This is a fix for the sporadic mmc write failure:
mmc write failed
0 blocks written: ERROR
After this happens the emmc will remain in an error state
where subsequent read/writes fail with a timeout.
The mmc driver sends CMD25 - WRITE_MULTIPLE_BLOCK which
can sporadically timeout. When this happens, the mmc driver
aborts the transfer and returns the above error messages.
But the emmc still remains in data transfer mode, since
the timeout was decided by uboot, not by the emmc.
Fix this by sending the STOP_TRANSMISSION command (CMD12)
and waiting for the emmc to be in ready state again (CMD13).
Transferring data blocks after a CMD25 can take anywhere
between 5 and +15s on Samsung EMMCs and the current timeout
is not enough. Increase the timeout by 2x to accommodate the
long transfer times observed.
Signed-off-by: Iulian Banaga <iulianeugen.banaga@mobileye.com> Acked-by: Jimmy Durand Wesolowski <jimmy.wesolowski@mobileye.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
The exynos5420 DTSes in linux kernel uses the compatibles
samsung,exynos5420-dw-mshc{,-smu} instead of just
samsung,exynos-dwmmc. Match the additional compatibles in the driver
to make it possible to use it with DTSes from Linux kernel.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
[ grimler: rebase after clksel reg abstraction and re-write commit message ] Signed-off-by: Henrik Grimler <henrik@grimler.se> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Anand Moon <linux.amoon@gmail.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
the Exynos4210 devices in u-boot uses samsung,exynos4412-sdhci as
sdhci compatible in their DTSes, while the upstream DTSes uses
samsung,exynos4210-sdhci.
Add samsung,exynos4210-sdhci compatible string for s5p_sdhci driver as
well so that it can be used with upstream DTSes.
Signed-off-by: Henrik Grimler <henrik@grimler.se> Reviewed-by: Anand Moon <linux.amoon@gmail.com> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Signed-off-by: Peng Fan <peng.fan@nxp.com>
The common sdhci infrastructure is already parsing the cd-gpios
property, since commit 451931ea7002 ("mmc: sdhci: Read cd-gpio from
devicetree"). The s5p code is therefore duplicated, and also broken
since it assumes that the GPIO value is inverted, while the sdhci code
correctly follows the ACTIVE_LOW/ACTIVE_HIGH flag specified in the
device tree.
This fix was originally authored by Simon Shields:
https://github.com/fourkbomb/u-boot/commit/2eac9dea7903
The change has been tested on exynos4210-i9100, a device similar to
exynos4210-trats.
Signed-off-by: Henrik Grimler <henrik@grimler.se> Reviewed-by: Anand Moon <linux.amoon@gmail.com> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Signed-off-by: Peng Fan <peng.fan@nxp.com>
In [0], Andrew noted a code quality issue in the implementation of
blk_find_first and blk_find_next. This led to the observation that the
logic of these functions was also likely incorrect, and based on a quick
check it seemed the functions were unused outside of test code, which
did not exercise the potential failure case, so we felt they should be
removed. In [1], a test patch which illustrates the failure in sandbox
is provided for reference.
Because a more thorough check agrees that these functions are unused,
they are currently incorrect, and fixed/removable flags on block devices
prior to probe are unreliable, just remove these functions instead of
fixing them. All potential users should have used blk_first_device_err
instead anyway.
Andrew Goodbody [Wed, 16 Jul 2025 10:55:47 +0000 (11:55 +0100)]
cmd: gpt: Fix off by 1 errors
The buffer for a name to be copied into must also contain the
terminating 0 byte but strlen returns the length of the string without
counting that 0 byte. Adjust the length checks to take this into
account.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Andrew Goodbody [Wed, 16 Jul 2025 09:03:30 +0000 (10:03 +0100)]
abuf: Remove code that prevented test code running
When abuf was introduced some test code was prevented from running using
a 'return 0' early in the functions. A comment said it crashed on
sandbox due to a 'bug' in realloc. Some time later a bug in abuf_realloc
was fixed but this test code was never enabled.
