In order to test that U-Boot actually maintains the watchdog device(s)
during long-running busy-loops, such as those where we wait for the
user to stop autoboot, we need a watchdog device that actually does
something during those loops; we cannot test that behaviour via the DM
test framework.
So introduce a relatively simple watchdog device which is simply based
on calling the host OS' alarm() function; that has the nice property
that a new call to alarm() simply sets a new deadline, and alarm(0)
cancels any existing alarm. These properties are precisely what we
need to implement start/reset/stop. We install our own handler so that
we get a known message printed if and when the watchdog fires, and by
just invoking that handler directly, we get expire_now for free.
The actual calls to the various OS functions (alarm, signal, raise)
need to be done in os.c, and since the driver code cannot get access
to the values of SIGALRM or SIG_DFL (that would require including a
host header, and that's only os.c which can do that), we cannot simply
do trivial wrappers for signal() and raise(), but instead create
specialized functions just for use by this driver.
Apart from enabling this driver for sandbox{,64}_defconfig, also
enable the wdt command which was useful for hand-testing this new
driver (especially with running u-boot under strace).
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Provide a way to copy over the 'other' FDT when running tests. This loads
it and allocates memory for the copy, if not done already, then does the
copy.
Avoid using U-Boot's malloc() pool for these copies, at least for now,
since they are part of the test system.
Tidy up the cpu.c header files while here.
Signed-off-by: Simon Glass <sjg@chromium.org>
We need an 'other' FDT which is different from the control FDT, so we can
check that the ofnode tests correctly handle them both.
Add this to the build along with a way to read it into the sandbox state.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this implementation is specific to loading the test FDT. We
plan to load others, so create a generic function to handle this.
The path is now limited to 256 characters, to simplify the code.
When there is an empty argv[0] (which should not happen), the function now
just uses the path as is, with no prefix.
Signed-off-by: Simon Glass <sjg@chromium.org>
The following faulty behavior was observed. The sandbox configured with
CONFIG_SANDBOX_CRASH_RESET=y was invoked with
./u-boot -T -S
After executing `exception undefined' the sandbox reboots.
When executing `exception undefined' the sandbox exits with SIGSEGV.
The expected behavior is that the sandbox should reboot again.
If we are relaunching the sandbox in a signal handler, we have to unblock
the respective signal before calling execv(). See signal(7) man-page.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some tests can have race conditions which are hard to detect on a single
one. Add a way to run tests more than once, to help with this.
Each individual test is run the requested number of times before moving
to the next test. If any runs failed, a message is shown.
This is most useful when running a single test, since running all tests
multiple times can take a while.
Signed-off-by: Simon Glass <sjg@chromium.org>
U-Boot's printf() used before setting up U-Boot's serial driver does not
create any output. Use os_printf() for error messages related to loading
the device-tree.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Before setting up the devices U-Boot's printf() function cannot be used
for console output. Provide function os_printf() to print to stderr.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add an implementation of LLVMFuzzerTestOneInput() that starts the
sandbox on a secondary thread and exposes a function to synchronize the
generation of fuzzing inputs with their consumption by the sandbox.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move the program's entry point to os.c, in preparation for a separate
fuzzing entry point to be added.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename the sections used to implement linker lists so they begin with
'__u_boot_list' rather than '.u_boot_list'. The double underscore at the
start is still distinct from the single underscore used by the symbol
names.
Having a '.' in the section names conflicts with clang's ASAN
instrumentation which tries to add redzones between the linker list
elements, causing expected accesses to fail. However, clang doesn't try
to add redzones to user sections, which are names with all alphanumeric
and underscore characters.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename the sections used for defining sandbox command line options so
that they don't start with a '.'. ELF says that sections starting with a
'.' are reserved for system use, but the sandbox runs as a normal user
process so should be using user sections instead.
Clang's ASAN adds redzones to non-user sections and the extra padding
meant that the list of options was being corrupted. Naming the sections
as user sections avoids this issue as clang handles them as we intended.
Signed-off-by: Andrew Scull <ascull@google.com>
Rename the sections used for placing the EFI runtime so that they don't
start with a '.'. ELF says that sections starting with a '.' are
reserved for system use, but the sandbox runs as a normal user process
so should be using user sections instead.
