The btrfs read function limits the read length to ensure that it
and the read offset do not together exceed the size of the file.
However, this size was only being queried if the read length was
passed a value of zero (meaning "whole file"), and the size is
defaulted to 0 otherwise. This means the clamp will just zero out
the length if one is specified, preventing reading of the file.
Fix this by checking the file size unconditionally, and unifying
the default length and clamping logic as a single range check instead.
This bug was discovered when trying to boot Linux with initrd= via
'bootefi' from a btrfs partition. The EFI stub entered an infinite
loop of zero-length reads while trying to read the initrd, and the
boot process stalled indefinitely.
Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Currently BCB C API only allows to modify 'command' BCB field.
Extend it so that we can also read and modify all the available
BCB fields (command, status, recovery, stage).
Co-developed-by: Cody Schuffelen <schuffelen@google.com>
Signed-off-by: Cody Schuffelen <schuffelen@google.com>
Signed-off-by: Dmitrii Merkurev <dimorinny@google.com>
Cc: Eugeniu Rosca <erosca@de.adit-jv.com>
Cc: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Cc: Sean Anderson <sean.anderson@seco.com>
Cc: Cody Schuffelen <schuffelen@google.com>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> # on vim3
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Currently BCB command-line, C APIs and implementation only
support MMC interface. Extend it to allow various block
device interfaces.
Signed-off-by: Dmitrii Merkurev <dimorinny@google.com>
Cc: Eugeniu Rosca <erosca@de.adit-jv.com>
Cc: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Cc: Sean Anderson <sean.anderson@seco.com>
Cc: Cody Schuffelen <schuffelen@google.com>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> # on vim3
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Adjust mem layout, providing more space for linux kernel image.
This fixes the problem:
ERROR: FDT image overlaps OS image (OS=0x30000000..0x32580000)
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Set CONFIG_NET_RANDOM_ETHADDR=y, which sets random eth address in
case there is no configuration provided neither in CONFIG_ETHADDR
nor in "ethaddr" env variable.
This fixes the problem:
poplar# dhcp
Error: ethernet@9841000 address not set.
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Now that we have time conversion defines from in time.h there is no need
for each driver to define their own version.
Signed-off-by: Igor Prusov <ivprusov@salutedevices.com>
Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com> # tegra
Reviewed-by: Eugen Hristev <eugen.hristev@collabora.com> #at91
Reviewed-by: Caleb Connolly <caleb.connolly@linaro.org> #qcom geni
Reviewed-by: Stefan Bosch <stefan_b@posteo.net> #nanopi2
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Currently there are no defines for time conversion in time.h, which
leads to drivers declaring those locally or not using defines at all, so
add them from Linux.
Signed-off-by: Igor Prusov <ivprusov@salutedevices.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The description of the sysreset request method in <sysreset.h> says that
the return value should be -EPROTONOSUPPORT if the requested reset type
is not supported by this device.
Signed-off-by: Paul Barker <paul.barker.ct@bp.renesas.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The structure is identical to the existing compressor implementations,
trivially adding lz4 decompression to sqfs_decompress.
The changes were tested using a sandbox build. An LZ4 compressed
squashfs image was bound as a host block device.
Signed-off-by: David Oberhollenzer <goliath@infraroot.at>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
This patch removes a number of struct and macro declaration that
were found through `git-grep` to be unused. Most of those are
related to compressor options and super block flags.
For reading a SquashFS image, we do not need the compressor options
or the flags. Those only encode settings used for packing the image,
mksquashfs uses them when appending data to an existing image. The
kernel implementation does not touch those, and we don't need them
either.
Signed-off-by: David Oberhollenzer <goliath@infraroot.at>
env_get can return NULL if it fails to find the variable. Check its result
before using it.
Fixes: 6d9764c2a8 ("dm: test: Add a new test case against dm eth codes for NULL pointer access")
Fixes: df33fd2889 ("test: eth: Add test for ethernet addresses")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
To quote the author:
This series adds support for loading all image types (Legacy (with and without
LZMA), FIT (with and without LOAD_FIT_FULL), and i.MX) to the MMC, SPI, NOR,
NET, FAT, EXT, NVMe, and semihosting load methods. It does this by introducing a
helper function which handles the minutiae of invoking the proper parsing
function, and reading the rest of the image.
Hopefully, this will make it easier for load methods to support all image types
that U-Boot supports, without having undocumented unsupported image types. I
applied this to several loaders which were invoking spl_load_simple_fit and/or
spl_parse_image_header, but I did not use it with others (e.g. DFU/RAM) which
had complications in the mix.
