| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
UBSAN and ASAN as well as other debugging aids are all in the
Debugging menu. Relocate KASAN to be there as well.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Add helper function to get console device by devicetree alias
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sometimes it's necessary to do some work after a delay. Add support for
this case.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Filesystem operations possibly call into arbitrary devices, so shouldn't
be used from a poller. This patch sprinkles some WARN_ONCE() when this
happens. One exception is when the file which is accessed is on ramfs
which doesn't have any dependencies to devices.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements the UDP variant of the fastboot protocol. The only way to
start the service for now is to compile with CONFIG_FASTBOOT_NET_ON_BOOT.
The service will bind to the network interface that provides the IPv4
gateway.
Sending an OKAY packet before performing a restart is necessary since
contrary to USB the host will not notice when a UDP server disappears.
Signed-off-by: Edmund Henniges <eh@emlix.com>
Signed-off-by: Daniel Glöckner <dg@emlix.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The list of variables can be initialized in common code, no need to do
the in the different implementations.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add fastboot_abort() to allow aborting the current session.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Warn when we are about to open a new download file without having
closed the old one.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is nothing USB-specific in the defined usbgadget.fastboot_*
variables. Rename them to be usable also for the UDP fastboot transport.
The usbgadget.fastboot_function variable is used to define the files and
devices accessible with the erase and flash commands. Since "function" is
a term from the USB specification and the Fastboot specification uses the
term "partition", we rename that variable to "fastboot.partitions".
Signed-off-by: Daniel Glöckner <dg@emlix.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When globalvars are renamed across releases it's not nice when variables
in the persistent environment loose their meaning. This adds a helper
function which adds an alias for the old names. When the persistent
variables still use the old names then their values are automatically
written to variables with the new names.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This switches running barebox commands in ratp to a context where it's
safe to do so: In a work queue.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some code wants to run arbitrary code in the background, examples are
fastboot and ratp. Currently this is implemented in pollers. The problem
with this is that pollers are executed whenever is_timeout() is called
which may happen anywhere in the code. With this we can never tell which
resources are currently in use when the poller is executed.
This adds a work queue interface which is specifically designed to
trigger doing work in a context where it's safe to run arbitrary commands.
Code in pollers can attach work to a work queue which is at that time
only queued up. A new slice, the command slice, is added which by
default is acquired. It is only released at places where the shell waits
for input. When during this time pollers are executed the queued up
works are done before running the registered pollers.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
slices, the barebox idea of locking
barebox has pollers which execute code in the background whenever one of the
delay functions (udelay, mdelay, ...) or is_timeout() are called. This
introduces resource problems when some device triggers a poller by calling
a delay function and then the poller code calls into the same device again.
As an example consider a I2C GPIO expander which drives a LED which shall
be used as a heartbeat LED:
poller -> LED on/off -> GPIO high/low -> I2C transfer
The I2C controller has a timeout loop using is_timeout() and thus can trigger
a poller run. With this the following can happen during an unrelated I2C
transfer:
I2C transfer -> is_timeout() -> poller -> LED on/off -> GPIO high/low -> I2C transfer
We end up with issuing an I2C transfer during another I2C transfer and
things go downhill.
Due to the lack of interrupts we can't do real locking in barebox. We use
a mechanism called slices instead. A slice describes a resource to which
other slices can be attached. Whenever a slice is needed it must be acquired.
Acquiring a slice never fails, it just increases the acquired counter of
the slice and its dependent slices. when a slice shall be used inside a
poller it must first be tested if the slice is already in use. If it is,
we can't do the operation on the slice now and must return and hope that
we have more luck in the next poller call.
slices can be attached other slices as dependencies. In the example above
LED driver would add a dependency to the GPIO controller and the GPIO driver
would add a dependency to the I2C bus:
GPIO driver probe:
slice_add(&gpio->slice, i2c_device_slice(i2cdev));
LED driver probe:
slice_add(&led->slice, gpio_slice(gpio));
The GPIO code would call slice_acquire(&gpio->slice) before doing any
operation on the GPIO chip providing this GPIO, likewise the I2C core
would call slice_acquire(&i2cbus->slice) before doing an operation on
this I2C bus.
