Edward O'Callaghan (eocallaghan(a)alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6472
-gerrit
commit 062a2776dd441b33cd3c01413439d071ad911fad
Author: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
Date: Sun Aug 3 17:53:27 2014 +1000
northbridge/intel/sandybridge: Uninitialized variable
Initialise length before return and give a new line before the if
condition as to make clear that it is not part of the for-loop
construct.
Change-Id: Ia5cee1fd204220adbcfedd9ac3306b8282eb8f90
Found-by: Coverity Scan
Signed-off-by: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
---
src/northbridge/intel/sandybridge/raminit_native.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/northbridge/intel/sandybridge/raminit_native.c b/src/northbridge/intel/sandybridge/raminit_native.c
index 9b49f11..177fb41 100644
--- a/src/northbridge/intel/sandybridge/raminit_native.c
+++ b/src/northbridge/intel/sandybridge/raminit_native.c
@@ -1657,10 +1657,12 @@ static struct run get_longest_zero_run(int *seq, int sz)
}
ls = i + 1;
}
+
if (bl == 0) {
ret.middle = sz / 2;
ret.start = 0;
ret.end = sz;
+ ret.length = bl;
ret.all = 1;
return ret;
}
Edward O'Callaghan (eocallaghan(a)alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6478
-gerrit
commit a7f039bd8f944bd1362c537c03b06dc1629fdaf6
Author: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
Date: Sun Aug 3 20:00:47 2014 +1000
cpu/intel: Propagate out-of-bounds array partial fix from Haswell
If power_limit_1_time > 129 is false then power_limit_1_time can have a
value of up to 129 leading to an out-of-bounds illegal read indexing the
power_limit_time_sec_to_msr[] array. Thankfully all call sites have been
doing the right thing up until now so the issue has not been visible.
Change-Id: Ic029d1af7fe43ca7da271043c2b08fe3088714af
Found-by: Coverity Scan
Signed-off-by: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
---
src/cpu/intel/fsp_model_206ax/model_206ax_init.c | 4 ++--
src/cpu/intel/haswell/haswell_init.c | 2 +-
src/cpu/intel/model_206ax/model_206ax_init.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/cpu/intel/fsp_model_206ax/model_206ax_init.c b/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
index c2f9f19..8e67143 100644
--- a/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
@@ -156,8 +156,8 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
- return;
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+ power_limit_1_time = 28;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
return;
diff --git a/src/cpu/intel/haswell/haswell_init.c b/src/cpu/intel/haswell/haswell_init.c
index 043ba3a..5b01258 100644
--- a/src/cpu/intel/haswell/haswell_init.c
+++ b/src/cpu/intel/haswell/haswell_init.c
@@ -463,7 +463,7 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
power_limit_1_time = 28;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
diff --git a/src/cpu/intel/model_206ax/model_206ax_init.c b/src/cpu/intel/model_206ax/model_206ax_init.c
index 4e56414..eb5ab64 100644
--- a/src/cpu/intel/model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/model_206ax/model_206ax_init.c
@@ -247,8 +247,8 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
- return;
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+ power_limit_1_time = 28;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
return;
Edward O'Callaghan (eocallaghan(a)alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6478
-gerrit
commit 7152c4fd6d1f8c4e655825a914cfcf633f8965de
Author: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
Date: Sun Aug 3 20:00:47 2014 +1000
cpu/intel: Propagate out-of-bounds array partial fix from Haswell
If power_limit_1_time > 129 is false then power_limit_1_time can have a
value of up to 129 leading to an out-of-bounds illegal read indexing the
power_limit_time_sec_to_msr[] array. Thankfully all call sites have been
doing the right thing up until now so the issue has not been visible.
Change-Id: Ic029d1af7fe43ca7da271043c2b08fe3088714af
Signed-off-by: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
---
src/cpu/intel/fsp_model_206ax/model_206ax_init.c | 4 ++--
src/cpu/intel/haswell/haswell_init.c | 2 +-
src/cpu/intel/model_206ax/model_206ax_init.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/cpu/intel/fsp_model_206ax/model_206ax_init.c b/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
index c2f9f19..8e67143 100644
--- a/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
@@ -156,8 +156,8 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
- return;
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+ power_limit_1_time = 28;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
return;
diff --git a/src/cpu/intel/haswell/haswell_init.c b/src/cpu/intel/haswell/haswell_init.c
index 043ba3a..5b01258 100644
--- a/src/cpu/intel/haswell/haswell_init.c
+++ b/src/cpu/intel/haswell/haswell_init.c
@@ -463,7 +463,7 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
power_limit_1_time = 28;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
diff --git a/src/cpu/intel/model_206ax/model_206ax_init.c b/src/cpu/intel/model_206ax/model_206ax_init.c
index 4e56414..eb5ab64 100644
--- a/src/cpu/intel/model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/model_206ax/model_206ax_init.c
@@ -247,8 +247,8 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
- return;
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+ power_limit_1_time = 28;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
return;
Patrick Georgi (patrick(a)georgi-clan.de) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6477
-gerrit
commit db8b7c9670d38e25d255b09d16a7e8367df559c8
Author: Patrick Georgi <patrick(a)georgi-clan.de>
Date: Sun Aug 3 12:18:45 2014 +0200
ifdtool: Check if file was opened
Check if the new file could in fact be opened before
writing to it.
