Narcissus/shredos.x86_64
2
0
Fork 0
mirror of https://github.com/PartialVolume/shredos.x86_64.git synced 2026-02-19 21:22:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update to buildroot 2023.08.2, updated nwipe to v0.35, added ChromeOS and Microsoft Surface drivers, fibre channel drivers.

Browse Source
This commit is contained in:
PartialVolume
2023-11-08 19:10:58 +00:00
parent a8a8be2f23
commit 9e8d671b7c
1798 changed files with 36091 additions and 18209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.gitlab-ci.yml
View File

@@ -1,7 +1,7 @@
# Configuration for Gitlab-CI.
# Builds appear on https://gitlab.com/buildroot.org/buildroot/pipelines
image: buildroot/base:20200814.2228
image: $CI_REGISTRY/buildroot.org/buildroot/base:20230207.1123
stages:
- generate-gitlab-ci
@@ -10,9 +10,17 @@ stages:
generate-gitlab-ci-yml:
stage: generate-gitlab-ci
script: ./support/scripts/generate-gitlab-ci-yml support/misc/gitlab-ci.yml.in > generated-gitlab-ci.yml
retry:
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
artifacts:
when: always
paths:
- generated-gitlab-ci.yml
- br-test-pkg/*/.config
- br-test-pkg/*/missing.config
buildroot-pipeline:
stage: build
@@ -21,3 +29,5 @@ buildroot-pipeline:
- artifact: generated-gitlab-ci.yml
job: generate-gitlab-ci-yml
strategy: depend
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID

314
CHANGES
View File

@@ -1,3 +1,224 @@
2023.08.2, released October 15th, 2023
Important / security related fixes.
Defconfigs: Freescale ARM: Add ATF patch to fix build issue
with binutils 2.39+. QEMU Aarch64-virt: Enable ACPI support
for EDK2. Visionfive2: Bump kernel to fix build issue with GCC
13.
Per-package builds: Do not use hard links for host / target
dirs, fixing issues with package rebuilds or post-build
scripts modifications.
Infrastructure: Explicitly disable shuffle mode for Make >=
4.4 where needed.
Urandom-scripts: Move seedrng init script to S01 for earlier
random number entrophy initialization.
Updated/fixed packages: at91bootstrap, batman-adv, bind, cups,
efl, enlightenment, exim, gcc, glibc, gnu-efi, go, gptfdisk,
grub2, gst-omx, gst1-devtools, gst1-libav, gst1-plugins-bad,
gst1-plugins-base, gst1-plugins-good, gst1-plugins-ugly,
gst1-python, gst1-rstp-server, gst1-rtsp-vaapi, gstreamer1,
gstreamer1-editing-services, gtkmm3, libcue, libcurl,
libfastjson, libhtp, libmodplug, librsvg, libvpx, libyang,
linux-pam, linux-tools, mbedtls, mosquitto, mutt, neon,
netsnmp, nmap, nodejs, olsr, openblas, opkg-utils, php, pound,
powertop, python-mako, python3, rauc, rockchip-mali, samba4,
sslh, stress-ng, suricata, syslog-ng, systemd, tar, unifdef,
urandom-scripts, usbguard, webkitgtk, wilc-driver,
wireless-regdb, wpewebkit
Issues resolved (http://bugs.uclibc.org):
#15628: Missing dependencies in BR2_PACKAGE_PYTHON_MAKO
#15808: connman is not supported on musl
#15814: C++ not supported by bootlin toolchain
2023.08.1, released September 27th, 2023
Important / security related fixes.
Updated/fixed packages: agentpp, asterisk, bind, binutils,
conmon, cpio, docker-cli, docker-engine, e2fsprogs, erlang,
esp-hosted, expect, fail2ban, fio, freerdp, fstrcmp, gcc, gdb,
ghostscript, go, haproxy, hwloc, icu, irssi, libcoap, libcurl,
libde265, libheif, libiec61850, libjxl, libopenssl, libpjsip,
libqb, libraw, libssh, libuv, lldpd, mdadm, mutt, ne10,
netatalk, nodejs, nut, openblas, opensc, openvpn, petitboot,
php, pound, pppd, python-pytest, python3, qt5,
rtl8812au-aircrack-ng, sngrep, stress-ng, strongswan, sysstat,
tar, tcl, timescaledb, util-linux, vim, webkitgtk, webp,
wireshark, xserver_xorg-server, xterm, zbar, zxing-cpp,
zynaddsubfx
Issues resolved (http://bugs.uclibc.org):
#14366: Nodejs fails with "version `GLIBC_2.34' not found"..
#15787: atmel_sama5d3_xplained_mmc_defconfig: Missing...
#15790: at91sam9x5ek_dev_defconfig: Missing...
2023.08, released September 6th, 2023
Various fixes.
Defconfigs: BeagleV: Fix build issue with binutils >=
2.38. Hifive unleashed: U-Boot needs OpenSSL
Updated/fixed packages: dt, grub2, heirloom-mailx, libgpgme,
libtommath, libxcrypt, log4cxx, mesa3d-demos, openjdk,
openjdk-bin, pam, pcm-tools, pixman, poppler, python-django,
python-ipython, python-pip, python-tornado, zeromq
New packages: libdecor
2023.08-rc3, released August 29th, 2023
Fixes all over the tree.
Defconfigs: Avenger96: Bump ATF to 2.9 to fix build warnings
with binutils >= 2.39. CI20: Bump kernel to 5.4.254 to fix
build issue with GCC 12. Hifive unleashed: Add missing
pylibfdt dependency / bump kernel to 5.10.109 to fix build
issue GCC 12. PC x86-64 bios/elf: Add missing libelf
dependency. Sipeed maix sdcard: Fix build issues with
binutils >= 2.38
Updated/fixed packages: check, clamav, cups, esp-hosted,
f2fs-tools, freeswitch, gcc, gmp, libks, libmodsecurity,
mosquitto, mpg123, network-manager, php, postgresql, python3,
ramspeed, rtl8189fs, rust, rust-bin, samba4, screen, zlib-ng
2023.08-rc2, released August 20th, 2023
Fixes all over the tree.
Toolchains: Only show external toolchains based on a GCC
version supporting the selected architecture
variant. Correctly mark Codescape MIPS external toolchains as
not providing a gdbserver.
Defconfigs: Andes ae350_45: Drop custom U-Boot march setting,
breaking builds with GCC 12. Nitrogen*: Bump
U-Boot/Linux. Nitrogen8*: Use ATF 2.8, fixing array bounds
errors. QEMU m68k: Add Linux patch to fix build issue with
binutils >= 2.41. Raspberrypi*: Enable console on HDMI when
using systemd as well.
Updated/fixed packages: at91dataflashboot, aubio, berkeleydb,
bwm-ng, ccache, check, chocolate-doom, compiler-rt, composer,
conmon, connman, dav1d, diffutils, dracut, e2fsprogs, elf2flt,
esp-hosted, flite, gcc, gdb, go-bootstrap-stage2,
