| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Update #3358.
|
| |
|
|
| |
Update #3358.
|
| |
|
|
| |
Update #3358.
|
| |
|
|
| |
Update #3358.
|
| |
|
|
|
|
|
| |
The function rtems_rfs_buffer_sync() erroneously calls
rtems_disk_release(). This screws up the reference counting of the disk.
Close #3484.
|
| |
|
|
|
|
|
|
|
|
| |
This avoids warnings like this:
warning: ISO C does not allow extra ';' outside of a function [-Wpedantic]
RTEMS_DECLARE_GLOBAL_SYMBOL( abc );
^
Update #3459.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The partition buffer area alignment required by rtems_partition_create()
was too strict since it was checked via _Addresses_Is_aligned() which
uses CPU_ALIGNMENT. The CPU_ALIGNMENT must take long double and vector
data type alignment requirements into account. For the partition
maintenance only pointer alignment is required (Chain_Node, which
consists of two pointers). The user should ensure that its partition
buffer area is suitable for the items it wants to manage. The user
should not be burdened to provide buffers with the maximum architecture
alignment, e.g. why need a 16 byte aligned buffer if you want to manage
items with 4 byte integers only?
Update #3482.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the CPU_SIZEOF_POINTER alignment instead. The internal alignment
requirement is defined by the use of Chain_Node (consisting of two
pointers) to manage the free chain of partitions.
It seems that previously the condition
CPU_PARTITION_ALIGNMENT >= sizeof(Chain_Node)
was true on all CPU ports. Now, we need an additional check.
Update #3482.
|
| |
|
|
| |
Update #3433.
|
| |
|
|
|
|
|
|
|
|
| |
Introduce a new internal define _CONFIGURE_MAXIMUM_PROCESSORS and ensure
that it is _CONFIGURE_MAXIMUM_PROCESSORS > 1 only in SMP configurations.
This avoids to allocate data structures for non-existing additional
processors in uniprocessor configuration.
Update #3459.
|
| |
|
|
| |
Update #3433.
|
| |
|
|
|
|
| |
The CLINT and PLIC need some per-processor state.
Update #3433.
|
| |
|
|
| |
Update #3433.
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove _CPU_ISR_install_raw_handler() and _CPU_ISR_install_vector()
functions. Applications can install an exception handler via the fatal
error handler to handle synchronous exceptions.
Handle interrupt exceptions via _RISCV_Interrupt_dispatch() which must
be provided by the BSP.
Update #3433.
|
| |
|
|
|
|
|
| |
Use the CPU_Interrupt_frame for the volatile context. Add non-volatile
registers and extra state on top of it.
Update #3433.
|
| |
|
|
| |
Update #3433.
|
| |
|
|
|
|
| |
Optimize _SMP_Inter_processor_interrupt_handler() for the common case in
which the inter-processor interrupt is only used to trigger a thread
dispatch.
|
| |
|
|
|
|
|
| |
Add RTEMS_PREDICT_TRUE() and RTEMS_PREDICT_FALSE() for static branch
prediction hints.
Close #3475.
|
| |
|
|
|
| |
Pass current processor control as first parameter to make dependency
more explicit.
|
| |
|
|
|
| |
Pass current processor control via parameter since it may be already
available at the caller side.
|
| | |
|
| |
|
|
|
| |
Apparently the .word assembler directive is not the right thing on this
target.
|
| |
|
|
|
|
|
|
| |
On some architectures/simulators it is difficult to provoke an
exception with misaligned or illegal data loads. Use an illegal
instruction instead.
Update #3433.
|
| |
|
|
|
| |
This helps to reduce the use of architecture-specific defines throughout
the code base.
|
| |
|
|
|
|
|
| |
The context validation support functions _CPU_Context_validate() and
_CPU_Context_volatile_clobber() are used only by one test program
(spcontext01). Move the function declarations to the CPU port
implementation header file.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Add internal fdt_cells() to avoid copy and paste. Test error cases and
default values. Fix typo in fdt_size_cells() documentation comment.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| | |
|
| |
|
|
|
|
|
| |
This makes it easer to find files describing an upstream version, e.g.
via "find -name VERSION".
Update #3465.
|
| |
|
|
| |
Close #3471.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present fdt_create() will succeed if there is exactly enough space to
put in the fdt header. However, it sets the off_mem_rsvmap field, a few
bytes past that in order to align the memory reservation block.
Having block pointers pointing past the end of the fdt is pretty ugly, even
if it is just a transient state. Worse, if fdt_resize() is called at
exactly the wrong time, it can end up accessing data past the blob's
allocated space because of this.
So, correct fdt_create() to ensure that there is sufficient space for the
alignment padding as well as the plain header. For paranoia, also add a
check in fdt_resize() to make sure we don't copy data from outside the
blob's bounds.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
At present this function appears to copy only the data before the struct
region and the data in the string region. It does not seem to copy the
struct region itself.
From the arguments of this function it seems that it should support fdt
and buf being different. This patch attempts to fix this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds some helpers to load (32 or 64 bit) words from an fdt blob, even
if they're unaligned and we're on a platform that doesn't like plain
unaligned loads and stores. We then use the helpers in a number of places.
