclusively authored by IBM, so are *not*
included in this update (I will be seeking approval from contributors):
core/direct-controls.c
core/flash.c
core/pcie-slot.c
external/common/arch_flash_unknown.c
external/common/rules.mk
external/gard/Makefile
external/gard/rules.mk
external/opal-prd/Makefile
external/pflash/Makefile
external/xscom-utils/Makefile
hdata/vpd.c
hw/dts.c
hw/ipmi/ipmi-watchdog.c
hw/phb4.c
include/cpu.h
include/phb4.h
include/platform.h
libflash/libffs.c
libstb/mbedtls/sha512.c
libstb/mbedtls/sha512.h
platforms/astbmc/barreleye.c
platforms/astbmc/garrison.c
platforms/astbmc/mihawk.c
platforms/astbmc/nicole.c
platforms/astbmc/p8dnu.c
platforms/astbmc/p8dtu.c
platforms/astbmc/p9dsu.c
platforms/astbmc/vesnin.c
platforms/rhesus/ec/config.h
platforms/rhesus/ec/gpio.h
platforms/rhesus/gpio.c
platforms/rhesus/rhesus.c
platforms/astbmc/talos.c
platforms/astbmc/romulus.c
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
[oliver: fixed up the drift]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Should be no real code change, these mostly update type declarations
that sparse complains about.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Using traps for assertions like Linux does gives a few advantages:
- The asm code leading to the failure condition is nicer.
- The interrupt gives a clean snapshot of machine state to dump.
The difficulty with using traps for this in OPAL is that the runtime
component will not deal well with the OS taking the 0x700 interrupt
caused by a trap in OPAL.
The long term goal is to improve the ability of the OS to inspect and
debug OPAL at runtime. For now though, the traps are patched out before
passing control to the OS, and the assert falls through to in-line
failure handling.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[oliver: commit prefix, added and renamed the FWTS label, fix tests]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Use Software Package Data Exchange (SPDX) to indicate license for each
file that is unique to skiboot.
At the same time, ensure the (C) who and years are correct.
See https://spdx.org/
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
[oliver: Added a few missing files]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Use compiler builtins for the string functions, and compile the
libc/string/ directory with -O2.
This reduces instructions booting skiboot in mambo by 2.9 million in
slow-sim mode, or 3.8 in normal mode, for less than 1kB image size
increase.
This can result in the compiler warning more cases of string function
problems.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
Upgrade libfdt/ to github.com/dgibson/dtc.git 243176c ("Fix bogus
error on rebuild")
This copies dtc/libfdt/ to skiboot/libfdt/, with the only change in
that directory being the addition of README.skiboot and Makefile.inc.
This adds about 14kB text, 2.5kB compressed xz. This could be reduced
or mostly eliminated by cutting out fdt version checks and unused
code, but tracking upstream is a bigger benefit at the moment.
This loses commits:
14ed2b842f61 ("libfdt: add basic sanity check to fdt_open_into")
bc7bb3d12bc1 ("sparse: fix declaration of fdt_strerror")
As well as some prehistoric similar kinds of things, which is the
punishment for us not being good downstream citizens and sending
things upstream! Syncing to upstream will make that effort simpler
in future.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
Caught by scan-build. If the stored token nxtTok
is already NULL, don't dereference src
Signed-off-by: Balbir singh <bsingharora@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
This changes to build system to use thin archives rather than
incremental linking for built-in.o, similar to recent change to Linux.
built-in.o is renamed to built-in.a, and is created as a thin archive
with no index, for speed and size. All built-in.a are aggregated into
a skiboot.tmp.a which is a thin archive built with an index, making it
suitable or linking. This is input into the final link.
The advantags of build size and linker code placement flexibility are
not as great with skiboot as a bigger project like Linux, but it's a
conceptually better way to build, and is more compatible with link
time optimisation in toolchains which might be interesting for skiboot
particularly for size reductions.
Size of build tree before this patch is 34.4MB, afterwards 23.1MB.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Sometimes handy.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
UBSan:
libc/test/run-snprintf.c:123:9: runtime error: left shift of 268435456 by 4 places cannot be represented in type 'int'
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
From auditing all the mktime() users, there seems to be only a *very*
small window around new years day where we could possibly return
incorrect data to the OS, and even then, there would have to be FSP
reset/reload on FSP machines. I don't *think* there's an opportunity
on other machines.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Shilpasri G Bhat <shilpa.bhat@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
silences recent GCC warning
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
And change include order in libpore to avoid a compile failure
due to the default definition
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
int to size_t
Reason of the change as integer value may overflow, and it can give negative
value for the length.