Clang's ASAN adds redzones to non-user sections and the extra padding
meant that the list of options was being corrupted. Naming the sections
as user sections avoids this issue as clang handles them as we intended.
Signed-off-by: Andrew Scull <ascull@google.com>
With sandbox, U-Boot can be run without a device tree (i.e. no -d or -T
parameter). In this case an empty device tree is created for convenience.
With a recent change this causes an error due to the missing '/binman'
node.
Add this node to avoid the problem, as well as a test that U-Boot can
be run without a device tree.
Fixes: 059df5624b ("arch: Kconfig: imply BINMAN for SANDBOX")
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/11
Signed-off-by: Simon Glass <sjg@chromium.org>
Add an initial VPL build for sandbox. This includes the flow:
TPL (with of-platdata) -> VPL -> SPL -> U-Boot
To run it:
./tpl/u-boot-tpl -D
The -D is needed to get the default device tree, which includes the serial
console info.
Add a Makefile check for OF_HOSTFILE which is the option that enables
devicetree control on sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use this larger boundary to ensure that linker lists at least start on the
maximum possible alignment boundary. See also the CONFIG_LINKER_LIST_ALIGN
setting, but that is host-arch-specific, so it seems better to use the
largest value for every host architecture.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present fputc() is used before the console is available, then write()
is used. These are not compatible. Since fputc() buffers internally it is
better to use the write(), so that a partial line is immediately
displayed.
This has a slight effect on performance, but we are already using write()
for the vast majority of the output with no obvious impacts.
Signed-off-by: Simon Glass <sjg@chromium.org>
If state is not being written, but RAM is, we should still show a message,
so it is clear that this is happening.
Signed-off-by: Simon Glass <sjg@chromium.org>
This hook can be implmented using events, for the three boards that
actually use it.
Add the event type and event handlers. Drop CONFIG_MISC_INIT_F since we
can just use CONFIG_EVENT to control this. Since sandbox always enables
CONFIG_EVENT, we can drop the defconfig lines there too.
Signed-off-by: Simon Glass <sjg@chromium.org>
sdl.c is compiled against the SDL library.
Trying to redefine wchar_t with -fshort-wchar is not necessary
and leads to build failures when compiling against musl.
Cc: Milan P. Stanić <mps@arvanta.net>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The definition of struct udphdr in include netinet/udp.h in the
musl library differs from the definition in the glibc library.
To use the same definition with musl the symbol _GNU_SOURCE has
to be defined.
Reported-by: Milan P. Stanić <mps@arvanta.net>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Milan P. Stanić <mps@arvanta.net>
U-Boot define loff_t as long long. But the header
/usr/include/linux/types.h may not define it.
This has lead to a build error on Alpine Linux.
So let's use long long instead of loff_t for
the size parameter of function os_get_filesize().
Reported-by: Milan P. Stanić <mps@arvanta.net>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Milan P. Stanić <mps@arvanta.net>
Reviewed-by: Simon Glass <sjg@chromium.org>
When unit tests are run they currently create a new window. Update the
code so that the old one is removed first. This avoids the confusion as to
which one is active.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present sandbox only supports 16 and 32bpp depths, since those are the
easy ones with SDL.
We can support other depths by manually converting the pixel formats. Add
support for this, to enable an 8ppp (monochrome) format.
Signed-off-by: Simon Glass <sjg@chromium.org>
When compiled with -Og for better debugability u-boot ends up in a stack
overflow using
gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0
GNU Binutils for Ubuntu 2.37
putchar(ch) is defined as a macro which ends up calling U-Boot's putc()
implementation instead of the glibc one, which calls os_putc() ...
Let's use fputc(ch, stdout) instead as fputc() does not exist in U-Boot.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
efi_system_reset() should exit if called with EFI_RESET_SHUTDOWN.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
OF_HOSTFILE is used on sandbox configs only. Although it's pretty
unique and not causing any confusions, we are better of having simpler
config options for the DTB.
So let's replace that with the existing OF_BOARD. U-Boot would then
have only three config options for the DTB origin.