Remove the early 'return 0' instances so that the test code can run.
Also remove some checks that relied on the implementation details of the
U-Boot memory code as these can fail on sandbox which uses system memory
code. Besides that this code should be testing abuf implementation not
the underlying memory code which has its own tests.
Finally use a new #define for the allocs that are meant to fail to
ensure they do fail on all CI platforms.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Tom Rini [Wed, 23 Jul 2025 19:12:22 +0000 (13:12 -0600)]
Merge patch series "mkimage: validate default configuration reference"
Aristo Chen <jj251510319013@gmail.com> says:
This patch series introduces a validation step in `mkimage` to ensure that
the `default` property under the `/configurations` node in a FIT image
references a valid subnode. If the referenced node does not exist, mkimage
now prints an error and fails early. This helps prevent runtime failures
when U-Boot attempts to boot using an undefined configuration.
The first patch implements the validation logic in `fit_image.c`. The second
patch fixes an invalid default configuration reference exposed by this new
check in the `k3-am65-iot2050-boot-image.dtsi`. The final patch adds a test
case to verify that mkimage correctly fails when an invalid default
configuration is present in the ITS file.
This series improves the robustness of FIT image generation and helps
catch malformed image trees during build time.
test: fit: add test case for invalid default configuration reference
Recent changes to mkimage introduced a validation step to ensure that
the 'default' property under the /configurations node in a FIT image
references a valid configuration subnode. If the referenced node is
missing, mkimage will now return an error.
This patch adds a Python test case to verify that mkimage correctly
fails when the 'default' configuration does not exist. The test creates
a minimal ITS with an invalid default reference and checks that mkimage
produces the expected error message.
tools: fit_image: validate existence of default configuration node
When a FIT image declares a default configuration via the
'configurations/default' property, it must reference a valid subnode
under the /configurations node. If the named default does not exist,
U-Boot will fail to boot the image when no explicit configuration is
provided.
This patch adds a validation step in mkimage to check that the
referenced default configuration node is present. If not, mkimage will
print an error and abort.
This helps catch malformed or outdated ITS files early at build time
instead of deferring failure to runtime.
mkimage introduced a validation step to ensure that the 'default'
property under the /configurations node in a FIT image refers to a
valid subnode. This exposed an issue in the
k3-am65-iot2050-boot-image.dtsi, where the 'default' property was set to
"ti/k3-am6528-iot2050-basic" and "ti/k3-am6528-iot2050-basic-pg2", which
do not correspond to actual configuration node names.
This patch updates both /configurations nodes to reference the correct
subnode.
Without this fix, mkimage will fail with an error:
"ERROR: Default configuration 'ti/k3-am6528-iot2050-basic' not found
under /configurations"
An upcoming commit will validate the if the default configuration exists
Martin Schwan [Mon, 14 Jul 2025 13:30:10 +0000 (15:30 +0200)]
bootstd: rauc: Only scan all partitions instead of boot files
Only scan for the existence of all required partitions of a RAUC system,
instead of searching for boot script files in all of them.
Previously, it might have occurred, that a slot did not contain required
files and RAUC already marked the corresponding slot as bad (not
suitable for booting). In that case, scanning for a non-existence boot
script would result in an error (and thus not booting anything), which
was different behavior compared to the legacy RAUC boot.
Move the call to configure the qrio i2c deblock pins earlier.
Before this, the call was happening after the first attempt to deblock
the SDP EEPROM, which resulted in a not correct sequence.
Signed-off-by: Tomas Alvarez Vanoli <tomas.alvarez-vanoli@hitachienergy.com> Signed-off-by: Holger Brunck <holger.brunck@hitachienergy.com>
Setting GPIO by reading the value of the GPRT register, toggling the
correct bit and then writing it causes input values to transfer to the
output. Here's how (example):
1) set gpio 17 and 18 as input.
