Attention is currently required from: Felix Singer, Nico Huber, Paul Menzel, Angel Pons.
Hello Felix Singer, build bot (Jenkins), Nico Huber, Paul Menzel, Angel Pons,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/74128
to look at the new patch set (#7).
Change subject: arch/x86/smbios: Avoid buffer overflows
......................................................................
arch/x86/smbios: Avoid buffer overflows
The format specifiers for numbers in snprintf() calls are updated to be
more specific to the data types used, making things more obvious for
static analysers.
This was found by coverity scan and raised in ticket #431:
https://scan6.scan.coverity.com/reports.htm#v55284/p10744
CID: 1487449
CID: 1487312
CID: 1487457
Found by: Coverity Scan
Signed-off-by: Utkarsh Verma <utkarsh(a)bitbanged.com>
Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
---
M src/arch/x86/smbios.c
M src/arch/x86/smbios_defaults.c
2 files changed, 31 insertions(+), 10 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/28/74128/7
--
To view, visit https://review.coreboot.org/c/coreboot/+/74128
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
Gerrit-Change-Number: 74128
Gerrit-PatchSet: 7
Gerrit-Owner: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-MessageType: newpatchset
Attention is currently required from: Felix Singer, Nico Huber, Paul Menzel, Angel Pons.
Hello Felix Singer, build bot (Jenkins), Nico Huber, Paul Menzel, Angel Pons,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/74128
to look at the new patch set (#6).
Change subject: arch/x86/smbios: Avoid buffer overflows
......................................................................
arch/x86/smbios: Avoid buffer overflows
The format specifiers for numbers in snprintf() calls are updated to be
more specific to the data types used, making things more obvious for static
analysers.
This was found by coverity scan and raised in ticket #431:
https://scan6.scan.coverity.com/reports.htm#v55284/p10744
CID: 1487449
CID: 1487312
CID: 1487457
Found by: Coverity Scan
Signed-off-by: Utkarsh Verma <utkarsh(a)bitbanged.com>
Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
---
M src/arch/x86/smbios.c
M src/arch/x86/smbios_defaults.c
2 files changed, 31 insertions(+), 10 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/28/74128/6
--
To view, visit https://review.coreboot.org/c/coreboot/+/74128
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
Gerrit-Change-Number: 74128
Gerrit-PatchSet: 6
Gerrit-Owner: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-MessageType: newpatchset
Attention is currently required from: Felix Singer, Nico Huber, Paul Menzel, Angel Pons.
Utkarsh Verma has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74128 )
Change subject: arch/x86/smbios: Avoid buffer overflows
......................................................................
Patch Set 4:
(2 comments)
File src/arch/x86/smbios.c:
https://review.coreboot.org/c/coreboot/+/74128/comment/99918c27_76959046
PS4, Line 148: char string_buffer[15];
> Thanks for pointing out the buffer size, will fix it in the next patch. […]
Wait, I just checked it again. Shouldn't 15 buffer size be enough?
Format string -> 11 chars with '\0'
Hex number -> 4 chars
https://review.coreboot.org/c/coreboot/+/74128/comment/ee9573af_843ba650
PS4, Line 552: static unsigned short cnt = 0;
> Oh, this is a nice practical concept I didn't know. Thanks for the reference link. […]
Shouldn't have marked it as resolved, so just leaving this here. Please let me know if what I've suggested is okay or not.
--
To view, visit https://review.coreboot.org/c/coreboot/+/74128
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
Gerrit-Change-Number: 74128
Gerrit-PatchSet: 4
Gerrit-Owner: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Comment-Date: Wed, 05 Apr 2023 23:48:00 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Nico Huber <nico.h(a)gmx.de>
Comment-In-Reply-To: Angel Pons <th3fanbus(a)gmail.com>
Comment-In-Reply-To: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-MessageType: comment
Attention is currently required from: Felix Singer, Nico Huber, Paul Menzel, Angel Pons.