The heartbeat poller code would call slice_acquired(led_slice(led)) and
only continue when the slice is not acquired.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In case the board needs to setup the load address of the kernel, don't
overwrite the variable, instead only override the image.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove initialization of the verbose struct member, it will be
overwritten by the call to bootm_data_init_defaults(). Also remove
members which are initialized in the call.
Verbose should be enabled if either the argument or variable is set, so
|| both.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Configuration of the loadaddresses for image oftree and initrd can not
be done inside the bootloader spec yet, so using bootloader spec should
not override settings from the environment.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of overwriting the whole hierarchy beneath a globalvar, the
globalvar_set function only sets the specific globalvar.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
globalvar_add_simple_bool() and the other family of globalvars don't allow
running a callback when the variable is set. This is a useful thing
to have however for things like global.usbgadget.autostart=1.
Provide a globalvar_add_bool() that accommodates this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
setenv was so far restricted to the simple shell, because with hush,
users could just do dev.var=VAL for setting variables in the
environment. The hush syntax doesn't allow for setting all kinds of
environment variables though, e.g.
5c00a000.tamp@5c00a000:reboot-mode.of.param
can't be set with hush, because of the special characters. It could
still be read by using the ${variable} syntax though.
Allow setting these variables by making the setenv command generally
available. The default is chosen to be 'y', because the command is
deemed small and useful enough to have it there by default.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So far, we were fine by using the highest priority restart handler
whenever more than one was available. There are reasons to want to
configure this however:
- When communicating with BootROM, e.g. to force boot from recovery
mode: The reset chosen must not cause the reboot mode stored to
volatile memory to vanish
- When testing (undocumented) reset behavior, e.g. to analyze how
the EFI reset behaves
Extend the reset command to support this. When no extra command line
option is supplied, the old behavior is maintained.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With incoming changes to choose a specific reset method, give all
currently unnamed "default" reset handlers a name:
- soc reset via SoC-specific means
- soc-wdt reset via SoC watchdog timer
- vector reset via jump to reset vector
- efi reset via EFI firmware
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow-up commit allows referencing specific restart handler by name.
Restart handlers default to "default" as name when none is given.
Number them sequentially instead.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
strsep unlike strtok(_r) returns an empty string for each pair of
consecutive delimiters.
blspec_apply_oftree_overlay is not equipped to handle an empty
string and will attempt treating "abspath/" as device tree file.
Explicitly check for empty strings, so this doesn't happen.
Cc: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Check the return code of fit_open_image() inside bootm_load_initrd().
Without this check, the code works with undefined values of
"initrd_size" and "initrd" should fit_open_image() fail.
Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This dependency was added in commit b3d5c43cb8a2d492355a (2016-04-07,
Antony Pavlov: "common: add dependency !SANDBOX on imd target tool"),
but it seems to compile fine four years down the line.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduces a new env var which specifies which device is the rootfs
device to be used in Linux, passed to Linux via bootargs, identified by
the rootfs partition's PARTUUID.
global.bootm.root_dev supplements global.bootm.appendroot, in that it
overrides appendroot's naïve default, which picks the partition that the
kernel resides on (global.bootm.image).
Example:
detect mmc2
global.bootm.image='/mnt/mmc2.0/zImage'
global.bootm.appendroot=1
global.bootm.root_dev=/dev/mmc2.1
boot mmc
Signed-off-by: Robert Karszniewicz <r.karszniewicz@phytec.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
KernelAddressSANitizer (KASAN) is a dynamic memory error detector. It
provides a fast and comprehensive solution for finding use-after-free
and out-of-bounds bugs.