2) set gpio 17 output value to 0 (read gprt, change 17 to 0, write).
3) set gpio 18 output value to 0 (read gprt, change 18 to 0, write).
The problem here is that because we set 17 as input, and it's a pull-up,
when we read gprt in step 3, the bit 17 will be 1 and not 0.
Instead of doing read/write/modify, the solution is to keep track
internally of the user set GPIOs, and replace the read step with this
static variable.
Signed-off-by: Tomas Alvarez Vanoli <tomas.alvarez-vanoli@hitachienergy.com> Signed-off-by: Holger Brunck <holger.brunck@hitachienergy.com>
Andrew Goodbody [Thu, 17 Jul 2025 08:43:29 +0000 (09:43 +0100)]
fastboot: Fix off by 1 error
strlen only reports length of string not including terminating 0 byte
but this has to be included in length of receiving buffer on copy so
adjust length check to be correct.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
As the size of 64b ARM kernels, DTs, vendor firmware, and initial ram
disks continues to grow, the 256MB size limit set aside for image
processing by the bootm command has become too small for some K3
reference boards.
For ARMv7 removing this limit could introduce issues so move the
bootm_size variable to ti_armv7_keystone2.env and remove the limit for
any board using a TI K3 SoC.
arm: fix lmb region reservation when PRAM is defined
PRAM usage is not taken into account when reserving lmb for ARM
architecture, this means that predefined PRAM region is marked as
reserved by the architecture and cannot be used by other users.
KASLR, or Kernel Address Space Layout Randomization, is a security
feature in the Linux kernel that randomizes the memory location
where the kernel is loaded during boot.
OP-TEE RNG is a Random Number Generator (RNG) component within the
Open Portable Trusted Execution Environment (OP-TEE) which provides
a random number to U-BOOT and U-BOOT provides this random number
as seed value to the LINUX kernel for KASLR.
Add KASLR OPTEE RNG support across K3 devices by enabling the required
configs.
Tom Rini [Fri, 11 Jul 2025 18:43:36 +0000 (12:43 -0600)]
python: requirements.txt: Update a few modules for security issues
The GitHub dependabot tool has reported a number of issues recently with
some modules that we use. While unlikely to be exploitable in the way we
use them, update various libraries to the latest.
Reported-by: GitHub dependabot Signed-off-by: Tom Rini <trini@konsulko.com>
- Add support for the i.MX95 B0 version.
- Enable standard boot for phycore-imx8mp.
- Kconfig fixes for i.MX MMC and FSL_SEC_MON.
- Support 4Gb single die variant of the i.MX8MM Venice board.
- Board: mpfs_icicle: Fix board_fit_config_name_match and disable
DEBUG_UART
- Board: Add SD card support to the Beagle-V-Fire
- Board: Add support for TH1520-integrated GMACs
Andrew Goodbody [Thu, 3 Jul 2025 14:03:30 +0000 (15:03 +0100)]
mmc: Take cleanup path to free memory on error exit
Instead of returning -EINVAL directly which will not call the cleanup
path to free memory, fix the code to set the error and then goto the
cleanup code.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Reviewed-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Tim Harvey [Mon, 14 Jul 2025 17:23:03 +0000 (10:23 -0700)]
venice: lpddr4_timing_imx8mm: update ddr phy config for mscale_v3.10
Update the ddr phy config values to those created by the mscale_v3.10
tool. The original values were obtained using mscale_v3.10. The v3.10
tool removed ddr phy register values of 0x0.
This has no functional change but makes comparing and patching ddr
configuration easier in addition to slightly shrinking the DRAM config
size.