Change-Id: I6b2d31bf5c18f657fca4dc14fee2f2d5a2e33080
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick(a)georgi-clan.de>
---
util/ifdtool/ifdtool.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index deef1b1..c478550 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -540,6 +540,10 @@ static void write_regions(char *image, int size)
region_fd = open(region_filename(i),
O_WRONLY | O_CREAT | O_TRUNC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ if (region_fd < 0) {
+ perror("Error while trying to open file");
+ exit(EXIT_FAILURE);
+ }
if (write(region_fd, image + region.base, region.size) != region.size)
perror("Error while writing");
close(region_fd);
@@ -562,6 +566,10 @@ static void write_image(char *filename, char *image, int size)
new_fd = open(new_filename,
O_WRONLY | O_CREAT | O_TRUNC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ if (new_fd < 0) {
+ perror("Error while trying to open file");
+ exit(EXIT_FAILURE);
+ }
if (write(new_fd, image, size) != size)
perror("Error while writing");
close(new_fd);
Patrick Georgi (patrick(a)georgi-clan.de) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6477
-gerrit
commit 591b6b2dfa1c92984ae680c275e396036cf7e54a
Author: Patrick Georgi <patrick(a)georgi-clan.de>
Date: Sun Aug 3 12:18:45 2014 +0200
ifdtool: Check if file was opened
Check if the new file could in fact be opened before
writing to it.
Change-Id: I6b2d31bf5c18f657fca4dc14fee2f2d5a2e33080
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick(a)georgi-clan.de>
---
util/ifdtool/ifdtool.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index deef1b1..b68782d 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -562,6 +562,10 @@ static void write_image(char *filename, char *image, int size)
new_fd = open(new_filename,
O_WRONLY | O_CREAT | O_TRUNC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ if (new_fd < 0) {
+ perror("Error while trying to open file");
+ exit(EXIT_FAILURE);
+ }
if (write(new_fd, image, size) != size)
perror("Error while writing");
close(new_fd);
Patrick Georgi (patrick(a)georgi-clan.de) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6476
-gerrit
commit 48888220e16d3bd8f96d12e8e27df1ec1dad787d
Author: Patrick Georgi <patrick(a)georgi-clan.de>
Date: Sun Aug 3 12:14:25 2014 +0200
ifdtool: Avoid potential buffer overflow
Filenames of 4091 bytes or more lead to a buffer overflow.
Change-Id: I1b4b3932af096f0fcbfb783ab708ed273d3a844e
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick(a)georgi-clan.de>
---
util/ifdtool/ifdtool.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index 0425b1c..deef1b1 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -552,7 +552,8 @@ static void write_image(char *filename, char *image, int size)
char new_filename[FILENAME_MAX]; // allow long file names
int new_fd;
- strncpy(new_filename, filename, FILENAME_MAX);
+ // - 5: leave room for ".new\0"
+ strncpy(new_filename, filename, FILENAME_MAX - 5);
strncat(new_filename, ".new", FILENAME_MAX - strlen(filename));
printf("Writing new image to %s\n", new_filename);
Patrick Georgi (patrick(a)georgi-clan.de) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6475
-gerrit
commit 61703dfe008d8f353a1a9b9a93a347fd2bbc53d3
Author: Patrick Georgi <patrick(a)georgi-clan.de>
Date: Sun Aug 3 12:10:53 2014 +0200
nvramtool: Close file after use
mmap builds a new reference to the file, so the file
descriptor isn't necessary anymore. Close it.
Change-Id: I639fd13ff8f13cbdfce1d199d75744e56f2b19b3
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick(a)georgi-clan.de>
---
util/nvramtool/cbfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/nvramtool/cbfs.c b/util/nvramtool/cbfs.c
index febe0be..abd40ee 100644
--- a/util/nvramtool/cbfs.c
+++ b/util/nvramtool/cbfs.c
@@ -144,6 +144,7 @@ void open_cbfs(const char *filename)
}
cbfs_mapped = mmap(NULL, cbfs_stat.st_size, PROT_READ | PROT_WRITE,
MAP_SHARED, cbfs_fd, 0);
+ close(cbfs_fd);
if (cbfs_mapped == MAP_FAILED) {
printf("Couldn't map '%s'\n", filename);
exit(-1);
Edward O'Callaghan (eocallaghan(a)alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6474
-gerrit
commit c11ec9341795615ce3e4604085cb5c46fc1d2ead
Author: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
Date: Sun Aug 3 19:42:02 2014 +1000
southbridge/amd/cimx/sb800: Uninitialized variables in config function
Both 'SbSpiSpeedSupport' and 'UsbRxMode' are uninitiated upon return from
a 'sb800_cimx_config()' call.
Change-Id: I32237ff97fafc3e69627d427e54268dcb039e12c
Signed-off-by: Edward O'Callaghan <eocallaghan(a)alterapraxis.com>
---
src/southbridge/amd/cimx/sb800/cfg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/southbridge/amd/cimx/sb800/cfg.c b/src/southbridge/amd/cimx/sb800/cfg.c
index 78aab79..91b6067 100644
--- a/src/southbridge/amd/cimx/sb800/cfg.c
+++ b/src/southbridge/amd/cimx/sb800/cfg.c
@@ -122,10 +122,13 @@ void sb800_cimx_config(AMDSBCFG *sb_config)
sb_config->SpreadSpectrum = SPREAD_SPECTRUM;
sb_config->PciClks = PCI_CLOCK_CTRL;
sb_config->HpetTimer = HPET_TIMER;
+ sb_config->SbSpiSpeedSupport = 1;
/* USB */
sb_config->USBMODE.UsbModeReg = USB_CONFIG;
sb_config->SbUsbPll = 0;
+ /* CG PLL multiplier for USB Rx 1.1 mode (0=disable, 1=enable) */
+ sb_config->UsbRxMode = 1;
/* SATA */
sb_config->SataClass = SATA_MODE;