From 2827c2f07d6a5c498262cee7fe78aacfbf44f174 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pali=20Roh=C3=A1r?= Date: Sun, 10 Jul 2022 13:42:55 +0200 Subject: [PATCH 1/9] Fix usage of CONFIG_PREBOOT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Due to usage of PREBOOT in Kconfig, macro CONFIG_PREBOOT is always defined when CONFIG_USE_PREBOOT is enabled. In case CONFIG_PREBOOT is not explicitly enabled it is set to empty C string and therefore '#ifdef CONFIG_PREBOOT' guard does not work. Fix this issue by introducing a new Kconfig symbol PREBOOT_DEFINED which cause to define new C macro CONFIG_PREBOOT_DEFINED only when CONFIG_PREBOOT is really defined. Change usage of '#ifdef CONFIG_PREBOOT' by '#ifdef CONFIG_USE_PREBOOT' for code which checks if preboot code would be called and by '#ifdef CONFIG_PREBOOT_DEFINED' for defining preboot code. Signed-off-by: Pali Rohár --- board/boundary/nitrogen6x/nitrogen6x.c | 4 ++-- boot/Kconfig | 4 ++++ include/env_default.h | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/board/boundary/nitrogen6x/nitrogen6x.c b/board/boundary/nitrogen6x/nitrogen6x.c index 83bb445d48..382c01ddf4 100644 --- a/board/boundary/nitrogen6x/nitrogen6x.c +++ b/board/boundary/nitrogen6x/nitrogen6x.c @@ -929,7 +929,7 @@ U_BOOT_CMD( "Returns 0 (true) to shell if key is pressed." ); -#ifdef CONFIG_PREBOOT +#ifdef CONFIG_USE_PREBOOT static char const kbd_magic_prefix[] = "key_magic"; static char const kbd_command_prefix[] = "key_cmd"; @@ -989,7 +989,7 @@ int misc_init_r(void) gpio_request(IMX_GPIO_NR(2, 3), "search"); gpio_request(IMX_GPIO_NR(7, 13), "volup"); gpio_request(IMX_GPIO_NR(4, 5), "voldown"); -#ifdef CONFIG_PREBOOT +#ifdef CONFIG_USE_PREBOOT preboot_keys(); #endif diff --git a/boot/Kconfig b/boot/Kconfig index d5c582ebe8..4a001bcee8 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -1492,6 +1492,10 @@ config PREBOOT help This is the default of "preboot" environment variable. +config PREBOOT_DEFINED + bool + default y if PREBOOT != "" + config DEFAULT_FDT_FILE string "Default fdt file" help diff --git a/include/env_default.h b/include/env_default.h index 4e461c815a..7c9c00a969 100644 --- a/include/env_default.h +++ b/include/env_default.h @@ -62,7 +62,7 @@ const char default_environment[] = { #ifdef CONFIG_SYS_DISABLE_AUTOLOAD "autoload=0\0" #endif -#ifdef CONFIG_PREBOOT +#ifdef CONFIG_PREBOOT_DEFINED "preboot=" CONFIG_PREBOOT "\0" #endif #ifdef CONFIG_ROOTPATH From 04bb5e95bed2ffd9e788a76b9f6ae52de58bc6b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pali=20Roh=C3=A1r?= Date: Sun, 20 Nov 2022 17:56:26 +0100 Subject: [PATCH 2/9] arm32: Fix relocation of env_addr if POSITION_INDEPENDENT=y MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply commit 534f0fbd6520 ("arm64: Fix relocation of env_addr if POSITION_INDEPENDENT=y") also for 32-bit ARM. This change fixes crashing of U-Boot on ARMv7 (Omap3 / Cortex-A8) Nokia N900 phone (real HW). Note that qemu emulator of this board with same u-boot.bin binary has not triggered this crash. Crash happened after U-Boot printed following debug lines to serial console: initcall: 0001ea8c (relocated to 8fe0aa8c) Loading Environment from ... Using default environment Destroy Hash Table: 8fe25a98 table = 00000000 Create Hash Table: N=387 Signed-off-by: Pali Rohár --- arch/arm/lib/crt0.S | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm/lib/crt0.S