Tim Harvey [Mon, 14 Jul 2025 17:23:02 +0000 (10:23 -0700)]
venice: lpddr4_timing_imx8mm: add 4gb single die support
Add dram support for the MT53E1G32D2FW-046 RevC part which is a single die
32Gbit density part vs RevA/B which were dual-die parts:
- use a previously unused EEPROM byte to denote a variant of the
base config to be patched
- add a dram description string
- return the board struct from eeprom_init and pass it to the
spl_dram_init function so that it has access to the EEPROM
- move ddr_init into the spl_dram_init so that it can be patched
in the per-soc init function
Add the configuration register for DDRC_ADDRMAP7 which was added in the
RAP spreadsheet v19. This has no functional change but allows DRAM
configuration to be patched in a later commit.
Tom Rini [Fri, 11 Jul 2025 15:20:25 +0000 (09:20 -0600)]
nxp: Move FSL_SEC_MON related options to arch/Kconfig.nxp
The options related to FSL_SEC_MON are part of the chain of trust
related options and should be under that menu, so move it there.
Furthermore we don't need to prompt for the driver itself but do need to
allow for configuration of the monitor endianess.
Tom Rini [Fri, 11 Jul 2025 15:15:52 +0000 (09:15 -0600)]
brppt2: Use the correct MMC driver
As part of splitting the i.MX parts of FSL_ESDHC out from the more
legacy parts, the FSL_ESDHC_IMX symbol was added. This platform is the
only one which was not converted correctly.
Fixes: e37ac717d796 ("Convert to use fsl_esdhc_imx for i.MX platforms") Signed-off-by: Tom Rini <trini@konsulko.com>
Ye Li [Mon, 7 Jul 2025 20:42:55 +0000 (04:42 +0800)]
spl: imx: Add support for new PQC container
To support PQC container format which is used for post quantum
authentication on new i.MX parts like i.MX94
The major changes compared to legacy container format is in
signature block, new container tag and version, and new alignment
of container header.
Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Jacky Bai <ping.bai@nxp.com> Signed-off-by: Alice Guo <alice.guo@nxp.com> Acked-by: Peng Fan <peng.fan@nxp.com>
Alice Guo [Mon, 7 Jul 2025 20:42:54 +0000 (04:42 +0800)]
tools: imx8image: Add 2 new commands CMD_CNTR_VERSION and CMD_DUMMY_DDR
i.MX95 B0 uses image container format v2, and `one container header
occupies 0x4000, so that CMD_CNTR_VERSION needs to be added.
The purpose of CMD_DUMMY_DDR is to create a dummy image entry in boot
container prior the DDR OEI image entry. ROM reads the address of DUMMY
DDR image entry and passes it to DDR OEI in OEI entry function as
parameter value, in order to indicate the offset of training data with
the boot container.
Ye Li [Mon, 7 Jul 2025 20:42:53 +0000 (04:42 +0800)]
arm: imx: Update ELE get_info structure for i.MX94
Since i.MX94, the ELE get_info structure is updated to add
OEM PQC SRK hash, so update it.
Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Jacky Bai <ping.bai@nxp.com> Signed-off-by: Alice Guo <alice.guo@nxp.com> Acked-by: Peng Fan <peng.fan@nxp.com>
Yao Zi [Thu, 10 Jul 2025 03:42:01 +0000 (03:42 +0000)]
configs: th1520_lpi4a: Enable network support
Enable the network stack, the designware ethernet driver and
corresponding glue driver. The Lichee Pi 4A board ships two RTL8211F
phys, both attached to GMAC 0, thus support for Realtek phys and DM
support for MDIO devices are enabled as well.
Signed-off-by: Yao Zi <ziyao@disroot.org> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Thu, 10 Jul 2025 03:42:00 +0000 (03:42 +0000)]
riscv: dts: th1520: Describe GMACs and enable them on Lichee Pi 4A
TH1520 SoC ships two MAC controllers based on Designware Ethernet IP
that are capable of Gigabit operation. Describe them in SoC devicetree
and enable them for Lichee Pi 4A.
