| Age | Commit message (Collapse) | Author |
|---|
|
The existing API for these functions is different from the rest of
U-Boot, in that any error code must be obtained from the errno variable
on failure. This variable is part of the C library, so accessing it
outside of the special 'sandbox' shim-functions is not ideal.
Adjust the API to return an error code, to avoid this. Update existing
uses to check for any negative value, rather than just -1.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Fix a missing dot in a comment, since '..' is confusing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
|
|
The argument array is not changed by the callee, so mark it const.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
|
|
Drop all duplicate newlines. No functional change.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
|
|
When writing an executable, allowing other users to modify it introduces
a security issue.
Generally we should avoid giving other users write access to our files by
default.
Replace chmod(777) by chmod(755) and chmod(644).
Fixes: 47f5fcfb4169 ("sandbox: Add os_jump_to_image() to run another executable")
Fixes: d9165153caea ("sandbox: add flags for open() call")
Fixes: 5c2859cdc302 ("sandbox: Allow reading/writing of RAM buffer")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
|
|
If open() fails it returns -1. Calling close() with this value
makes no sense. Return -EIO instead.
Addresses-Coverity-ID: 185828 Improper use of negative value
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Fixes: 566bf3a8698 ("sandbox: Add a function to read a host file")
Reviewed-by: Sean Anderson <seanga2@gmail.com>
|
|
Prepare v2024.01-rc3
|
|
When working with sparse data buffers that may be larger than the address
space, it is convenient to work with files instead. Add a function to create
temporary files of a certain size.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
|
|
After opening pathname, we must close ifd once we are done with it.
Fixes: b9274095c2c ("sandbox: Add a way to map a file into memory")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Some pytests create files in the persistent-data directory. It is useful
to be able to access these files in C tests. Add a function which can
locate a file given its leaf name, using the environment variable set
up in test/py/conftest.py
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Given a file ../img of size 4294967296 with GPT partition table and
partitions:
=> host bind 0 ../img
=> part list host 0
Disk host-0.blk not ready
The cause is os_filesize() returning int. File sizes must use off_t.
Correct all uses of os_filesize() too.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
In order to test that U-Boot actually maintains the watchdog device(s)
during long-running busy-loops, such as those where we wait for the
user to stop autoboot, we need a watchdog device that actually does
something during those loops; we cannot test that behaviour via the DM
test framework.
So introduce a relatively simple watchdog device which is simply based
on calling the host OS' alarm() function; that has the nice property
that a new call to alarm() simply sets a new deadline, and alarm(0)
cancels any existing alarm. These properties are precisely what we
need to implement start/reset/stop. We install our own handler so that
we get a known message printed if and when the watchdog fires, and by
just invoking that handler directly, we get expire_now for free.
The actual calls to the various OS functions (alarm, signal, raise)
need to be done in os.c, and since the driver code cannot get access
to the values of SIGALRM or SIG_DFL (that would require including a
host header, and that's only os.c which can do that), we cannot simply
do trivial wrappers for signal() and raise(), but instead create
specialized functions just for use by this driver.
Apart from enabling this driver for sandbox{,64}_defconfig, also
enable the wdt command which was useful for hand-testing this new
driver (especially with running u-boot under strace).
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
|
|
The following faulty behavior was observed. The sandbox configured with
CONFIG_SANDBOX_CRASH_RESET=y was invoked with
./u-boot -T -S
After executing `exception undefined' the sandbox reboots.
When executing `exception undefined' the sandbox exits with SIGSEGV.
The expected behavior is that the sandbox should reboot again.
If we are relaunching the sandbox in a signal handler, we have to unblock
the respective signal before calling execv(). See signal(7) man-page.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
It flushes stdout.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Before setting up the devices U-Boot's printf() function cannot be used
for console output. Provide function os_printf() to print to stderr.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
Add an implementation of LLVMFuzzerTestOneInput() that starts the
sandbox on a secondary thread and exposes a function to synchronize the
generation of fuzzing inputs with their consumption by the sandbox.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Move the program's entry point to os.c, in preparation for a separate
fuzzing entry point to be added.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
At present fputc() is used before the console is available, then write()
is used. These are not compatible. Since fputc() buffers internally it is
better to use the write(), so that a partial line is immediately
displayed.
This has a slight effect on performance, but we are already using write()
for the vast majority of the output with no obvious impacts.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Sphinx expects Return: and not @return to indicate a return value.
find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;
find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
U-Boot define loff_t as long long. But the header
/usr/include/linux/types.h may not define it.
This has lead to a build error on Alpine Linux.
So let's use long long instead of loff_t for
the size parameter of function os_get_filesize().