intel-microcode, kodi-imagedecoder-heif, less, libcoap,
libedit, libglib2, libksba, liblo, libserial, log4cxx, lsof,
luvi, meson, mosquitto, mpd, mpv, mv-ddr-marvell, nftables,
ntpsec, openssh, optee-test, perftest, python-botocore,
python-docker, python-pylibfdt, python3, screenfetch,
sentry-cli, sngrep, stellarium, trinity, tvheadend, uboot,
uclibc, util-linux, xfsprogs, yajl
New packages: nftables-python, xlib_libXpresent
Removed packages: lpc32xxcdl
2023.08-rc1, released August 5, 2023
Numerous package updates and fixes, additional runtime tests.
Toolchain:
- Toolchains from ARM (for ARM, AArch64 and AArch64 BE)
updated to 12.2.
- Support for binutils 2.40 and 2.41 added, binutils 2.37 and
2.38 removed, binutils 2.40 is now the default
- Support for gcc 13 added, gcc 10 removed, gcc 12 is now the
default
Architectures:
- Additional x86-64 variants added
- RISC-V vector extension support added
Infrastructure:
- Go now built in 3 stages to be able to update to Go 1.20.x.
New defconfigs: rock5b
Removed defconfigs: qemu_sparc_ss10
New packages: composer, conmon, dfu-programmer, esp-hosted,
kodi-imagedecoder-heif, kodi-imagedecoder-raw, libde2654,
libdisplay-info, libheif, llvm-cmake, llvm-libunwind,
lua-dkjson, mbpoll, mdnsd, mhz, opencsd, python-libconf,
python-blinker, python-midiutil, python-rdps-py, python-wheel,
qt6svg, redis-plus-plus, rockchip-rkbin, rtl8822cs, swaybg,
swugenerator
Removed packages: libasplib, ocf-linux, tovid
2023.05.2, released August 31th, 2023
Important / security related fixes.
Toolchains: Correctly mark Bootlin external toolchains as
having OpenMP support.
Arch: Mark Alderlake x86 variants as no AVX512 support.
Utils: Ensure utils/docker-run correctly supports git
worktrees.
Defconfigs: Beaglebone: U-Boot needs OpenSSL. Beaglebone qt5:
Enable support for green wireless variant.
Updated/fixed packages: arm-trusted-firmware, bind, cairo,
cmocka, containerd, crudini, cryptodev-linux, dmidecode,
ffmpeg, firmware-imx, gcc, gdb, ghostscript, gkrellm,
gnuradio, go, igh-ethercat, iperf3, kodi, libcurl, libopenssl,
libssh, libubootenv, libuhttpd, linux-tools, mali-driver,
nfs-utils, ntp, openssh, php, pipewire, python-pysmb,
python-iniparse, python-iptables, rtl8189es, rtl8189fs,
sam-ba, samba4, seatd, shadow, speex,
sunxi-mali-utgard-driver, supertuxkart, sysdig, systemd, tor,
tpm2-tss, transmission, uboot, unzip, webkitgtk,
wireless-regdb, wolfssl, wpebackend-fdo, wpewebkit, xenomai,
yaml-cpp, yavta
Issues resolved (http://bugs.uclibc.org):
#15634: fluidsynths refers to missing libgomp.so.1
2023.05.1, released July 17th, 2023
Important / security related fixes.
Defconfigs: Chiliboard, mx53loco: fix build on hosts without
openssl development headers.
Nitrogen*: fix build on hosts without openssl or pylibfdt.
Hifive unleased: Bump OpenSBI to 1.2 to fix a build issue.
Raspberrypi: Handle DTB overlays for all variants
Updated/fixed packages: agentpp, alsa-plugins, assimp, audit,
bind, busybox, c-ares, check, cups, dav1d, dbus, fftw,
fluidsynth, freetype, fwts, ghostscript, gnupg2, gnuradio,
graphicsmagick, gupnp, haproxy, heimdal, hwdata, jhead, kodi,
libcap, libgcrypt, libgpg-error, libgtk3, libmdbx, libxslt,
mesa3d, mesa3d-demos, mpir, nodejs, php, pkgconf,
python-cryptography, python-dbus-fast, python-django,
python-docker, python-pyicu, python-requests, python3, qemu,
qt6, quickjs, rtl8192eu, samba4, sconeserver, syslog-ng,
taglib, tiff, wine, wireshark, xdriver_xf86-video-dummy,
xlib_libX11,
Issues resolved (http://bugs.uclibc.org):
#15643: ERROR: No hash found for linux-6.3.8.tar.xz
#15658: hifive_unleashed_defconfig: Linker errors in opensbi-0.9
#15661: mx53loco_defconfig: Dependency on OpenSSL missing
#15664: Can't compile mesa3d with v3d driver
#15673: PKGCONF_SITE in pkgconf.mk points to parked domain
#15682: pkgconf: no longer able to download source from...
2023.05, released June 7th, 2023
Fixes all over the tree.
@@ -72,6 +293,99 @@
#15376: Libiconv config
#15461: QtVirtualKeyboard segfaults
2023.02.4, released August 31th, 2023
Important / security related fixes.
Toolchains: Correctly mark Bootlin external toolchains as
having OpenMP support.
Arch: Mark Alderlake x86 variants as having no AVX512 support.
Utils: Ensure utils/docker-run correctly supports git
worktrees.
Defconfigs: Beaglebone qt5: Enable support for green wireless
variant.
Updated/fixed packages: arm-trusted-firmware, bind, cairo,