b/arch/arm/lib/crt0.S index 6d566dca5c..a0311438b4 100644 --- a/arch/arm/lib/crt0.S +++ b/arch/arm/lib/crt0.S @@ -147,6 +147,11 @@ ENTRY(_main) ldr r1, =CONFIG_TEXT_BASE sub r1, r0 add lr, r1 +#if defined(CONFIG_SYS_RELOC_GD_ENV_ADDR) + ldr r0, [r9, #GD_ENV_ADDR] /* r0 = gd->env_addr */ + add r0, r0, r1 + str r0, [r9, #GD_ENV_ADDR] +#endif #endif ldr r0, [r9, #GD_RELOC_OFF] /* r0 = gd->reloc_off */ add lr, lr, r0 From 9c2d4057e1d0df8a14aa920d29dafdd4fe0115fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pali=20Roh=C3=A1r?= Date: Sun, 20 Nov 2022 17:56:27 +0100 Subject: [PATCH 3/9] Nokia RX-51: Document debugging options and compile command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add example command how to compile U-Boot and add new documentation section describing how to enable early debug UART and verbose log output for N900. Signed-off-by: Pali Rohár --- doc/board/nokia/rx51.rst | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/doc/board/nokia/rx51.rst b/doc/board/nokia/rx51.rst index 7c6647bce2..93502e2dfc 100644 --- a/doc/board/nokia/rx51.rst +++ b/doc/board/nokia/rx51.rst @@ -9,6 +9,10 @@ on a real N900. It does very little hardware configuration because NOLO has already configured the board. It is only needed to enable the internal eMMC memory via the twl4030 regulator which is not enabled by NOLO. +.. code-block:: bash + + make CROSS_COMPILE=arm-linux-gnueabi- nokia_rx51_defconfig u-boot.bin + NOLO is expecting a kernel image and will treat any image it finds in OneNAND as such. This u-boot is intended to be flashed to the N900 like a kernel. In order to transparently boot the original kernel, it will be @@ -160,6 +164,34 @@ UBIFS support add following lines into file ``configs/nokia_rx51_defconfig``:: CONFIG_CMD_UBIFS=y CONFIG_MTD_UBI_BEB_LIMIT=10 +Early output +------------ + +Early U-Boot output can be enabled on serial console by adding following lines +into file ``configs/nokia_rx51_defconfig``:: + + CONFIG_DEBUG_UART=y + CONFIG_DEBUG_UART_OMAP=y + CONFIG_DEBUG_UART_SHIFT=2 + CONFIG_DEBUG_UART_BASE=0x49020000 + CONFIG_DEBUG_UART_CLOCK=48000000 + +Note that early output is not available on USB tty console. + +Verbose debug output +-------------------- + +Verbose debug output with maximal log level can be enabled by adding following +lines into file ``configs/nokia_rx51_defconfig``:: + + CONFIG_DM_DEBUG=y + CONFIG_LOG=y + CONFIG_LOGLEVEL=9 + CONFIG_LOG_MAX_LEVEL=9 + CONFIG_LOG_DEFAULT_LEVEL=9 + +And compiling U-Boot by additional make parameter ``KCPPFLAGS=-DLOG_DEBUG``. + Run in QEMU ----------- From 9c41c06069b889e65243f7fef4d0bdd5071bae1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pali=20Roh=C3=A1r?= Date: Sun, 20 Nov 2022 17:56:28 +0100 Subject: [PATCH 4/9] Nokia RX-51: Do not overwrite standard $loadaddr variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of overwriting $loadaddr variable, use custom temporary $fileloadaddr variable. So scripts can access default/original address stored in $loadaddr at build time. Signed-off-by: Pali Rohár --- include/configs/nokia_rx51.