Hello Felix Singer, build bot (Jenkins), Nico Huber, Paul Menzel, Angel Pons,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/74128
to look at the new patch set (#5).
Change subject: arch/x86/smbios: Avoid buffer overflows
......................................................................
arch/x86/smbios: Avoid buffer overflows
The format specifiers for numbers in snprintf() calls are updated to be
more specific to the data types used, making things more obvious for static
analysers.
This was found by coverity scan and raised in ticket #431:
https://scan6.scan.coverity.com/reports.htm#v55284/p10744
CID: 1487449
CID: 1487312
CID: 1487457
Found by: Coverity Scan
Signed-off-by: Utkarsh Verma <utkarsh(a)bitbanged.com>
Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
---
M src/arch/x86/smbios.c
M src/arch/x86/smbios_defaults.c
2 files changed, 32 insertions(+), 10 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/28/74128/5
--
To view, visit https://review.coreboot.org/c/coreboot/+/74128
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
Gerrit-Change-Number: 74128
Gerrit-PatchSet: 5
Gerrit-Owner: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-MessageType: newpatchset
Attention is currently required from: Felix Singer, Nico Huber, Paul Menzel, Angel Pons.
Utkarsh Verma has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74128 )
Change subject: arch/x86/smbios: Avoid buffer overflows
......................................................................
Patch Set 4:
(3 comments)
File src/arch/x86/smbios.c:
https://review.coreboot.org/c/coreboot/+/74128/comment/2dab843c_a5f0faf0
PS4, Line 148: char string_buffer[15];
> In the case below (i.e. 8 byte buffer storing %d) it might make a difference […]
Thanks for pointing out the buffer size, will fix it in the next patch.
I would be interested in working towards improving the current handling of `t->eos` and I've already explored the smbios codebase a bit. Will try working on a different patch and wait for feedback.
https://review.coreboot.org/c/coreboot/+/74128/comment/cc341069_abb129e8
PS4, Line 552: static unsigned short cnt = 0;
> Changing the variable type makes no difference because of the "integer […]
Oh, this is a nice practical concept I didn't know. Thanks for the reference link.
Regarding changing the data type, I did it to hint that it will be printed with "%hx" below as a 4-digit hex number. So it is already understood by developers that it is not expected to be more than 255. So, even if the compiler promotes it, we'll simply ensure at other places that its value doesn't exceed 255.
https://review.coreboot.org/c/coreboot/+/74128/comment/72b4832d_cdf79e69
PS4, Line 565: hh
> IIRC, we have or are close to having support for platforms with >256 cores. […]
Got it. I will add this in the next set of changes.
--
To view, visit https://review.coreboot.org/c/coreboot/+/74128
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ibbf93fd113791b6faa1e5128da8e692f7f00ac73
Gerrit-Change-Number: 74128
Gerrit-PatchSet: 4
Gerrit-Owner: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Comment-Date: Wed, 05 Apr 2023 23:33:59 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Nico Huber <nico.h(a)gmx.de>
Comment-In-Reply-To: Angel Pons <th3fanbus(a)gmail.com>
Comment-In-Reply-To: Utkarsh Verma <utkarsh(a)bitbanged.com>
Gerrit-MessageType: comment
Attention is currently required from: Subrata Banik, Karthik Ramasubramanian.
Hello Subrata Banik, Karthik Ramasubramanian,
I'd like you to do a code review.
Please visit
https://review.coreboot.org/c/coreboot/+/74243
to review the following change.
Change subject: arch/x86: Disable walkcbfs_asm code when CONFIG_CBFS_VERIFICATION is set
......................................................................
arch/x86: Disable walkcbfs_asm code when CONFIG_CBFS_VERIFICATION is set
walkcbfs_asm is a simple CBFS implementation in assembly to find a file
on a system with memory-mapped SPI flash. It seems to be mostly unused
nowadays and is only still called for early microcode loading on some
old systems (e.g. FSP 1.1 and older).