This adds support for KASan to barebox. It is basically a stripped down
version taken from the Linux Kernel as of v5.9-rc1.
Quoting the initial Linux commit 0b24becc810d ("kasan: add kernel address
sanitizer infrastructure") describes what KASan does:
| KASAN uses compile-time instrumentation for checking every memory access,
| therefore GCC > v4.9.2 required. v4.9.2 almost works, but has issues with
| putting symbol aliases into the wrong section, which breaks kasan
| instrumentation of globals.
|
| Basic idea:
|
| The main idea of KASAN is to use shadow memory to record whether each byte
| of memory is safe to access or not, and use compiler's instrumentation to
| check the shadow memory on each memory access.
|
| Address sanitizer uses 1/8 of the memory addressable in kernel for shadow
| memory and uses direct mapping with a scale and offset to translate a
| memory address to its corresponding shadow address.
|
| For every 8 bytes there is one corresponding byte of shadow memory.
| The following encoding used for each shadow byte: 0 means that all 8 bytes
| of the corresponding memory region are valid for access; k (1 <= k <= 7)
| means that the first k bytes are valid for access, and other (8 - k) bytes
| are not; Any negative value indicates that the entire 8-bytes are
| inaccessible. Different negative values used to distinguish between
| different kinds of inaccessible memory (redzones, freed memory) (see
| mm/kasan/kasan.h).
|
| To be able to detect accesses to bad memory we need a special compiler.
| Such compiler inserts a specific function calls (__asan_load*(addr),
| __asan_store*(addr)) before each memory access of size 1, 2, 4, 8 or 16.
|
| These functions check whether memory region is valid to access or not by
| checking corresponding shadow memory. If access is not valid an error
| printed.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sandbox really has ASan support, that is address sanitizer with the help
of the userspace library libasan. In contrast KASan is used on real
hardware where we have to implement our own support code. Rename sandbox
KASan to ASan to not clash with upcoming KASan support.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Call constructors (gcc-generated initcall-like functions) during barebox
start. Constructors are e.g. used for kasan initialization.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Increase the area used for resolving symbols so that global variables
can also be resolved to names.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This fixes a dereference of an uninitialized pointer when imd-crc-token is
not found.
Signed-off-by: Hubert Feurstein <h.feurstein@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to the U-Boot documentation for the FIT file format, the load
and entry have to be allways defined for a "kernel" or "standalone".
But Barebox ignored the parameters. That changes with this patch.
For backward compatibility the default values for load or entry are
still used if they are not given by the FIT file.
Signed-off-by: Christian Mauderer <christian.mauderer@embedded-brains.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now both LF ('\n') and CR ('\r') are valid keys to abort
console_countdown when using CONSOLE_COUNTDOWN_RETURN flag.
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \
| |_|/
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
i.MX8MM/MN/MP has UARTs in the same place in the MMIO address space as
the i.MX8MQ, so make the lowlevel debug a bit more generic across the
i.MX8M family.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/
|
|
|
| |
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
nv.autoboot=abort has been added as development aid to have barebox stop
at the shell prompt automatically. It makes sense to inhibit all watchdogs
in this mode, so the user can later use the shell in peace.
This also applies to fastboot aborting the shell prompt. If this
happens, watchdog will be automatically inhibited as well.
Behavior on user aborting the shell prompt via keypad or uart input
remains unchanged for backwards-compatibility.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This updates the tlsf implementation to v3.1. This is taken from
commit deff9ab509341f264addbd3c8ada533678591905 in
https://github.com/mattconte/tlsf.git.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are some bugs in the error path when ratp initialization fails
half way through. Reusing the global ratp context which might be half
initialized makes the code hard to follow and hard to fix, so the
strategy is changed to always allocating a fresh ratp context and
returning -EBUSY when one exists already. We store in the context what
has been done in the initialization path and add a ratp_unregister()
which uses this information to tear down everything that has been
initialized.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|