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/include/configs/nokia_rx51.h b/include/configs/nokia_rx51.h index a88cfe77d5..99a020c3c7 100644 --- a/include/configs/nokia_rx51.h +++ b/include/configs/nokia_rx51.h @@ -78,15 +78,16 @@ "kernaddr=0x82008000\0" \ "initrdaddr=0x84008000\0" \ "scriptaddr=0x86008000\0" \ + "fileloadaddr=" __stringify(CONFIG_SYS_LOAD_ADDR) "\0" \ "fileload=${mmctype}load mmc ${mmcnum}:${mmcpart} " \ - "${loadaddr} ${mmcfile}\0" \ - "kernload=setenv loadaddr ${kernaddr};" \ + "${fileloadaddr} ${mmcfile}\0" \ + "kernload=setenv fileloadaddr ${kernaddr};" \ "setenv mmcfile ${mmckernfile};" \ "run fileload\0" \ - "initrdload=setenv loadaddr ${initrdaddr};" \ + "initrdload=setenv fileloadaddr ${initrdaddr};" \ "setenv mmcfile ${mmcinitrdfile};" \ "run fileload\0" \ - "scriptload=setenv loadaddr ${scriptaddr};" \ + "scriptload=setenv fileloadaddr ${scriptaddr};" \ "setenv mmcfile ${mmcscriptfile};" \ "run fileload\0" \ "scriptboot=echo Running ${mmcscriptfile} from mmc " \ From 60d78200938faa72f531172299b7dfeebcbede47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pali=20Roh=C3=A1r?= Date: Wed, 2 Nov 2022 00:40:46 +0100 Subject: [PATCH 5/9] Revert "cli_readline: Only insert printable chars" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d2e64d29c44dee6d455f7705dd1cf1af8674ad9a. This commit broke support for pound sign (£) and euro sign (€) keys on Nokia N900 keypad. Signed-off-by: Pali Rohár Reviewed-by: Simon Glass --- common/cli_readline.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/common/cli_readline.c b/common/cli_readline.c index f6e2bcdece..d6444f5fc1 100644 --- a/common/cli_readline.c +++ b/common/cli_readline.c @@ -517,10 +517,8 @@ static int cread_line(const char *const prompt, char *buf, unsigned int *len, } #endif default: - if (ichar >= ' ' && ichar <= '~') { - cread_add_char(ichar, insert, &num, &eol_num, - buf, *len); - } + cread_add_char(ichar, insert, &num, &eol_num, buf, + *len); break; } } From 8fc220d0a6c616ac5174c48a07bbc39efc5c0837 Mon Sep 17 00:00:00 2001 From: Stefano Babic Date: Tue, 15 Nov 2022 11:49:40 +0100 Subject: [PATCH 6/9] Revert "imx: imx8: apalis: switch to binman" This reverts commit b8072ae848b73e89a73ba5b535324e4dc2793f37. Signed-off-by: Stefano Babic Reported-by: Marcel Ziswiler Acked-by: Marcel Ziswiler --- arch/arm/dts/fsl-imx8qm-apalis-u-boot.dtsi | 2 -- arch/arm/mach-imx/imx8/Kconfig | 1 - configs/apalis-imx8_defconfig | 1 - 3 files changed, 4 deletions(-) diff --git a/arch/arm/dts/fsl-imx8qm-apalis-u-boot.dtsi b/arch/arm/dts/fsl-imx8qm-apalis-u-boot.dtsi index 8fd0e33d2b..956d724979 100644 --- a/arch/arm/dts/fsl-imx8qm-apalis-u-boot.dtsi +++ b/arch/arm/dts/fsl-imx8qm-apalis-u-boot.dtsi @@ -3,8 +3,6 @@ * Copyright 2019 Toradex AG */ -#include "imx8qm-u-boot.dtsi" - &mu { u-boot,dm-pre-proper; }; diff --git a/arch/arm/mach-imx/imx8/Kconfig b/arch/arm/mach-imx/imx8/Kconfig index 91bd888308..37d12d1895 100644 --- a/arch/arm/mach-imx/imx8/Kconfig +++ b/arch/arm/mach-imx/imx8/Kconfig @@ -46,7 +46,6 @@ choice config TARGET_APALIS_IMX8 bool "Support Apalis iMX8 module" - select BINMAN select BOARD_LATE_INIT select IMX8QM diff --git a/configs/apalis-imx8_defconfig b/configs/apalis-imx8_defconfig index d0e24785ae..6226d50c8a 100644 --- a/configs/apalis-imx8_defconfig +++ b/configs/apalis-imx8_defconfig @@ -17,7 +17,6 @@ CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80200000 CONFIG_REMAKE_ELF=y CONFIG_FIT=y -CONFIG_FIT_EXTERNAL_OFFSET=0x3000 CONFIG_FIT_VERBOSE=y CONFIG_OF_SYSTEM_SETUP=y CONFIG_LOG=y From fbce985e28eaca3af82afecc11961aadaf971a7e Mon Sep 17 00:00:00 2001 From: Venkatesh Yadav Abbarapu Date: Thu, 3 Nov 2022 09:37:48 +0530 Subject: [PATCH 7/9] usb: gadget: dfu: Fix the unchecked length field DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction. Fixing the length and transfer direction. CVE-2022-2347 Signed-off-by: Venkatesh Yadav Abbarapu Reviewed-by: Marek Vasut --- drivers/usb/gadget/f_dfu.c | 58 ++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/drivers/usb/gadget/f_dfu.c b/drivers/usb/gadget/f_dfu.c index e9340ff5cb..33ef62f8ba 100644 --- a/drivers/usb/gadget/f_dfu.c +++ b/drivers/usb/gadget/f_dfu.c @@ -321,23 +321,29 @@ static int state_dfu_idle(struct f_dfu *f_dfu, u16 len = le16_to_cpu(ctrl->wLength); int value = 0; + len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len; + switch (ctrl->bRequest) { case USB_REQ_DFU_DNLOAD: - if (len == 0) { - f_dfu->dfu_state = DFU_STATE_dfuERROR; - value = RET_STALL; - break; + if (ctrl->bRequestType == USB_DIR_OUT) { + if (len == 0) { + f_dfu->dfu_state = DFU_STATE_dfuERROR; + value = RET_STALL; + break; + } + f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC; + f_dfu->blk_seq_num = w_value; + value = handle_dnload(gadget, len); } - f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC; - f_dfu->blk_seq_num = w_value; - value = handle_dnload(gadget, len); break; case USB_REQ_DFU_UPLOAD: - f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE; - f_dfu->blk_seq_num = 0; - value = handle_upload(req, len); - if (value >= 0 && value < len) - f_dfu->dfu_state = DFU_STATE_dfuIDLE; + if (ctrl->bRequestType == USB_DIR_IN) { + f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE; + f_dfu->blk_seq_num = 0; + value = handle_upload(req, len); + if (value >= 0 && value < len) + f_dfu->dfu_state = DFU_STATE_dfuIDLE; + } break; case USB_REQ_DFU_ABORT: /* no zlp? */ @@ -426,11 +432,15 @@ static int state_dfu_dnload_idle(struct f_dfu *f_dfu, u16 len = le16_to_cpu(ctrl->wLength); int value = 0; + len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len; + switch (ctrl->bRequest) { case USB_REQ_DFU_DNLOAD: - f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC; - f_dfu->blk_seq_num = w_value; - value = handle_dnload(gadget, len); + if (ctrl->bRequestType == USB_DIR_OUT) { + f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC; + f_dfu->blk_seq_num = w_value; + value = handle_dnload(gadget, len); + } break; case USB_REQ_DFU_ABORT: f_dfu->dfu_state = DFU_STATE_dfuIDLE; @@ -513,13 +523,17 @@ static int state_dfu_upload_idle(struct f_dfu *f_dfu, u16 len = le16_to_cpu(ctrl->wLength); int value = 0; + len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len; + switch (ctrl->bRequest) { case USB_REQ_DFU_UPLOAD: - /* state transition if less data then requested */ - f_dfu->blk_seq_num = w_value; - value = handle_upload(req, len); - if (value >= 0 && value < len) - f_dfu->dfu_state = DFU_STATE_dfuIDLE; + if (ctrl->bRequestType == USB_DIR_IN) { + /* state transition if less data then requested */ + f_dfu->blk_seq_num = w_value; + value = handle_upload(req, len); + if (value >= 0 && value < len) + f_dfu->dfu_state = DFU_STATE_dfuIDLE; + } break; case USB_REQ_DFU_ABORT: f_dfu->dfu_state = DFU_STATE_dfuIDLE; @@ -595,6 +609,8 @@ dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl) int value = 0; u8 req_type = ctrl->bRequestType & USB_TYPE_MASK; + len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len; + debug("w_value: 0x%x len: 