Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This patch provides an increased timeout (60ms -> 1s) for SPI
HW-sequencing flash erase operations. Without that the erase for MRC
cache writing on siemens/mc_bdx1 sometimes goes wrong because the
timeout stops waiting for flash cycle completion. It was found
during continuous integration. Investigation showed that the used flash
type takes sporadic (e.g. 5% of the test cycles) more time for completion
of erasing operation if the ambient temperature increases. The measured
time values are in range of data sheet of SPI flash. 60ms is a typical
value. So increasing the value is necessary.
tested on siemens/bdx1; measured time values with increased ambient
temperature of flash were always smaller than worst case value of 1s.
Change-Id: Id50636f9ed834ffd7810946798b300e58b2c14d2
Signed-off-by: Uwe Poeche <uwe.poeche@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34173
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Like the line above it, this should be & instead of | (otherwise it will
always incorrectly return true). spi_locked() is only used internally to
decide which opcodes will be used to talk to the flash, and if it is
falsely reported as locked, the worst case should be a denial of service
(unless there are more bugs).
Change-Id: I5208b523c815d15d7263594f06ccfacd8a9510b1
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1402092
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33963
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The SPI swseq controller can be locked in other parts of the code, for
instance when it's locked down in the finalize section. The driver
has to be made aware of that. The simpler solution is to not keep
track of the state and simply read out the lock bit on each SPI
transfer.
Change-Id: Ifcd5121b89d6f80fc1c1368786982d0d9fa1bf61
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33388
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Some SPI controllers support both READ and WRITE protection
add a variable to the protect API for the callers to specify
the kind of protection they want (Read/Write/Both).
Also, update the callers and protect API implementation.
BUG=None
BRANCH=None
TEST=test that the mrc cache is protected as expected on soraka.
Also tried if the read protection is applied correctly.
Change-Id: I093884c4768b08a378f21242ac82e430ac013d15
Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-on: https://review.coreboot.org/c/30559
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Its spreading copies got out of sync. And as it is not a standard header
but used in commonlib code, it belongs into commonlib. While we are at
it, always include it via GCC's `-include` switch.
Some Windows and BSD quirk handling went into the util copies. We always
guard from redefinitions now to prevent further issues.
Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/28927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Based on Nicola Corna's work.
This allows for CONFIG_CONSOLE_SPI_FLASH to be used, which writes the
console output to the SPI flash.
TESTED to still work in ramstage on x220 (correctly writes MRC CACHE),
the option CONFIG_CONSOLE_SPI_FLASH compiles for targets using the
common Intel SPI code (untested though).
Change-Id: I4671653c0b07ab5c4bf91128f18f142ce4f893cf
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/25414
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Could be useful to write protect regions like for instance the
MRC_CACHE region.
Tested on Intel DG41WV (i82801gx) and Lenovo Thinkpad X220 (bd82x6x)
to write protect the mrc_cache region.
Change-Id: Id0a9a0de639c5d6761a77a56ceba6d89110a4ea1
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/23146
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Julius brought up confusion about the current spi api in [1]. In order
alleviate the confusion stemming from supporting x86 spi flash
controllers:
- Remove spi_xfer_two_vectors() which was fusing transactions to
accomodate the limitations of the spi controllers themselves.
- Add spi_flash_vector_helper() for the x86 spi flash controllers to
utilize in validating driver/controller current assumptions.
- Remove the xfer() callback in the x86 spi flash drivers which
will trigger an error as these controllers can't support the api.
[1] https://mail.coreboot.org/pipermail/coreboot/2018-April/086561.html
Change-Id: Id88adc6ad5234c29a739d43521c5f344bb7d3217
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/25745
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Define a new spi_flash_ops structure, move all spi flash operations to
this structure and add a pointer to this structure in struct spi_flash.
BUG=b:38330715
Change-Id: I550cc4556fc4b63ebc174a7e2fde42251fe56052
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19757
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
1. Rename __spi_flash_probe to spi_flash_generic_probe and export it
so that drivers can use it outside spi_flash.c.
2. Make southbridge intel spi driver use spi_flash_generic_probe if
spi_is_multichip returns 0.
3. Add spi_flash_probe to spi_ctrlr structure to allow platforms to
provide specialized probe functions. With this change, the specialized
spi flash probe functions are now associated with a particular spi
ctrlr structure and no longer disconnected from the spi controller.
BUG=b:38330715
Change-Id: I35f3bd8ddc5e71515df3ef0c1c4b1a68ee56bf4b
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19708
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Pointer to spi_slave structure can be passed in as const to spi flash
probe functions since the probe functions do not need to modify the
slave properties.