There are two purposes for this:
1) This makes libfdt more robust against a blob loaded at an unaligned
address. It's usually good practice to load a blob at a 64-bit
alignment, but it's nice to work even then.
2) Users can use these helpers to load integer values from within property
values. These can often be unaligned, even if the blob as a whole is
aligned, since some property encodings have integers and strings mixed
together without any alignment gaps.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
| |
Allow updating and creating properties, including special methods for
integers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This new function implements a complete and thorough check of an fdt blob's
structure. Given a buffer containing an fdt, it should return 0 only if
the fdt within is structurally sound in all regards. It doesn't check
anything about the blob's contents (i.e. the actual values of the nodes and
properties), of course.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We have a couple of places within libfdt and its tests where we need to
find the size of the header, based on the version. Add a helper function
for it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fdt_num_mem_rsv() and fdt_get_mem_rsv() currently don't sanity check their
parameters, or the memory reserve section offset in the header. That means
that on a corrupted blob they could access outside of the range of memory
that they should.
This improves their safety checking, meaning they shouldn't access outside
the blob's bounds, even if its contents are badly corrupted.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
fdt_getprop_by_offset() doesn't check for errors from fdt_string() - after
all, until very recently it couldn't fail. Now it can, so we need to
propagate errors up to the caller.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fdt_string() is used to retrieve strings from a DT blob's strings section.
It's rarely used directly, but is widely used internally.
However, it doesn't do any bounds checking, which means in the case of a
corrupted blob it could access bad memory, which libfdt is supposed to
avoid.
This write a safe alternative to fdt_string, fdt_get_string(). It checks
both that the given offset is within the string section and that the string
it points to is properly \0 terminated within the section. It also returns
the string's length as a convenience (since it needs to determine to do the
checks anyway).
fdt_string() is rewritten in terms of fdt_get_string() for compatibility.
Most of the diff here is actually testing infrastructure.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently fdt_check_header() performs only some rudimentary checks, which
is not really what the name suggests. This strengthens fdt_check_header()
to check as much about the blob as is possible from the header alone: as
well as checking the magic number and version, it checks that the total
size is sane, and that all the sub-blocks within the blob lie within the
total size.
* This broadens the meaning of FDT_ERR_TRUNCATED to cover all sorts of
improperly terminated blocks as well as just a structure block without
FDT_END.
* This makes fdt_check_header() only succeed on "complete" blobs, not
in-progress sequential write blobs. The only reason this didn't fail
before was that this function used to be called by many RO functions
which are supposed to also work on incomplete SW blobs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a tree with the sequential write functions, certain things
have to be done in a certain order. You must create the memory reserve map
and only then can you create the actual tree structure.
The -FDT_ERR_BADSTATE return code is for if you try to do things out of
order. However, we weren't checking that very thoroughly, so it was
possible to generate a corrupted blob if, for example, you started calling
fdt_begin_node() etc. before calling fdt_finish_reservemap().
This makes the state checking more thorough disallow that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many of the libfdt entry points call some sort of sanity check function
before doing anything else. These need to do slightly different things for
the various classes of functions.
The read-only version is shared with the exported fdt_check_header(), which
limits us a bit in how we can improve it. For that reason split the two
functions apart (though the exported one just calls the ro one for now).
We also rename the functions for more consistency - they're all named
fdt_XX_probe_() where the XX indicates which class of functions they're
for. "probe" is a better "term" than the previous check, since they really
only do minimal validation.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
| |
|
|
|
|
|
|
|
|
| |
This can be useful in particular in the kernel when booting on systems
with FDT-emitting firmware that is out of date. Releases of kexec-tools
on ppc64 prior to the end of 2014 are notable examples of such.
Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org>
[dwg: Some whitespace cleanups]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
| |
Prior the Mac OS 10.7, the function strnlen() was not available. This patch
implements strnlen() on Mac OS X versions that are below 10.7.
Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a lot of places libfdt uses a leading _ character to mark an identifier
as "internal" (not part of the published libfdt API). This is a bad idea,
because identifiers with a leading _ are generally reserved by the C
library or system. It's particularly dangerous for libfdt, because it's
designed to be able to be integrated into lots of different environments.
In some cases the leading _ has no purpose, so we simply drop it. In most
cases we move it to the end, as our new convention for marking internal
identifiers.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
| |
A comment in tests/stringlist.c refers to fdt_get_string(), which is not a
function that exists. From the content, it's supposed to be referring to
fdt_getprop_string().
A comment in libfdt.h has an extraneous space in a function name.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In some cases you need to add a property but the contents of it
are not known at creation time, merely the extend of it.
This method allows you to create a property of a given size (filled
with garbage) while a pointer to the property data will be provided.
Signed-off-by: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
[dwg: Corrected commit message]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
| |
These were noticed when synching with U-Boot's downstream tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The existing function to add a new property to a tree being built requires
that the entire contents of the new property be passed in. For some
applications it is more convenient to be able to add the property contents
later, perhaps by reading from a file. This avoids double-buffering of the
contents.
Add a new function to support this and adjust the existing fdt_property() to
use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