Using this implementation with CONFIG_CBFS_VERIFICATION is unsafe
because it does not verify the hashes the way the normal CBFS code does.
Therefore, to avoid potential security vulnerabilities from creeping in,
this patch makes sure the code cannot be compiled in when
CBFS_VERIFICATION is active. That means it won't be supported on the old
boards using this for microcode loading.
Ideally CONFIG_CBFS_VERIFICATION should have a `depends on` to make this
dependency more obvious in menuconfig, but the configs actually using
this code are not easy to untangle (e.g. CONFIG_MICROCODE_UPDATE_PRE_RAM
is just set everywhere by default although only very few boards are
really using it, and a lot of different old Intel CPU models are linking
in src/cpu/intel/car/non-evict/cache_as_ram.S without being united under
a single Kconfig so that's not easy to change). To keep things simple,
this patch will just prevent the code from being built and result in a
linker error if a bad combination of Kconfigs is used together. Later
patches can clean up the Kconfigs to better wrap that dependency if the
affected boards are still of enough interest to be worth that effort.
Signed-off-by: Julius Werner <jwerner(a)chromium.org>
Change-Id: I614a1b05881aa7c1539a7f7f296855ff708db56c
---
M src/arch/x86/Makefile.inc
M src/arch/x86/walkcbfs.S
2 files changed, 40 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/43/74243/1
diff --git a/src/arch/x86/Makefile.inc b/src/arch/x86/Makefile.inc
index d281037..4ac30ca 100644
--- a/src/arch/x86/Makefile.inc
+++ b/src/arch/x86/Makefile.inc
@@ -112,8 +112,10 @@
$(cbfs-autogen-attributes) $(TS_OPTIONS) $(CBFSTOOL_ADD_CMD_OPTIONS)
endif
+ifneq ($(CONFIG_CBFS_VERIFICATION),y)
$(call src-to-obj,bootblock,$(dir)/walkcbfs.S): $(obj)/fmap_config.h
bootblock-y += walkcbfs.S
+endif
endif # CONFIG_ARCH_BOOTBLOCK_X86_32 / CONFIG_ARCH_BOOTBLOCK_X86_64
diff --git a/src/arch/x86/walkcbfs.S b/src/arch/x86/walkcbfs.S
index 208a128..f4b8d254 100644
--- a/src/arch/x86/walkcbfs.S
+++ b/src/arch/x86/walkcbfs.S
@@ -2,6 +2,10 @@
#include <fmap_config.h>
+#if CONFIG(CBFS_VERIFICATION)
+#error "walkcbfs_asm is not safe to use with CBFS verification!"
+#endif
+
/* we use this instead of CBFS_HEADER_ALIGN because the latter is retired. */
#define CBFS_ALIGNMENT 64
--
To view, visit https://review.coreboot.org/c/coreboot/+/74243
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I614a1b05881aa7c1539a7f7f296855ff708db56c
Gerrit-Change-Number: 74243
Gerrit-PatchSet: 1
Gerrit-Owner: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Subrata Banik <subratabanik(a)google.com>
Gerrit-Attention: Subrata Banik <subratabanik(a)google.com>
Gerrit-Attention: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-MessageType: newchange
Attention is currently required from: Raul Rangel, Karthik Ramasubramanian, Mark Hasemeyer.
Jon Murphy has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74098 )
Change subject: mb/google/myst: Enable variants for Myst
......................................................................