BUG=b:38330715
Change-Id: I956ee777c62dbb811fd6ce2aeb6ae090e1892acd
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19707
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Instead of making all SPI drivers allocate space for a spi_flash
structure and fill it in, udpate the API to allow callers to pass in a
spi_flash structure that can be filled by the flash drivers as
required. This also cleans up the interface so that the callers can
maintain and free the space for spi_flash structure as required.
BUG=b:38330715
Change-Id: If6f1b403731466525c4690777d9b32ce778eb563
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19705
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
spi_crop_chunk is a property of the SPI controller since it depends
upon the maximum transfer size that is supported by the
controller. Also, it is possible to implement this within spi-generic
layer by obtaining following parameters from the controller:
1. max_xfer_size: Maximum transfer size supported by the controller
(Size of 0 indicates invalid size, and unlimited transfer size is
indicated by UINT32_MAX.)
2. deduct_cmd_len: Whether cmd_len needs to be deducted from the
max_xfer_size to determine max data size that can be
transferred. (This is used by the amd boards.)
Change-Id: I81c199413f879c664682088e93bfa3f91c6a46e5
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19386
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Tested-by: coreboot org <coreboot.org@gmail.com>
SPI_ATOMIC_SEQUENCING was added to accomodate spi flash controllers with
the ability to perform tx and rx of flash command and response at the
same time. Instead of introducing this notion at SPI flash driver layer,
clean up the interface to SPI used by flash.
Flash uses a command-response kind of communication. Thus, even though
SPI is duplex, flash command needs to be sent out on SPI bus and then
flash response should be received on the bus. Some specialized x86
flash controllers are capable of handling command and response in a
single transaction.
In order to support all the varied cases:
1. Add spi_xfer_vector that takes as input a vector of SPI operations
and calls back into SPI controller driver to process these operations.
2. In order to accomodate flash command-response model, use two vectors
while calling into spi_xfer_vector -- one with dout set to
non-NULL(command) and other with din set to non-NULL(response).
3. For specialized SPI flash controllers combine two successive vectors
if the transactions look like a command-response pair.
4. Provide helper functions for common cases like supporting only 2
vectors at a time, supporting n vectors at a time, default vector
operation to cycle through all SPI op vectors one by one.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully
Change-Id: I4c9e78c585ad95c40c0d5af078ff8251da286236
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17681
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
MMCONF was explicitly used here to avoid races of 0xcf8/0xcfc access
being non-atomic and/or need to access 4kiB of PCI config space.
All these platforms now have MMCONF_SUPPORT_DEFAULT.
Change-Id: If62537475eb67b7ecf85f2292a2a954a41bc18d1
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/17545
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Commit 36b81af (spi: Pass pointer to spi_slave structure in
spi_setup_slave) changes the way spi_setup_slave handles the spi_slave
structure. Instead of expecting spi controller drivers to maintain
spi_slave structure in CAR_GLOBAL/data section, caller is expected to
manage the spi_slave structure. This requires that spi_flash drivers
maintain spi_slave structure and flash probe function needs to make a
copy of the passed in spi_slave structure.
This change fixes the regression on Lenovo X230 and other mainboards.
Change-Id: I0ad971eecaf3bfe301e9f95badc043193cc27cab
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17728
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Iru Cai <mytbk920423@gmail.com>
1. Define a new structure spi_ctrlr that allows platforms to define
callbacks for spi operations (claim bus, release bus, transfer).
2. Add a new member (pointer to spi_ctrlr structure) in spi_slave
structure which will be initialized by call to spi_setup_slave.
3. Define spi_claim_bus, spi_release_bus and spi_xfer in spi-generic.c
which will make appropriate calls to ctrlr functions.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully
Change-Id: Icb2326e3aab1e8f4bef53f553f82b3836358c55e
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17684
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
For spi_setup_slave, instead of making the platform driver return a
pointer to spi_slave structure, pass in a structure pointer that can be
filled in by the driver as required. This removes the need for platform
drivers to maintain a slave structure in data/CAR section.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully
Change-Id: Ia15a4f88ef4dcfdf616bb1c22261e7cb642a7573
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17683
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
1. Use size_t instead of unsigned int for bytes_out and bytes_in.
2. Use const attribute for spi_slave structure passed into xfer, claim
bus and release bus functions.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully
Change-Id: Ie70b3520b51c42d750f907892545510c6058f85a
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17682
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
flash_programmer_probe is a property of the spi flash driver and does
not belong in the spi_slave structure. Thus, make
spi_flash_programmer_probe a callback from the spi_flash_probe
function. Logic still remains the same as before (order matters):
1. Try spi_flash_programmer_probe without force option
2. Try generic flash probing
3. Try spi_flash_programmer_probe with force option
If none of the above steps work, fail probing. Flash controller is
expected to honor force option to decide whether to perform specialized
probing or to defer to generic probing.