This series is organized roughly into two parts. Patches up to "spl: Add generic
spl_load function" are all setup or size-reduction oriented. Later patches
generally convert various load functions to spl_load.
bloat-o-meter results (for CONFIG_SPL only) at [1]. Size growth has been the
bigegst challenge to preparing this series. I have used every trick I can think
of to reduce bloat. Some SAMA boards no longer fit, but I have a plan to fix
them [2].
This is bar far the largest and most-difficult revision of this series to-date.
There are probably still things which can reduce the size, but I have been
working on this series for the better part of two months and I think it is a
good idea to get some feedback. Because of the SAMA bloat, this series will not
pass CI, so I expect to do a v7 before this is ready to apply. Feel free,
however, to apply patches in the first half (especially the fixes).
This version of the series is better-tested than ever before, thanks to some new
unit tests. However, things like the i.MX ROMAPI are untested. NAND should also
be tested more-widely, for reasons listed in the commit message. I encourage you
try this series out on your favorite board.
[1] https://gist.github.com/Forty-Bot/5bfe88676dd3c2aec6ebc23abb08e06f
This includes some changes to am335x_evm_spiboot and am65x_evm_r5_usbdfu
which have since been undone. This was ran for v6.
[2] https://lore.kernel.org/u-boot/20231105022742.632175-1-seanga2@gmail.com/
If we don't DMA-align buffers we pass to FAT, it will align them itself.
This behaviour likely should be deprecated in favor of
CONFIG_BOUNCE_BUFFER, but that's a task for another series. For the
meantime, don't bother aligning the buffer unless we had been doing so in
the past.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
spi_load_image_os performs almost the same steps as the non-falcon-boot
path of spl_spi_load_image. The load address is different, and it also
loads a device tree, but that's it. Refactor the boot process so that
they can both use the same load function.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the spi load method to use spl_load. The address used for
LOAD_FIT_FULL may be different, but there are no in-tree users of that
config. Since payload_offs is only used without OS_BOOT, we defer its
initialization.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the semihosting load method to use spl_load. As a result, it
also adds support for LOAD_FIT_FULL and IMX images.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
This converts the blk load method (used exclusively by NVMe) to use
spl_load. As a consequence, it also adds support for LOAD_FIT_FULL and
IMX images.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the nor load method to use spl_load. As a result it also
adds support for LOAD_FIT_FULL. Since this is the last caller of
spl_load_legacy_img, it has been removed.
We can't load FITs with external data with SPL_LOAD_FIT_FULL, so disable the
test in that case. No boards enable SPL_NOR_SUPPORT and SPL_LOAD_FIT_FULL, so
this is not a regression.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the net load method to use spl_load. As a result, it also
adds support for LOAD_FIT_FULL and IMX images.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the nand load method to use spl_load. nand_page_size may not
be valid until after nand_spl_load_image is called (see e.g. fsl_ifc_spl),
so we set bl_len in spl_nand_read. Since spl_load reads the header for us,
we can remove that argument from spl_nand_load_element.
There are two possible regressions which could result from this commit.
First, we ask for a negative address from spl_get_load_buffer. That is,
instead of
header = spl_get_load_buffer(0, sizeof(*header));
we do
header = spl_get_load_buffer(-sizeof(*header), sizeof(*header));
this could cause a problem if spl_get_load_buffer does not return valid
memory for negative offsets. Second, we now set bl_len for legacy images.
This can cause memory up to a bl_len - 1 before the image load address to
be written, which might not have been the case before. If this turns out to
be a problem, we can add an option for a bounce buffer.
