coreboot September 2023

coreboot@coreboot.org

26 participants
33 discussions

[RFC] x86: Add .data section support for XIP pre-RAM stages
by Compostella, Jeremy 06 Sep '23

06 Sep '23

Dear coreboot community, I am looking for feedback on the following topic. x86 Pre-memory stages do not support the `.data' section and as a result developers are required to include runtime initialization code instead of relying on C global variable definition. To illustrate the impact of this lack of .data section support, here are two limitations I personally ran into: 1. The inclusion of libgfxinit in romstage last year has required some changes in libgfxinit to ensure data is initialized at runtime. In addition, we had to manually map some .data symbols in the _bss region. 2. CBFS cache is currently not supported in pre-memory stages and enabling it would require to add an initialization function and find a generic spot to call it. Instead of going though these workarounds and as it was suggested on [[RFC] VGA Text mode in romstage] last year, I believe we could add support for a `.data' section. I have been working on a solution for eXecute-In-Place (XIP) pre-memory stages (`bootblock', `verstage' and `romstage') which deliver good results (cf. <https://review.coreboot.org/c/coreboot/+/77289>). In short this patch: 1. creates a new ELF segment to hold the `.data' section 2. creates a `.data' section with its Virtual Memory Address (VMA) within Cache-as-RAM (CAR) boundaries and its Load Memory Address (LMA) following the .text section (at `_etext'). cbfstools is also updated: - To process this new segment and `.data' section - To place the .data section content right after the code (cf. `parse_elf_to_xip_stage' function) At the moment, this patch makes cbfstool detects the presence of the segment automatically and assume this is a "data" segment. But we could add a new parameter to make this new behavior less automatic if you think this would be better. This patch also adds a piece of assembly code (or C-code for bootblock) to copy the `.data' section content to Cache-As-RAM at runtime. Regards, -- *Jeremy* /One Emacs to rule them all/ [[RFC] VGA Text mode in romstage] <https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/2DYB…>

2 2

[PATCH v3 1/2] x86: coreboot: Update cbmem table
by Simon Glass 04 Sep '23

04 Sep '23

This changed a few years ago to include an overflow flag. Bring in the new structure. This comes from coreboot commit: 6f5ead14b4 ("mb/google/nissa/var/joxer: Update eMMC DLL settings") Note: There are several implementations of this in coreboot. I have chosen to follow the one in src/lib/cbmem_console.c Signed-off-by: Simon Glass <sjg(a)chromium.org> --- Changes in v3: - Drop __packed as it does nothing useful arch/x86/include/asm/coreboot_tables.h | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/coreboot_tables.h b/arch/x86/include/asm/coreboot_tables.h index 4de137fbab9d..0dfb64babb96 100644 --- a/arch/x86/include/asm/coreboot_tables.h +++ b/arch/x86/include/asm/coreboot_tables.h @@ -299,11 +299,24 @@ struct cb_vdat { #define CB_TAG_TIMESTAMPS 0x0016 #define CB_TAG_CBMEM_CONSOLE 0x0017 +#define CBMC_CURSOR_MASK ((1 << 28) - 1) +#define CBMC_OVERFLOW BIT(31) + +/* + * struct cbmem_console - In-memory console buffer for coreboot + * + * Structure describing console buffer. It is overlaid on a flat memory area, + * with body covering the extent of the memory. Once the buffer is full, + * output will wrap back around to the start of the buffer. The high bit of the + * cursor field gets set to indicate that this happened. If the underlying + * storage allows this, the buffer will persist across multiple boots and append + * to the previous log. + */ struct cbmem_console { u32 size; u32 cursor; - char body[0]; -} __packed; + u8 body[0]; +}; #define CB_TAG_MRC_CACHE 0x0018 -- 2.41.0.694.ge786442a9b-goog

2 3

New Defects reported by Coverity Scan for coreboot
by scan-admin＠coverity.com 01 Sep '23