Reported-by: Milan P. Stanić <mps@arvanta.net>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Milan P. Stanić <mps@arvanta.net>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
When compiled with -Og for better debugability u-boot ends up in a stack
overflow using
gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0
GNU Binutils for Ubuntu 2.37
putchar(ch) is defined as a macro which ends up calling U-Boot's putc()
implementation instead of the glibc one, which calls os_putc() ...
Let's use fputc(ch, stdout) instead as fputc() does not exist in U-Boot.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add the opposite of mapping, so that we can unmap and avoid running out of
address space.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
It is useful to map a file into memory so that it can be accessed using
simple pointers. Add a function to support this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add a function to return the size of a file. This is useful in situations
where we need to allocate memory for it before reading it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
|
|
This option has no argument so we should not trip to skip one.
Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The sandbox can handle signals. Due to a damaged global data pointer
additional exceptions in the signal handler may occur leading to an endless
loop. In this case leave the handling of the secondary exception to the
operating system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The SPL header has a function for obtaining the phase in capital letters,
e.g. 'SPL'. Add one for lower-case also, as used by sandbox.
Use this to generalise the sandbox logic for determining the filename of
the next sandbox executable. This can provide support for VPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
In style of linked lists, instead of declaring symbols for boundaries
of getopt options array in the linker script, declare corresponding
sections and retrieve the boundaries via static inline functions.
Without this clang's LTO produces binary without any getopt options,
because for some reason it thinks that array is empty (start and end
symbols are at the same address).
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
At present sandbox removes its executable after failing to run it,
since there is no other way that it would get cleaned up.
However, this is actually only wanted if the image was created within
sandbox. For the case where the image was generated by the build system,
such as u-boot-spl, we don't want to delete it.
Handle the two code paths accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This is not needed in normal operation. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
At present this function can only locate the u-boot ELF file. For SPL it
is handy to be able to locate u-boot.img since this is what would normally
be loaded by SPL.
Add another argument to allow this to be selected.
While we are here, update the function to load SPL when running in TPL,
since that is the next stage.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This state is not accessible to the running U-Boot but at present it is
allocated in the emulated SDRAM. This doesn't seem very useful. Adjust
it to allocate from the OS instead.
The RAM buffer is currently not freed, but should be, so add that into
state_uninit(). Update the comment for os_free() to indicate that NULL is
a valid parameter value.
Note that the strdup() in spl_board_load_image() is changed as well, since
strdup() allocates memory in the RAM buffer.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
We provide os_malloc() and os_free() but not os_realloc(). Add this,
following the usual semantics. Also update os_malloc() to behave correctly
when passed a zero size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The UEFI Self Certification Test (SCT) checks the SetTime() service with
the following steps:
* set date
* reset
* check date matches
To be compliant the sandbox should keep the offset to the host RTC during
resets. The implementation uses the environment variable
UBOOT_SB_TIME_OFFSET to persist the offset.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Update management of "--rm_memory" sandbox's option and force
this option when U-Boot is loaded by SPL in os_spl_to_uboot()
and remove the ram file after reading in main() as described
in option help message: "Remove memory file after reading".
This patch avoids that the file "/tmp/u-boot.mem.XXXXXX" [created in
os_jump_to_file() when U-Boot is loaded by SPL] is never deleted
because state_uninit() is not called after U-Boot execution
(CtrlC or with running pytest for example).
This issue is reproduced by
> build-sandbox_spl/spl/u-boot-spl
and CtrlC in U-Bot console
> make qcheck
One temp file is created after each SPL and U-Boot execution
(7 tims in qcheck after test_handoff.py, test_ofplatdata.py,
test_spl.py execution).
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add a handler for SIGILL, SIGBUS, SIGSEGV.
When an exception occurs print the program counter and the loaded
UEFI binaries and reset the system if CONFIG_SANDBOX_CRASH_RESET=y
or exit to the OS otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Up to now the sandbox would shutdown upon a cold reset request. Instead it
should be reset.
In our coding we use static variables like LIST_HEAD(efi_obj_list). A reset
can occur at any time, e.g. via an UEFI binary calling the reset service.
The only safe way to return to an initial state is to relaunch the U-Boot
binary.
The reset implementation uses execv() to relaunch U-Boot.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
During a cold reset execv() is used to relaunch the U-Boot binary.
We must ensure that all files are closed in this case.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
When the sandbox eth-raw device host_lo is removed this leads to closing
the console input.
Do not call close(0).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Hitting Ctrl-C is a documented way to exit the sandbox, but it is not
actually equivalent to the reset command. The latter, since it follows
normal process exit, takes care to reset terminal settings and
restoring the O_NONBLOCK behaviour of stdin (and, in a terminal, that
is usually the same file description as stdout and stderr, i.e. some
/dev/pts/NN).