Patch Set 15:
(1 comment)
File src/mainboard/google/myst/Kconfig:
https://review.coreboot.org/c/coreboot/+/74098/comment/8b56241d_cac71ac3
PS11, Line 40: BOARD_GOOGLE_MYST
> It was added in https://review.coreboot. […]
Done
--
To view, visit https://review.coreboot.org/c/coreboot/+/74098
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I688e9c2fdf203cecfd5f200dec6cde9dbc0a9aa7
Gerrit-Change-Number: 74098
Gerrit-PatchSet: 15
Gerrit-Owner: Jon Murphy <jpmurphy(a)google.com>
Gerrit-Reviewer: Eric Lai <eric_lai(a)quanta.corp-partner.google.com>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Mark Hasemeyer <markhas(a)google.com>
Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Reviewer: Tim Van Patten <timvp(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Attention: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Attention: Mark Hasemeyer <markhas(a)google.com>
Gerrit-Comment-Date: Wed, 05 Apr 2023 22:52:23 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Jon Murphy <jpmurphy(a)google.com>
Comment-In-Reply-To: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-MessageType: comment
Attention is currently required from: Raul Rangel, Paul Menzel, Tim Van Patten, Karthik Ramasubramanian, Mark Hasemeyer.
Jon Murphy has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74095 )
Change subject: mb/google/myst: First pass GPIO configuration
......................................................................
Patch Set 15:
(2 comments)
Commit Message:
https://review.coreboot.org/c/coreboot/+/74095/comment/28ad5ac2_41ea8968
PS14, Line 7: First pass GPIO configuration for Myst
> Please make it a statement by adding a verb (in imperative mood): […]
Done
https://review.coreboot.org/c/coreboot/+/74095/comment/6bdeea25_c58d32a7
PS14, Line 9: Initial GPIO configuration for Myst.
> What source did you use?
Done
--
To view, visit https://review.coreboot.org/c/coreboot/+/74095
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia019704c7b027f14d46281e0de0ffdbc4906a20b
Gerrit-Change-Number: 74095
Gerrit-PatchSet: 15
Gerrit-Owner: Jon Murphy <jpmurphy(a)google.com>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Mark Hasemeyer <markhas(a)google.com>
Gerrit-Reviewer: Martin L Roth <gaumless(a)gmail.com>
Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Reviewer: Tim Van Patten <timvp(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-CC: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Tim Van Patten <timvp(a)google.com>
Gerrit-Attention: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Attention: Mark Hasemeyer <markhas(a)google.com>
Gerrit-Comment-Date: Wed, 05 Apr 2023 22:52:05 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-MessageType: comment
Attention is currently required from: Raul Rangel, Jon Murphy, Tim Van Patten, Karthik Ramasubramanian, Mark Hasemeyer.
Hello build bot (Jenkins), Raul Rangel, Martin L Roth, Tim Van Patten, Karthik Ramasubramanian, Mark Hasemeyer,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/74095
to look at the new patch set (#15).
Change subject: mb/google/myst: First pass GPIO configuration
......................................................................
mb/google/myst: First pass GPIO configuration
Initial GPIO configuration for Myst derived from the schematics, AMD PPR, and configuration sheet.
BUG=b:270596581
TEST=builds
Signed-off-by: Jon Murphy <jpmurphy(a)google.com>
Change-Id: Ia019704c7b027f14d46281e0de0ffdbc4906a20b
---
M src/mainboard/google/myst/variants/baseboard/gpio.c
1 file changed, 175 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/95/74095/15
--
To view, visit https://review.coreboot.org/c/coreboot/+/74095
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia019704c7b027f14d46281e0de0ffdbc4906a20b
Gerrit-Change-Number: 74095
Gerrit-PatchSet: 15
Gerrit-Owner: Jon Murphy <jpmurphy(a)google.com>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Mark Hasemeyer <markhas(a)google.com>
Gerrit-Reviewer: Martin L Roth <gaumless(a)gmail.com>
Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Reviewer: Tim Van Patten <timvp(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-CC: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Attention: Jon Murphy <jpmurphy(a)google.com>
Gerrit-Attention: Tim Van Patten <timvp(a)google.com>
Gerrit-Attention: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Attention: Mark Hasemeyer <markhas(a)google.com>
Gerrit-MessageType: newpatchset