0x%x\n", w_value, len); debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n", req_type, ctrl->bRequest, f_dfu->dfu_state); @@ -614,7 +630,7 @@ dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl) value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req); if (value >= 0) { - req->length = value; + req->length = value > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : value; req->zero = value < len; value = usb_ep_queue(gadget->ep0, req, 0); if (value < 0) { From 758bff205fdbece05c9ead9b00d6d7a1c213821b Mon Sep 17 00:00:00 2001 From: Alexandre Mergnat Date: Fri, 28 Oct 2022 10:28:27 +0200 Subject: [PATCH 8/9] configs: mediatek: enable boot via extlinux Enable FAT and SYSBOOT to use extlinux boot script Signed-off-by: Jerome Brunet Signed-off-by: Alexandre Mergnat Signed-off-by: Julien STEPHAN --- configs/mt8183_pumpkin_defconfig | 3 +++ configs/mt8516_pumpkin_defconfig | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/configs/mt8183_pumpkin_defconfig b/configs/mt8183_pumpkin_defconfig index 88f7234957..49d12bf6ec 100644 --- a/configs/mt8183_pumpkin_defconfig +++ b/configs/mt8183_pumpkin_defconfig @@ -48,8 +48,11 @@ CONFIG_CMD_PART=y # CONFIG_CMD_ITEST is not set # CONFIG_CMD_SETEXPR is not set # CONFIG_CMD_BLOCK_CACHE is not set +CONFIG_CMD_SYSBOOT=y CONFIG_CMD_EXT4=y +CONFIG_CMD_FAT=y CONFIG_CMD_FS_GENERIC=y +# CONFIG_DOS_PARTITION is not set CONFIG_ENV_IS_IN_MMC=y CONFIG_SYS_MMC_ENV_PART=2 CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y diff --git a/configs/mt8516_pumpkin_defconfig b/configs/mt8516_pumpkin_defconfig index 0f31e0538a..10d8214255 100644 --- a/configs/mt8516_pumpkin_defconfig +++ b/configs/mt8516_pumpkin_defconfig @@ -6,6 +6,7 @@ CONFIG_TEXT_BASE=0x4C000000 CONFIG_SYS_MALLOC_F_LEN=0x4000 CONFIG_NR_DRAM_BANKS=1 CONFIG_ENV_SIZE=0x1000 +CONFIG_ENV_OFFSET=0x0 CONFIG_DM_GPIO=y CONFIG_DEFAULT_DEVICE_TREE="mt8516-pumpkin" CONFIG_TARGET_MT8516=y @@ -49,6 +50,12 @@ CONFIG_CMD_PART=y # CONFIG_CMD_SETEXPR is not set # CONFIG_CMD_BLOCK_CACHE is not set # CONFIG_CMD_SLEEP is not set +CONFIG_CMD_SYSBOOT=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +# CONFIG_DOS_PARTITION is not set +CONFIG_ENV_IS_IN_MMC=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_CLK=y From 4b0a1f59873abca079a4462a9a90d76abbcbc419 Mon Sep 17 00:00:00 2001 From: Samuel Holland Date: Sun, 30 Oct 2022 23:26:19 -0500 Subject: [PATCH 9/9] spl: Fix SPL_ATF and SPL_OPENSBI dependencies The code for these two options depends on having the FIT loadables recorded in the FDT. Thus, these options require the full version of the SPL_LOAD_FIT code. Signed-off-by: Samuel Holland --- common/spl/Kconfig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 05181bdba3..fef01bdd7d 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -1440,7 +1440,8 @@ config SPL_YMODEM_SUPPORT config SPL_ATF bool "Support ARM Trusted Firmware" - depends on ARM64 && SPL_FIT + depends on ARM64 + depends on SPL_LOAD_FIT && !SPL_FIT_IMAGE_TINY help ATF(ARM Trusted Firmware) is a component for ARM AArch64 which is loaded by SPL (which is considered as BL2 in ATF terminology). @@ -1487,6 +1488,7 @@ config SPL_OPTEE_IMAGE config SPL_OPENSBI bool "Support RISC-V OpenSBI" depends on RISCV && SPL_RISCV_MMODE && RISCV_SMODE + depends on SPL_LOAD_FIT && !SPL_FIT_IMAGE_TINY help OpenSBI is an open-source implementation of the RISC-V Supervisor Binary Interface (SBI) specification. U-Boot supports the OpenSBI FW_DYNAMIC