| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Shilpasri G Bhat <shilpa.bhat@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
silences recent GCC warning
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
And change include order in libpore to avoid a compile failure
due to the default definition
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
int to size_t
Reason of the change as integer value may overflow, and it can give negative
value for the length.
This patch also changes the data type of variable which is compared with
strlen() as the comparison also has to be done on the same level.
Signed-off-by: Mukesh Ojha <mukesh02@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds memcpy_from_ci, a cache inhibited version of memcpy, required
by secure boot. The secure boot verification code is stored in a secure
ROM and the logic that contains the ROM within the processor is
implemented in a way that it only responds to CI (cache inhibited)
operations. Due to performance issues we copy the verification code from
the secure ROM to RAM and we use memcpy_ci for that.
What makes memcpy_ci vs ordinary memcpy?
memcpy copies data like in the example below and the compiler translates that
to load instructions that are not cache inhibited (e.g. lbzx - load byte and
zero indexed). In other words, the data is cached.
a[i] = b[i]
memcpy_ci copies data using the cache inhibited version of load instructions:
in_8() and in_be32(), both defined in include/io.h. These functions use lbzcix
and lwzcix assembly instructions, respectively. In this case, the data is not
cached as required by the logic that contains the ROM.
*((uint8_t*) destp) = in_8((uint8_t*)srcp);
*((uint32_t*) destp) = in_be32((uint32_t*)srcp)
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Reviewed-by: Mukesh Ojha <mukesh02@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Memory poisoning hammers this, so let's be a bit smart about it and
avoid falling back to byte stores when the data is not 0
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
libc printf style functions are annotated with __attribute__((format
(printf, x, y))) which causes GCC to perform compile time checks
against these arguments.
As of at least gcc 6.1.1 [(GCC) 6.1.1 20160602] this causes an error
running make check. GCC appears to be guaranteeing that the format
argument won't be NULL and complaining about explicit checks.
In file included from core/test/run-console-log-buf-overrun.c:48:0:
core/test/run-console-log-buf-overrun.c: In function ‘snprintf’:
core/test/../../libc/stdio/snprintf.c:21:19: error: nonnull argument
‘format’compared to NULL [-Werror=nonnull-compare]
if ((buff==NULL) || (format==NULL))
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors make:
*** [core/test/Makefile.check:59:core/test/run-console-log-buf-overrun] Error 1
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
While reviewing the Debian packaging, codespell found those.
Most proposed fixes are based on codespell's default dictionnary.
Signed-off-by: Frederic Bonnard <frediz@linux.vnet.ibm.com>
Reviewed-by: Mukesh Ojha <mukesh02@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently these exist for some parts of the source tree, but not all of it. They're nice if you are only modifing code in a one part of the tree as the full test suite can be a little slow.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We don't use scanf at all, so solve the bugs found by static analysis
by just removing it.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Presently abort() call sets up HID0, triggers attention and finally
calls infinite for loop. FSP takes care of collecting required logs
and reboots the system. This sequence is specific to FSP machine
and it will not work on BMC based machine. Hence move FSP specific
code to hw/fsp/fsp-attn.c.
Note that this patch adds new parameter to abort call. Hence replaced
_abort() by abort() in exception.c so that we can capture file info
as well.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
At the moment ECC reads and writes are still being handled by the low level
core of libflash. ECC should be none of libflashes concern, it is primarily
a hardware access backend.
It makes sense for blocklevel to take care of ECC but currently it has no
way of knowing. With some simple modifications (which are rudimentary at
the moment and will need a performance improvement) blocklevel can handle
ECC, and with a little more effort this can be extended to provide read and
write protection in blocklevel.
Reviewed-By: Alistair Popple <alistair@popple.id.au>
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Better to error out than suddenly have places use uninitalized data.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This uses the dcbz instruction to clear cacheline at a time rather than
byte at a time. This means that even without high levels of optimization,
we *dramatically* improve boot performance with SKIBOOT_GCOV=1 and probably
ever so slightly speed things up for normal builds.
We currently just hard-code 128 as cacheline size as all CPUs that skiboot
currently boots on have 128 byte cachelines.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The behaviour of atoi/atol on glibc (and according to the spec) is
to assume base 10, not to autodetect the base.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
When autodetecting the base, the code would strip hex prefixes twice.
Now the string is not modified in the detection stage.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This increases coverage of atoi, atol, strtol and strtoul to 100%.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Gives better diagnostics in error logs/dumps
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Commit 16c80346 change included some reverts of previous commits, which
we need. This change reverts those reverts, leaving the original intent
of that change.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Was mentioned in linux as possibly being used by some external test
modules. It's harmless to make this official behaviour.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Fix the Makefile to clean up the coverage data files generated
through gcov.
Signed-off-by: Neelesh Gupta <neelegup@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Now it shows up as untested in lcov!
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Now it shows up as untested in lcov!
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This means that it shows up in lcov as untested.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Initial implementation and support for more libc test cases
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
While running HMI tests I saw a massive corruption in OPAL for one of the
HMI test that injects TB error. On investigation I found that
vsnprintf()->print_itoa() was the culprit. print_itoa function uses tmp
array of size 16 to convert unsigned long value to ASCII. But an unsigned
value of 0xffffffffffffffff needs atleast 25 characters to print its ASCII
representation. This caused an array to overflow resulting into corruption,
unpredictable behavior and finally system termination.
We could fix this by increasing the size of tmp[] array but that still won't
fix this bug completely. While auditing vsnprintf() function I found that
it makes use of print_*() functions to write data to buffer. But none of
the print_* function have any check on buffer size before writing data to it.
Without size check print_*() can easily overrun buffer passed by
vprlog()->vsnprintf()->print_format()->print_*() causing massive corruption
leading to unpredictable behavior.
This patch fixes this bug by modifying print_*() function to check for
buffer size to avoid buffer overrun.
- Modified print_format(), print_fill() and print_itoa() to take bufsize
as argument and added a size check while writing to buffer.
- Remove temporary array from print_itoa(), instead write data directly to
buffer.
- Added two new function print_str_fill() and print_str() to be used as
helper routine for '%s' fmt case in print_format() function. These new
routines now has a check on buffer size while copying NULL terminated
string to buffer.
- Added "!bufsize" check in vsnprintf() to avoid buffer overrun while
setting NULL character before returning.
I ran HMI tests with this patch successfully. I also tested this patch by
reducing size of the buffer (in core/console-log.c:vprlog()) from 320 to 50
and booted the lid successfully with no corruption at all.
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This way we get a true representation from the lcov coverage-report
about what firmware code we're testing (besides, test cases are always
going to only have 50% of branches hit - we're asserting the tests pass!)
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Can still get the details with V=1, just like normal make.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