We can't load FITs with external data with SPL_LOAD_FIT_FULL, so disable the
test in that case. No boards enable SPL_NAND_SUPPORT and SPL_LOAD_FIT_FULL, so
this is not a regression.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the mmc loader to spl_load. Legacy images are handled by
spl_load (via spl_parse_image_header), so mmc_load_legacy can be
omitted. To accurately determine whether mmc_load_image_raw_sector is used
(which might not be the case if SYS_MMCSD_FS_BOOT is enabled), we introduce
a helper config SYS_MMCSD_RAW_MODE. This ensures we can inline spl_load
correctly when a board only boots from filesystems. We still need to check
for SPL_MMC, since some boards enable configure raw mode even without MMC
support.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the fat loader to use spl_load. Some platforms are very
tight on space, so we take care to only include the code we really need.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This converts the ext load method to use spl_load. As a consequence, it
also adds support for FIT and IMX images.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Implementers of SPL_LOAD_IMAGE_METHOD have to correctly determine what
type of image is being loaded and then call the appropriate image load
function correctly. This is tricky, because some image load functions
expect the whole image to already be loaded (CONFIG_SPL_LOAD_FIT_FULL),
some will load the image automatically using spl_load_info.read()
(CONFIG_SPL_LOAD_FIT/CONFIG_SPL_LOAD_IMX_CONTAINER), and some just parse
the header and expect the caller to do the actual loading afterwards
(legacy/raw images). Load methods often only support a subset of the
above methods, meaning that not all image types can be used with all
load methods. Further, the code to invoke these functions is
duplicated between different load functions.
To address this problem, this commit introduces a "spl_load" function.
It aims to handle image detection and correct invocation of each of the
parse/load functions.
Although this function generally results in a size reduction with
several users, it tends to bloat boards with only a single user.
This is generally because programmers open-coding the contents of this
function can make optimizations based on the specific loader. For
example, NOR flash is memory-mapped, so it never bothers calling
load->read. The compiler can't really make these optimizations across
translation units. LTO solves this, but it is only available on some
arches. To address this, perform "pseudo-LTO" by inlining spl_load when
there are one or fewer users. At the moment, there are no users, so
define SPL_LOAD_USERS to be 0.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
These will soon be supported, so we need to be able to test it. Export the
lzma data and generally use the same process in spl_test_mmc_fs as
do_spl_test_load. If we end up needing this in third place in the future,
it would probably be good to refactor things out.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
To allow for easier reuse of this functionality, split it off into its
own function.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that spl_nand_fit_read works in units of bytes, it can be combined with
spl_nand_legacy_read. Rename the resulting function spl_nand_read, since it
is no longer FIT-specific.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Aligning addresses and sizes causes overhead which is unnecessary when we
are not loading from block devices. Remove bl_len when it is not needed.
For example, on iot2050 we save 144 bytes with this patch (once the rest of
this series is applied):
add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-144 (-144)
Function old new delta
spl_load_simple_fit 920 904 -16
load_simple_fit 496 444 -52
spl_spi_load_image 384 308 -76
Total: Before=87431, After=87287, chg -0.16%
We use panic() instead of BUILD_BUG_ON in spl_set_bl_len because we still
need to be able to compile it for things like mmc_load_image_raw_sector,
even if that function will not be used.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
For filesystems, filename serves the same purpose as priv. However,
spl_load_fit_image also uses it to determine whether to use a DMA-aligned
buffer. This is beneficial for FAT, which uses a bounce-buffer if the
destination is not DMA-aligned. However, this is unnecessary now that
filesystems set bl_len to ARCH_DMA_MINALIGN instead. With this done, we can
remove filename entirely.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Instead of relying on the presence of filename to determine whether we are
dealing with a FAT filesystem (and should DMA-align the buffer), have FAT set
bl_len to ARCH_DMA_MINALIGN instead. With this done, we can remove the
special-case logic checking for the presence of filename.
Because filesystems are not block-based, we may read less than the size passed
to spl_load_info.read. This can happen if the file size is not DMA-aligned. This
is fine as long as we read the amount we originally wanted to. Modify the
conditions for callers of spl_load_info.read to check against the original,
unaligned size to avoid failing spuriously.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Simplify things a bit for callers of spl_load_info->read by refactoring it
to use units of bytes instead of bl_len. This generally simplifies the
logic, as MMC is the only loader which actually works in sectors. It will
also allow further refactoring to remove the special-case handling of
filename. spl_load_legacy_img already works in units of bytes (oops) so it
doesn't need to be changed.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
bl_len must be a power of two, so we can use ALIGN instead of roundup and
similar tricks to avoid divisions.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
To quote the author:
This series tests raw nand flash in sandbox and fixes various bugs discovered in
the process. I've tried to do things in a contemporary manner, avoiding the
(numerous) variations present on only a few boards. The test is pretty minimal.
Future work could test the rest of the nand API as well as the MTD API.
Bloat (for v1) at [1] (for boards with SPL_NAND_SUPPORT enabled). Almost
everything grows by a few bytes due to nand_page_size. A few boards grow more,
mostly those using nand_spl_loaders.c. CI at [2].