Failure to restore (remove) O_NONBLOCK from stdout/stderr can cause
very surprising and hard to debug problems back in the terminal. For
example, I had "make -j8" consistently failing without much
information about just exactly what went wrong, but sometimes I did
get a "echo: write error". I was at first afraid my disk was getting
bad, but then a simple "dmesg" _also_ failed with write error - so it
was writing to the terminal that was buggered. And both "make -j8" and
dmesg in another terminal window worked just fine.
So install a SIGINT handler so that if the chosen terminal
mode (cooked or raw-with-sigs) means Ctrl-C sends a SIGINT, we will
still call os_fd_restore(), then reraise the signal and die as usual
from SIGINT.
Before:
$ grep flags /proc/$$/fdinfo/1
flags: 0102002
$ ./u-boot
# hit Ctrl-C
$ grep flags /proc/$$/fdinfo/1
flags: 0106002
After:
$ grep flags /proc/$$/fdinfo/1
flags: 0102002
$ ./u-boot
# hit Ctrl-C
$ grep flags /proc/$$/fdinfo/1
flags: 0102002
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The last member of this array is supposed to be all zeroes according to
the getopt_long() man page. Fix the function to do this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Due to recent changes this function is no-longer used. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some sandbox files are not built with U-Boot headers, so with the renamed
malloc functions there is now no need to use the special os_... allocation
functions to access the system routines. Instead we can just call them
directly.
Update the affected files accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Compiling arch/sandbox/cpu/os.c results in an error
../arch/sandbox/cpu/os.c: In function ‘os_find_text_base’:
../arch/sandbox/cpu/os.c:823:12: error: cast to pointer from
integer of different size [-Werror=int-to-pointer-cast]
823 | base = (void *)addr;
| ^
cc1: all warnings being treated as errors
The size of void* differs from that of unsigned long long on 32bit
systems.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Allocation routines were adjusted to ensure that the returned addresses
are a multiple of the page size, but the header code was not updated to
take account of this. These routines assume that the header size is the
same as the page size which is unlikely.
At present os_realloc() does not work correctly due to this bug. The only
user is the hostfs 'ls' command, and only if the directory contains a
unusually long filename, which likely explains why this bug was not
caught earlier.
Fix this by doing the calculations using the obtained page size.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present if one of the initcalls fails on sandbox the address printing
is not help, e.g.:
initcall sequence 0000557678967c80 failed at call 00005576709dfe1f (err=-96)
This is because U-Boot gets relocated high into memory and the relocation
offset (gd->reloc_off) does not work correctly for sandbox.
Add support for finding the base address of the text region (at least on
Linux) and use that to set the relocation offset. This makes the output
better:
initcall sequence 0000560775957c80 failed at call 0000000000048134 (err=-96)
Then you use can use grep to see which init call failed, e.g.:
$ grep 0000000000048134 u-boot.map
stdio_add_devices
Of course another option is to run it with a debugger such as gdb:
$ gdb u-boot
...
(gdb) br initcall.h:41
Breakpoint 1 at 0x4db9d: initcall.h:41. (2 locations)
Note that two locations are reported, since this function is used in both
board_init_f() and board_init_r().
(gdb) r
Starting program: /tmp/b/sandbox/u-boot
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
U-Boot 2018.09-00264-ge0c2ba9814-dirty (Sep 22 2018 - 12:21:46 -0600)
DRAM: 128 MiB
MMC:
Breakpoint 1, initcall_run_list (init_sequence=0x5555559619e0 <init_sequence_f>)
at /scratch/sglass/cosarm/src/third_party/u-boot/files/include/initcall.h:41
41 printf("initcall sequence %p failed at call %p (err=%d)\n",
(gdb) print *init_fnc_ptr
$1 = (const init_fnc_t) 0x55555559c114 <stdio_add_devices>
(gdb)
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This currently prints out the wrong filename. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The use of strcpy() to remove characters at the start of a string is safe
in U-Boot, since we know the implementation. But in os.c we are using the
C library's strcpy() function, where this behaviour is not permitted.
Update the code to use memmove() instead.
Reported-by: Coverity (CID: 173279)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
|
|
Most architectures use jump_to_image_no_args() to jump from SPL to U-Boot.
At present sandbox is special in that it jumps in its
spl_board_load_image() call. This is not strictly correct, and means that
sandbox misses out some parts of board_init_r(), just as calling
bloblist_finish(), for example.
Change spl_board_load_image() to just identify the filename to boot, and
implement jump_to_image_no_args() to actually jump to it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The current method of starting U-Boot from U-Boot adds arguments to pass
the memory file through, so that memory is preserved. This is fine for a
single call, but if we call from TPL -> SPL -> U-Boot the arguments build
up and we have several memory files in the argument list.
Adjust the implementation to filter out arguments that we want to replace
with new ones. Also print a useful error if the exec() call fails.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