01 Sep '23

Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 15 new defect(s) introduced to coreboot found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 15 of 15 defect(s) ** CID 1518916: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518916: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); >>> CID 1518916: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseHsuartEnable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); ** CID 1518915: (TAINTED_SCALAR) /src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init() /src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init() /src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init() ________________________________________________________________________________________________________ *** CID 1518915: (TAINTED_SCALAR) /src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init() 149 (hdr->fw_version & 0xFF << 150 FW_REV_VERSION_SHFT); 151 write32(&regs->se_s_fw_revision, reg_value); 152 153 assert(hdr->fw_size_in_items <= SIZE_GENI_FW_RAM); 154 >>> CID 1518915: (TAINTED_SCALAR) >>> Passing tainted expression "hdr->fw_size_in_items * 4UL" to "memcpy", which uses it as an offset. [Note: The source code implementation of the function has been overridden by a builtin model.] 155 memcpy((&regs->se_geni_cfg_ramn), fw_val_arr, 156 hdr->fw_size_in_items * sizeof(uint32_t)); 157 158 /* HPG section 3.1.7.12 */ 159 write32(&regs->geni_force_default_reg, 0x1); 160 setbits_le32(&regs->geni_cgc_ctrl, GENI_CGC_CTRL_PROG_RAM_SCLK_OFF_BMSK /src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init() 77 write32(&regs->geni_cgc_ctrl, DEFAULT_CGC_EN); 78 79 /* HPG section 3.1.7.4 */ 80 write32(&regs->geni_init_cfg_revision, hdr->cfg_version); 81 write32(&regs->geni_s_init_cfg_revision, hdr->cfg_version); 82 >>> CID 1518915: (TAINTED_SCALAR) >>> Using tainted variable "hdr->cfg_size_in_items - 1" as an index to pointer "cfg_idx_arr". 83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <= 84 MAX_OFFSET_CFG_REG); 85 86 for (i = 0; i < hdr->cfg_size_in_items; i++) 87 write32(&regs->geni_cfg_reg0 + cfg_idx_arr[i], 88 cfg_val_arr[i]); /src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init() 80 write32(&regs->geni_init_cfg_revision, hdr->cfg_version); 81 write32(&regs->geni_s_init_cfg_revision, hdr->cfg_version); 82 83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <= 84 MAX_OFFSET_CFG_REG); 85 >>> CID 1518915: (TAINTED_SCALAR) >>> Using tainted variable "hdr->cfg_size_in_items" as a loop boundary. 86 for (i = 0; i < hdr->cfg_size_in_items; i++) 87 write32(&regs->geni_cfg_reg0 + cfg_idx_arr[i], 88 cfg_val_arr[i]); 89 90 /* HPG section 3.1.7.9 */ 91 /* non-UART configuration, UART driver can configure as desired for UART ** CID 1518914: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518914: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() 154 pse_fw_base = (uintptr_t)&psefwbuf; 155 params->SiipRegionBase = pse_fw_base; 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */ >>> CID 1518914: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseDmaEnable" of 3 bytes by passing it to a function which accesses it at byte offset 11 using argument "12UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); ** CID 1518913: (TAINTED_SCALAR) /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() ________________________________________________________________________________________________________ *** CID 1518913: (TAINTED_SCALAR) /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224 >>> CID 1518913: (TAINTED_SCALAR) >>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary. 225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224 >>> CID 1518913: (TAINTED_SCALAR) >>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary. 225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224 >>> CID 1518913: (TAINTED_SCALAR) >>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary. 225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224 >>> CID 1518913: (TAINTED_SCALAR) >>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary. 225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } ** CID 1518912: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518912: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); >>> CID 1518912: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseQepEnable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); ** CID 1518911: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518911: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); >>> CID 1518911: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseCanEnable" of 2 bytes by passing it to a function which accesses it at byte offset 7 using argument "8UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); 180 params->PchPseAdcEnable = config->PseAdcOwn; ** CID 1518910: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518910: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); >>> CID 1518910: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseSpiCs1Enable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); ** CID 1518909: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518909: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); >>> CID 1518909: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseI2sEnable" of 