Signed-off-by: Yao Zi <ziyao@disroot.org> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Thu, 10 Jul 2025 03:41:59 +0000 (03:41 +0000)]
drivers: net: Add T-Head DWMAC glue layer
The Designware IP integrated in TH1520 SoC requires extra clock
configuration to operate correctly. The Linux kernel's T-Head DWMAC glue
driver is ported and adapted to U-Boot's API.
Signed-off-by: Yao Zi <ziyao@disroot.org> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Thu, 10 Jul 2025 03:41:58 +0000 (03:41 +0000)]
riscv: cpu: th1520: Limit upper RAM boundary to 4 GiB
TH1520 SoC ships DMA peripherals that could only reach the first 32-bit
range of memory, for example, the GMAC controllers. Let's limit the
usable top of RAM below 4GiB to ensure DMA allocations are accessible to
all peripherals.
Signed-off-by: Yao Zi <ziyao@disroot.org> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Yao Zi [Thu, 10 Jul 2025 03:41:57 +0000 (03:41 +0000)]
clk: thead: th1520-ap: Correctly handle flags for dividers
Unlike the gate clocks which make no use of flags, most dividers in
TH1520 SoC are one-based, thus are applied with CLK_DIVIDER_ONE_BASED
flag. We couldn't simply ignore the flag, which causes wrong results
when calculating the clock rates.
Add a member to ccu_div_internal for defining the flags, and pass it to
divider_recalc_rate(). With this fix, frequency of all the clocks match
the Linux kernel's calculation.
Fixes: e6bfa6fc94f ("clk: thead: Port clock controller driver of TH1520 SoC") Signed-off-by: Yao Zi <ziyao@disroot.org> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
spi: coreqspi: add xfer function for PolarFire SoC
Add xfer function to PolarFire SoC coreqspi driver. The read and write
operations are limited to one byte at a time instead of four as CMD18
(multiple block read) reads garbage when four byte ops are enabled.
Signed-off-by: Eoin Dickson <eoin.dickson@microchip.com> Acked-by: Leo Yu-Chi Liang <ycliang@andestech.com>
By default DEBUG_UART uses the SBI DBCN extension on S-Mode RISC-V
platforms, but the Icicle Kit's firmware doesn't support it. Since
DEBUG_UART is getting turned on automagically and this is somewhat
misleading, disable it in the Icicle kit's defconfig.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
The loop in the icicle implementation of board_fit_config_name_match()
runs strtok() to split off the vendor portion of the compatible string
using , as the delimiter. strtok() modifies a string in place, so where
the first config and compatible do not match, the compatible has been
modified by the time the loop hits the second iteration.
Since stringlists in dt land are null separated strings, the nulls
strtok() inserts to replace the delimiter increase the number of strings
in the compatible list. When the second iteration of the loop calls
fdt_stringlist_get(), it gets the vendorless portion of the first
compatible string, rather than the second compatible string. Copy each
compatible before calling strtok() to avoid this problem.
The temporary string the compatible is copied to is statically
allocated, as attempts to dynamically allocate it at this stage of boot
were met with "alloc space exhausted" errors.
Mark Kettenis [Sat, 12 Jul 2025 18:52:27 +0000 (20:52 +0200)]
board: vexpress_ca9x4: Enable D-cache and MMU
Enable the D-cache, which will also enable the MMU. The latter
make sure we don't do unaligned access on Strongly-ordered memory,
which has UNPREDICTABLE behaviour according the architecture
definition. This fixes using U-Boot with recent versions of
QEMU's vexpress-ca9 emulation.
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Andrew Goodbody [Wed, 9 Jul 2025 11:49:09 +0000 (12:49 +0100)]
boot: Ensure method_flags is initialised before use
The local variable method_flags is only assigned to in some of the
code paths leaving it possibly uninitialised at first use.