- OF_SEPARATE, build separately from U-Boot
- OF_BOARD, board specific way of providing the DTB
- OF_EMBED embedded in the u-boot binary(should not be used in production
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is useful to map a file into memory so that it can be accessed using
simple pointers. Add a function to support this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function to return the size of a file. This is useful in situations
where we need to allocate memory for it before reading it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
The autoboot tests are a recent addition to U-Boot, providing much-needed
coverage in this area.
A side effect of the keyed autoboot test is that this feature is enabled
in sandbox always. This changes the autoboot prompt and confuses the
pytests. Some tests become slower, for example the vboot tests take about
27s now instead of 3s.
We don't actually need this feature enabled to be able to run the tests.
Add a switch to allow sandbox to turn it on and off as needed. Use this
in the one test that needs it.
Add a command-line flag in case this is desired in normal use.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 25c8b9f298 ("test: add first autoboot unit tests")
Reviewed-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
The sandbox can handle signals. Due to a damaged global data pointer
additional exceptions in the signal handler may occur leading to an endless
loop. In this case leave the handling of the secondary exception to the
operating system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
SDL provides a hinting feature which provides a higher-quality image
with the double-display option (-K). Enable it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the display does not show on some machines, e.g. Ubunutu
20.04 but the reason is unknown. Add a work-around until this can be
determined.
Also include more error checking just in case.
Signed-off-by: Simon Glass <sjg@chromium.org>
The SPL header has a function for obtaining the phase in capital letters,
e.g. 'SPL'. Add one for lower-case also, as used by sandbox.
Use this to generalise the sandbox logic for determining the filename of
the next sandbox executable. This can provide support for VPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
In this case the value seems save to pass to os_free(). Add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 165109)
state_uninit() and dm_uninit() are mutually exclusive:
state_uninit() prints via drivers. So it cannot be executed after
dm_uninit().
dm_uninit() requires memory. So it cannot be executed after state_uninit()
which releases all memory.
Just skip dm_uninit() when resetting the sandbox. We will wake up in a new
process and allocate new memory. So this cleanup is not required. We don't
do it in sandbox_exit() either.
This avoids a segmentation error when efi_reset_system_boottime() is
invoked by a UEFI application.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Addresses in state->ram_buf must be in the low 4 GiB of the address space.
Otherwise we cannot correctly fill SMBIOS tables. This shows up in warnings
like:
WARNING: SMBIOS table_address overflow 7f752735e020
Ensure that state->ram_buf is initialized by the first invocation of
os_malloc().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present if sandbox crashes it prints a message and tries to exit. But
with the recently introduced signal handler, it often seems to get stuck
in a loop until the stack overflows:
Segmentation violation
Segmentation violation
Segmentation violation
Segmentation violation
Segmentation violation
Segmentation violation
Segmentation violation
...
The signal handler is only useful for a few tests, as I understand it.
Make it optional.
Signed-off-by: Simon Glass <sjg@chromium.org>
os_find_text_base() assumes that first line of /proc/self/maps holds
information about the text. Hence we must call the function before calling
os_malloc() which calls mmap(0x10000000,).
Failure to do so has led to incorrect values for pc_reloc when an
exception was reported
=> exception undefined
Illegal instruction
pc = 0x5628d82e9d3c, pc_reloc = 0x5628c82e9d3c
as well as incorrect output of the bdinfo command
=> bdinfo
relocaddr = 0x0000000007858000
reloc off = 0x0000000010000000
Fixes: b308d9fd18 ("sandbox: Avoid using malloc() for system state")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
In style of linked lists, instead of declaring symbols for boundaries
of getopt options array in the linker script, declare corresponding
sections and retrieve the boundaries via static inline functions.
Without this clang's LTO produces binary without any getopt options,
because for some reason it thinks that array is empty (start and end
symbols are at the same address).
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
On RISC-V the symbols __dyn_sym_start, dyn_sym_end are referenced in
efi_runtime_relocate().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is not possible to remove the state before driver model is uninited,
since the devices are allocated in the memory buffer. Also it is not
possible to uninit driver model afterwards, since the RAM has been
freed.
Drop the uninit altogether, since it is not actually necessary.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present sandbox removes its executable after failing to run it,
since there is no other way that it would get cleaned up.
However, this is actually only wanted if the image was created within
sandbox. For the case where the image was generated by the build system,
such as u-boot-spl, we don't want to delete it.
Handle the two code paths accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>