2 bytes by passing it to a function which accesses it at byte offset 7 using argument "8UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); ** CID 1518908: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518908: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); >>> CID 1518908: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseI2cEnable" of 8 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); ** CID 1518907: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1518907: Null pointer dereferences (FORWARD_NULL) /src/acpi/acpi.c: 1499 in write_acpi_tables() 1493 current = acpi_align_current(current); 1494 1495 /* clear all table memory */ 1496 memset((void *)start, 0, current - start); 1497 1498 acpi_write_rsdp(rsdp, rsdt, xsdt, oem_id); >>> CID 1518907: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "rsdt" to "acpi_write_rsdt", which dereferences it. 1499 acpi_write_rsdt(rsdt, oem_id, oem_table_id); 1500 acpi_write_xsdt(xsdt, oem_id, oem_table_id); 1501 1502 if (ENV_X86) { 1503 printk(BIOS_DEBUG, "ACPI: * FACS\n"); 1504 current = ALIGN_UP(current, 64); ** CID 1518906: (BUFFER_SIZE) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518906: (BUFFER_SIZE) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 4 byte destination string "params->PchPseHsuartEnable" by writing the maximum 16 bytes from "config->PseHsuartOwn". 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() 154 pse_fw_base = (uintptr_t)&psefwbuf; 155 params->SiipRegionBase = pse_fw_base; 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */ >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 3 byte destination string "params->PchPseDmaEnable" by writing the maximum 12 bytes from "config->PseDmaOwn". 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 8 byte destination string "params->PchPseI2cEnable" by writing the maximum 32 bytes from "config->PseI2cOwn". 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 4 byte destination string "params->PchPseSpiEnable" by writing the maximum 16 bytes from "config->PseSpiOwn". 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 4 byte destination string "params->PchPseSpiCs0Enable" by writing the maximum 16 bytes from "config->PseSpiCs0Own". 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 2 byte destination string "params->PchPseI2sEnable" by writing the maximum 8 bytes from "config->PseI2sOwn". 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 4 byte destination string "params->PchPseQepEnable" by writing the maximum 16 bytes from "config->PseQepOwn". 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 2 byte destination string "params->PchPseCanEnable" by writing the maximum 8 bytes from "config->PseCanOwn". 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); 180 params->PchPseAdcEnable = config->PseAdcOwn; /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 4 byte destination string "params->PchPseSpiCs1Enable" by writing the maximum 16 bytes from "config->PseSpiCs1Own". 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params() 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); >>> CID 1518906: (BUFFER_SIZE) >>> You might overrun the 6 byte destination string "params->PchPseUartEnable" by writing the maximum 24 bytes from "config->PseUartOwn". 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); ** CID 1518905: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518905: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); >>> CID 1518905: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseSpiEnable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); ** CID 1518904: Integer handling issues (BAD_SHIFT) /src/security/intel/txt/common.c: 277 in intel_txt_prepare_bios_acm() ________________________________________________________________________________________________________ *** CID 1518904: Integer handling issues (BAD_SHIFT) /src/security/intel/txt/common.c: 277 in intel_txt_prepare_bios_acm() 271 } 272 273 /* 274 * The ACM should be aligned to it's size, but that's not possible, as 275 * some ACMs are not power of two. Use the next power of two for verification. 276 */ >>> CID 1518904: Integer handling issues (BAD_SHIFT) >>> In expression "1UL << log2_ceil(*acm_len)", shifting by a negative amount has undefined behavior. The shift amount, "log2_ceil(*acm_len)", is -1. 277 if (!IS_ALIGNED((uintptr_t)acm_data, (1UL << log2_ceil(*acm_len)))) { 278 printk(BIOS_ERR, "TEE-TXT: BIOS ACM isn't aligned to its size.\n"); 279 cbfs_unmap(acm_data); 280 return NULL; 281 } 282 ** CID 1518903: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518903: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params() 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); >>> CID 1518903: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseUartEnable" of 6 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); ** CID 1518902: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() ________________________________________________________________________________________________________ *** CID 1518902: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); >>> CID 1518902: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseSpiCs0Enable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

coreboot September 2023