Initialise method_flags at declaration to ensure that it cannot be
used uninitialised. Also remove now redundant assignments.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Sam Protsenko [Wed, 9 Jul 2025 04:23:42 +0000 (23:23 -0500)]
dfu: Fix dfu_config_interfaces() for single interface DFU syntax
As stated in DFU documentation [1], the device interface part might be
missing in dfu_alt_info:
dfu_alt_info
The DFU setting for the USB download gadget with a semicolon
separated string of information on each alternate:
dfu_alt_info="<alt1>;<alt2>;....;<altN>"
When several devices are used, the format is:
- <interface> <dev>'='alternate list (';' separated)
So in first case dfu_alt_info might look like something like this:
dfu_alt_info="mmc 0=rawemmc raw 0 0x747c000 mmcpart 1;"
And in second case (when the interface is missing):
dfu_alt_info="rawemmc raw 0 0x747c000 mmcpart 1;"
When the interface is not specified the 'dfu' command crashes when
called using 'dfu 0' or 'dfu list' syntax:
=> dfu list
"Synchronous Abort" handler, esr 0x96000006, far 0x0
That's happening due to incorrect string handling in
dfu_config_interfaces(). In case when the interface is not specified in
dfu_alt_info it triggers this corner case:
d = strsep(&s, "="); // now d contains s, and s is NULL
if (!d)
break;
a = strsep(&s, "&"); // s is already NULL, so a is NULL too
if (!a) // corner case
a = s; // a is NULL now
which causes NULL pointer dereference later in this call, due to 'a'
being NULL:
part = skip_spaces(part);
That's because as per strsep() behavior, when delimiter ("&") is not
found, the token (a) becomes the entire string (s), and string (s)
becomes NULL. To fix that issue assign "a = d" instead of "a = s",
because at that point variable d actually contains previous s, which
should be used in this case.
[1] doc/usage/dfu.rst
Fixes: commit febabe3ed4f4 ("dfu: allow to manage DFU on several devices") Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org> Link: https://lore.kernel.org/r/20250709042342.13544-1-semen.protsenko@linaro.org Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Tom Rini [Wed, 2 Jul 2025 01:06:03 +0000 (19:06 -0600)]
common/avb_verify.c: Make use of LBAF for printing lbaint_t
When printing the contents of an lbaint_t variable we need to use LBAF
to print it in order to get the correct format type depending on 32 or
64bit-ness.
Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org> Link: https://lore.kernel.org/r/20250702010603.19354-2-trini@konsulko.com Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Tom Rini [Wed, 2 Jul 2025 01:06:02 +0000 (19:06 -0600)]
boot/android_ab.c: Make use of LBAF for printing lbaint_t
When printing the contents of an lbaint_t variable we need to use LBAF
to print it in order to get the correct format type depending on 32 or
64bit-ness. Furthermore, printed message should not be split as that
makes finding them harder, so bring this back to a single line.
Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org> Link: https://lore.kernel.org/r/20250702010603.19354-1-trini@konsulko.com Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
cmd: i2c: fix build when CFG_SYS_I2C_NOPROBES defined with DM_I2C
When DM_I2C is enabled and CFG_SYS_I2C_NOPROBES is defined, the
building is broken due to already existing 'bus' local variable.
Rename udevice 'bus' to 'cur_bus' to fix this.
drivers/net/airoha_eth: fix stalling in package receiving
ARCH_DMA_MINALIGN is 64 for ARMv7a/ARMv8a architectures, but RX/TX
descriptors are 32 bytes long. So they may not be aligned on an
ARCH_DMA_MINALIGN boundary. In case of RX path, this may cause the
following problem
1) Assume that a packet has arrived and the EVEN rx descriptor has been
updated with the incoming data. The driver will invalidate and check
the corresponding rx descriptor.
2) Now suppose the next descriptor (ODD) has not yet completed.
Please note that all even descriptors starts on 64-byte boundary,
and the odd ones are NOT aligned on 64-byte boundary.
Inspecting even descriptor, we will read the entire CPU cache line
(64 bytes). So we read and sore in CPU cache also the next (odd)
descriptor.
3) Now suppose the next packet (for the odd rx descriptor) arrived
while the first packet was being processed. So we have new data
in memory but old data in cache.