BUG=None
BRANCH=None
TEST=Compiles successfully
Change-Id: I4163593eea034fa044ec2216e56d0ea3fbc86c7d
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17465
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
RW flag was added to spi_slave structure to get around a requirement on
some AMD flash controllers that need to group together all spi volatile
operations (write/erase). This rw flag is not a property or attribute of
the SPI slave or controller. Thus, instead of saving it in spi_slave
structure, clean up the SPI flash driver interface. This allows
chipsets/mainboards (that require volatile operations to be grouped) to
indicate beginning and end of such grouped operations.
New user APIs are added to allow users to perform probe, read, write,
erase, volatile group begin and end operations. Callbacks defined in
spi_flash structure are expected to be used only by the SPI flash
driver. Any chipset that requires grouping of volatile operations can
select the newly added Kconfig option SPI_FLASH_HAS_VOLATILE_GROUP and
define callbacks for chipset_volatile_group_{begin,end}.
spi_claim_bus/spi_release_bus calls have been removed from the SPI flash
chip drivers which end up calling do_spi_flash_cmd since it already has
required calls for claiming and releasing SPI bus before performing a
read/write operation.
BUG=None
BRANCH=None
TEST=Compiles successfully.
Change-Id: Idfc052e82ec15b6c9fa874cee7a61bd06e923fbf
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17462
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
It encourages users from writing to the FSF without giving an address.
Linux also prefers to drop that and their checkpatch.pl (that we
imported) looks out for that.
This is the result of util/scripts/no-fsf-addresses.sh with no further
editing.
Change-Id: Ie96faea295fe001911d77dbc51e9a6789558fbd6
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/11888
Tested-by: build bot (Jenkins)
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
The BOOT_STATE_INIT_ENTRY macro can only be used in ramstage, however
the current state of the header meant bad build errors in non-ramstage.
Therefore, people had to #ifdef in the source. Remove that requirement.
Change-Id: I8755fc68bbaca6b72fbe8b4db4bcc1ccb35622bd
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11492
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
As per discussion with lawyers[tm], it's not a good idea to
shorten the license header too much - not for legal reasons
but because there are tools that look for them, and giving
them a standard pattern simplifies things.
However, we got confirmation that we don't have to update
every file ever added to coreboot whenever the FSF gets a
new lease, but can drop the address instead.
util/kconfig is excluded because that's imported code that
we may want to synchronize every now and then.
$ find * -type f -exec sed -i "s:Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *MA[, ]*02110-1301[, ]*USA:Foundation, Inc.:" {} +
$ find * -type f -exec sed -i "s:Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA:Foundation, Inc.:" {} +
$ find * -type f -exec sed -i "s:Foundation, Inc., 59 Temple Place[-, ]*Suite 330, Boston, MA *02111-1307[, ]*USA:Foundation, Inc.:" {} +
$ find * -type f -exec sed -i "s:Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.:Foundation, Inc.:" {} +
$ find * -type f
-a \! -name \*.patch \
-a \! -name \*_shipped \
-a \! -name LICENSE_GPL \
-a \! -name LGPL.txt \
-a \! -name COPYING \
-a \! -name DISCLAIMER \
-exec sed -i "/Foundation, Inc./ N;s:Foundation, Inc.* USA\.* *:Foundation, Inc. :;s:Foundation, Inc. $:Foundation, Inc.:" {} +
Change-Id: Icc968a5a5f3a5df8d32b940f9cdb35350654bef9
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/9233
Tested-by: build bot (Jenkins)
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
The GCC 4.9.2 update showed that the boot_state_init_entry
structures were being padded and assumed to be aligned in to an
increased size. The bootstate scheduler for static entries,
boot_state_schedule_static_entries(), was then calculating the
wrong values within the array. To fix this just use a pointer to
the boot_state_init_entry structure that needs to be scheduled.
In addition to the previous issue noted above, the .bs_init
section was sitting in the read only portion of the image while
the fields within it need to be writable. Also, the
boot_state_schedule_static_entries() was using symbol comparison
to terminate a loop which in C can lead the compiler to always
evaluate the loop at least once since the language spec indicates
no 2 symbols can be the same value.
Change-Id: I6dc5331c2979d508dde3cd5c3332903d40d8048b
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/8699
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