[1] https://gist.github.com/Forty-Bot/9694f3401893c9e706ccc374922de6c2
[2] https://source.denx.de/u-boot/custodians/u-boot-clk/-/pipelines/18443
dev and priv serve the same purpose, and are never set at the same time.
Remove dev and convert all users to priv. While we're at it, reorder bl_len
to be last for better alignment.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove NULL assignments to fields in spl_load_info when .load doesn't
reference these fields. This can result in more efficient code. filename
must stay even if it is unused, since load_simple_fit uses it.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
On real hardware, semihosting calls tend to have a large constant
overhead (on the order of tens of milliseconds). Reduce the number of
calls by one by reusing the existing fd in smh_fit_read, and closing it
at the end of spl_smh_load_image.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The purpose of SHOW_ERRORS is to print extra information. Make it depend
on LIBCOMMON to avoid having to check for two configs.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Several boards enable SPL_FS_FAT and SPL_LIBDISK_SUPPORT when they can't be
used (as there is no block device support enabled). Disable these configs.
The list of boards was generated with the following command:
$ tools/qconfig.py -f SPL SPL_FS_FAT ~SPL_MMC ~SPL_BLK_FS ~SPL_SATA \
~SPL_USB_STORAGE ~ENV_IS_IN_FAT ~EFI
LIBDISK was left enabled for the am* boards, since it seems to result in
actual size reduction, indicating that partitions are being used for
something.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Michal Simek <michal.simek@amd.com>
Initialize ret to avoid returning garbage if blk_get_devnum_by_uclass_id
fails.
Fixes: 8ce6a2e175 ("spl: blk: Support loading images from fs")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Several AT91 boards are quite close to their SPL size limit. For example,
sama5d27_wlsom1_ek_mmc is just 173 bytes short of its limit and doesn't
even fit with older GCCs.
All AT91 processors should have thumb support. Enable SYS_THUMB_BUILD. This
shrinks SPL by around 30%.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Add a SPL test for the NAND load method. We use some different functions to
do the writing from the main test since things like nand_write_skip_bad
aren't available in SPL.
We disable BBT scanning, since scan_bbt is only populated when not in SPL.
We use nand_spl_loaders.c as it seems to be common to at least a few boards
already. However, we do not use nand_spl_simple.c because it would require
us to implement cmd_ctrl. The various nand load functions are adapted from
omap_gpmc. However, they have been modified for simplicity/correctness.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Add a sandbox NAND flash driver to facilitate testing. This driver supports
any number of devices, each using a single chip-select. The OOB data is
stored in-band, with the separation enforced through the API.
For now, create two devices to test with. The first is a very small device
with basic ECC. The second is an 8G device (chosen to be larger than 32
bits). It uses ONFI, with the values copied from the datasheet. It also
doesn't need too strong ECC, which speeds things up.
Although the nand subsystem determines the parameters of a chip based on
the ID, the driver itself requires devicetree properties for each
parameter. We do not derive parameters from the ID because parsing the ID
is non-trivial. We do not just use the parameters that the nand subsystem
has calculated since that is something we should be testing. An exception
is made for the ECC layout, since that is difficult to encode in the device
tree and is not a property of the device itself.
Despite using file I/O to access the backing data, we do not support using
external files. In my experience, these are unnecessary for testing since
tests can generally be written to write their expected data beforehand.
Additionally, we would need to store the "programmed" information somewhere
(complicating the format and the programming process) or try to detect
whether block are erased at runtime (degrading probe speeds).
Information about whether each page has been programmed is stored in an
in-memory buffer. To simplify the implementation, we only support a single
program per erase. While this is accurate for many larger flashes, some
smaller flashes (512 byte) support multiple programs and/or subpage
programs. Support for this could be added later as I believe some
filesystems expect this.
To test ECC, we support error-injection. Surprisingly, only ECC bytes in
the OOB area are protected, even though all bytes are equally susceptible
to error. Because of this, we take care to only corrupt ECC bytes.
Similarly, because ECC covers "steps" and not the whole page, we must take
care to corrupt data in the same way.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
When working with sparse data buffers that may be larger than the address
space, it is convenient to work with files instead. Add a function to create
temporary files of a certain size.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
NAND devices are destroyed in between unit tests. Provide a function to
reinitialize the subsystem at the beginning of each test.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
This performs the opposite of nand_register, allowing drivers to unregister
nand devices. This is probably unnecessary for most regular drivers, but we
expect sandbox drivers to get repeatedly bound/unbound, so this will help
avoid dangling pointers.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>