4) After packet processing (in arht_eth_free_pkt() function) we will
cleanup the descriptor and put it back to rx queue.
This will call flush_dcache_range() function for the even descriptor,
so the odd one will be flushed as well (it is in the same cache line).
So the old data will be written to the next rx descriptor.
5) We get a freeze. The next descriptor is empty (so the driver is
waiting for packets), but the hardware will continue to receive
packets on other available descriptors. This will continue until
the last available rx descriptor is full. Then the hardware will
also freeze.
The problem will be solved if the previous descriptor will be put back
to the queue instead of the current one.
If the current descriptor is even (starts on a 64-byte boundary),
then putting the previous descriptor to the rx queue will affect
the previous cache line. To be 100% ok, we must make sure that the
previous and the one before the previous descriptor cannot be used
for receiving at this moment.
If the current descriptor is odd, then the previous descriptor is on
the same cache line. Both (current and previous) descriptors are not
currently in use, so issue will not arrise.
WARNING: The following restrictions on PKTBUFSRX must be held:
* PKTBUFSRX is even,
* PKTBUFSRX >= 4.
The bug appears on 32-bit airoha platform, but should be present on
64-bit as well.
The code was tested both on 32-bit and 64-bit airoha boards.
The dma_map_single() function calls one of the functions
* invalidate_dcache_range(),
* flush_dcache_range().
Both of them expect that 'vaddr' is aligned to the ARCH_DMA_MINALIGN
boundary. Unfortunately, RX/TX descriptors are 32-byte long. Thus they
might not be aligned to the ARCH_DMA_MINALIGN boundary. Data flushing
(or invalidating) might do nothing in this case.
The same applies to dma_unmap_single() function.
In the TX path case the issue might prevent package transmission (filled
TX descriptor was not flushed).
To fix an issue a special wrappers for
* dma_map_single(),
* dma_unmap_single()
functions were created. The patch fix flushing/invalidatiog for the
RX path as well.
The bug appears on 32-bit airoha platform, but should be present on
64-bit as well.
The code was tested both on 32-bit and 64-bit airoha boards.
drivers/net/airoha_eth: add missing terminator for compatible devices list
Compatible device list must have a terminator. If terminator is missed
the u-boot driver subsystem will access random data placed after the
list in the memory.
The issue can be observed with the "dm compat" command.
Andrew Goodbody [Tue, 8 Jul 2025 11:16:42 +0000 (12:16 +0100)]
fs: exfat: Remove pointless variable uoffset
In exfat_generic_pread and exfat_generic_pwrite offset is passed in as a
off_t type which is defined as 'unsigned long long' so there is no need
to create the variable uoffset as a uint64_t as this is just a direct
copy of offset. Also remove the impossible test of 'offset < 0' as this
is always false due to offset being unsigned.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Andrew Goodbody [Tue, 8 Jul 2025 11:16:41 +0000 (12:16 +0100)]
fs: exfat: Perform NULL check before dereference
In the functions exfat_pread and exfat_pwrite there is a NULL check for
ctxt.cur_dev but this has already been derefenced twice before this
happens.
Refactor the code a bit to put the NULL check first.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
In the Fixes commit, I initialized size_inc from the return value of
the new fit_estimate_hash_sig_size() helper. That helper may fail and
report that by returning a negative value, but I overlooked that
size_inc had type size_t, and hence the error check doesn't work.
Change size_inc to have type int so the error check works. Inside the
loop, it is passed to another function as a size_t parameter, but
that's fine, because we know it is non-negative, and its value may be
incremented in steps of 1024 and is capped at ~64K, so it will
certainly never overflow an int.
Fixes: 7d4eacb0e68 ("mkimage: do a rough estimate for the size needed for hashes/signatures")
Addresses-Coverity-ID: 569495: Integer handling issues (NEGATIVE_RETURNS) Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
projects / thirdparty / u-boot.git / log