This patch also changes the data type of variable which is compared with
strlen() as the comparison also has to be done on the same level.
Signed-off-by: Mukesh Ojha <mukesh02@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds memcpy_from_ci, a cache inhibited version of memcpy, required
by secure boot. The secure boot verification code is stored in a secure
ROM and the logic that contains the ROM within the processor is
implemented in a way that it only responds to CI (cache inhibited)
operations. Due to performance issues we copy the verification code from
the secure ROM to RAM and we use memcpy_ci for that.
What makes memcpy_ci vs ordinary memcpy?
memcpy copies data like in the example below and the compiler translates that
to load instructions that are not cache inhibited (e.g. lbzx - load byte and
zero indexed). In other words, the data is cached.
a[i] = b[i]
memcpy_ci copies data using the cache inhibited version of load instructions:
in_8() and in_be32(), both defined in include/io.h. These functions use lbzcix
and lwzcix assembly instructions, respectively. In this case, the data is not
cached as required by the logic that contains the ROM.
*((uint8_t*) destp) = in_8((uint8_t*)srcp);
*((uint32_t*) destp) = in_be32((uint32_t*)srcp)
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Reviewed-by: Mukesh Ojha <mukesh02@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Memory poisoning hammers this, so let's be a bit smart about it and
avoid falling back to byte stores when the data is not 0
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
libc printf style functions are annotated with __attribute__((format
(printf, x, y))) which causes GCC to perform compile time checks
against these arguments.
As of at least gcc 6.1.1 [(GCC) 6.1.1 20160602] this causes an error
running make check. GCC appears to be guaranteeing that the format
argument won't be NULL and complaining about explicit checks.
In file included from core/test/run-console-log-buf-overrun.c:48:0:
core/test/run-console-log-buf-overrun.c: In function ‘snprintf’:
core/test/../../libc/stdio/snprintf.c:21:19: error: nonnull argument
‘format’compared to NULL [-Werror=nonnull-compare]
if ((buff==NULL) || (format==NULL))
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors make:
*** [core/test/Makefile.check:59:core/test/run-console-log-buf-overrun] Error 1
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
While reviewing the Debian packaging, codespell found those.
Most proposed fixes are based on codespell's default dictionnary.
Signed-off-by: Frederic Bonnard <frediz@linux.vnet.ibm.com>
Reviewed-by: Mukesh Ojha <mukesh02@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently these exist for some parts of the source tree, but not all of it. They're nice if you are only modifing code in a one part of the tree as the full test suite can be a little slow.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We don't use scanf at all, so solve the bugs found by static analysis
by just removing it.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Presently abort() call sets up HID0, triggers attention and finally
calls infinite for loop. FSP takes care of collecting required logs
and reboots the system. This sequence is specific to FSP machine
and it will not work on BMC based machine. Hence move FSP specific
code to hw/fsp/fsp-attn.c.
Note that this patch adds new parameter to abort call. Hence replaced
_abort() by abort() in exception.c so that we can capture file info
as well.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
At the moment ECC reads and writes are still being handled by the low level
core of libflash. ECC should be none of libflashes concern, it is primarily
a hardware access backend.
It makes sense for blocklevel to take care of ECC but currently it has no
way of knowing. With some simple modifications (which are rudimentary at
the moment and will need a performance improvement) blocklevel can handle
ECC, and with a little more effort this can be extended to provide read and
write protection in blocklevel.
Reviewed-By: Alistair Popple <alistair@popple.id.au>
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Better to error out than suddenly have places use uninitalized data.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This uses the dcbz instruction to clear cacheline at a time rather than
byte at a time. This means that even without high levels of optimization,
we *dramatically* improve boot performance with SKIBOOT_GCOV=1 and probably
ever so slightly speed things up for normal builds.
We currently just hard-code 128 as cacheline size as all CPUs that skiboot
currently boots on have 128 byte cachelines.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The behaviour of atoi/atol on glibc (and according to the spec) is
to assume base 10, not to autodetect the base.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
When autodetecting the base, the code would strip hex prefixes twice.
Now the string is not modified in the detection stage.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This increases coverage of atoi, atol, strtol and strtoul to 100%.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|