cmocka, containerd, crudini, dmidecode, ffmpeg, freescale-imx,
gcc, gdb, ghostscript, gkrellm, gnuradio, go, heimdall,
iperf3, libcurl, libmodsecurity, libopenssl, libssh,
libubootenv, libuhttpd, linux-tools, ntp, openssh, php,
pipewire, python-iniparse, python-iptables, python-pysmb,
rtl8189fs, sam-ba, samba4, seatd, speex, supertuxkart, sysdig,
tor, tpm2-tss, uboot, unzip, webkitgtk, wireless-regdb,
wolfssl, wpebackend-fdo wpewebkit, xenomai, yaml-cpp, yavta
Issues resolved (http://bugs.uclibc.org):
#15634: fluidsynths refers to missing libgomp.so.1
2023.02.3, released July 17th, 2023
Important / security related fixes.
Defconfigs: Chiliboard: fix build on hosts without openssl
development headers.
Nitrogen*: fix build on hosts without openssl or pylibfdt.
Raspberrypi: Handle DTB overlays for all variants
Updated/fixed packages: agentpp, alsa-plugins, assimp, bind,
busybox, dbus, c-ares, check, dav1d, fluidsynth, fftw, fwts,
ghostscript, gnupg2, gnuradio, gupnp, haproxy, heimdal,
hwdata, jhead, libcap, libgcrypt, libgpg-error, libgtk3,
libxslt, mesa3d-demos, mpir, nodejs, php, pkgconf,
python-cryptography, python-dbus-fast, python-django,
python-pyicu, python-requests, python3, qt6, quickjs,
sconeserver, taglib, tiff, wireshark, xdriver_xf86-video-dummy
Issues resolved (http://bugs.uclibc.org):
#15643: ERROR: No hash found for linux-6.3.8.tar.xz
#15673: PKGCONF_SITE in pkgconf.mk points to parked domain
#15682: pkgconf: no longer able to download source from...
2023.02.2, released June 16th, 2023
Important / security related fixes.
Infrastructure: Add BR2_HOST_CMAKE_AT_LEAST_* for packages
needing a newer host-cmake than what is currently enforced
(3.18) - Up to the version provided by the cmake package (3.22).
utils/docker-run: Now correctly handles git
workdirs/worktrees.
Defconfigs: QEMU s390x: Bump rootfs size to make room for
kernel modules, Stm32f4xx: Tweak config to save RAM, Xilinx
Versal vck190: Use correct (A72) CPU variant
Updated/fixed packages: atkmm, bird, busybox, cairomm1_14,
cmake, containerd, crudini, cups, delve, docker-cli,
docker-engine, earlyoom, edid-decode, fluent-bit, freeswitch,
gcc, gdb, glibmm_2_66, gnupg2, go, gptfdisk, graphicsmagick,
intel-microcode, libass, libcurl, libdeflate, libgeos,
libgtk3, libjxl, libnftl, libopenssl, libressl, libssh, llvm,
lua, mesa3d, micropython, minidlna, moby-buildkit, mpd, mupdf,
ncurses, nftables, openjdk, openjdk-bin, php, postgresql,
python-can, python-django, python-django, python-ipython,
python-matplotlib, python-mupdf, python-requests, python3,
qemu, redis, rpm, runc, sdl2_mixer, tzdata, uclibc, vdr,
wilc-firmware, xapp_xcalc, xapp_xdpyinfo, xapp_xinput,
xapp_xwininfo, xdata_xbitmaps, xdata_xcursor-themes,
xdriver_xf86-input-mouse, xdriver_xf86-video-ark,
xdriver_xf86-video-geode, xdriver_xf86-video-neomagic,
xfont_encodings, xlib_libX11, xlib_libXaw, xlib_libXi,
xlib_libXfixes, xlib_libXft, xlib_libXpm, zfs, znc
New packages: perl-clone, perl-http-message, python-asttokens,
python-executing, python-pure-eval, python-stack-data
Issues resolved (http://bugs.uclibc.org):
#15421: qemu_aarch64_ebbr_defconfig: Missing Linux kernel source code
2023.02.1, released May 9th, 2023
Important / security related fixes.

2
Config.in
View File

@@ -65,7 +65,7 @@ config BR2_NEEDS_HOST_JAVA
# Hidden boolean selected by pre-built packages for x86, when they
# need to run on x86-64 machines (example: pre-built external
# toolchains, binary tools like SAM-BA, etc.).
# toolchains, binary tools, etc.).
config BR2_HOSTARCH_NEEDS_IA32_LIBS
bool

52
Config.in.legacy
View File

@@ -144,6 +144,58 @@ endif
###############################################################################
comment "Legacy options removed in 2023.08"
config BR2_TARGET_LPC32XXCDL
bool "lpc32xxcdl has been removed"
select BR2_LEGACY
help
lpc32xxcdl has been removed, due to licensing concerns.
config BR2_BINUTILS_VERSION_2_38_X
bool "binutils 2.38.x has been removed"
select BR2_LEGACY
help
binutils 2.38 has been removed, use a newer version.
config BR2_GCC_VERSION_10_X
bool "gcc 10.x support removed"
select BR2_LEGACY
help
Support for gcc version 10.x has been removed. The current
default version (12.x or later) has been selected instead.
config BR2_KERNEL_HEADERS_6_3
bool "kernel headers version 6.3.x are no longer supported"
select BR2_LEGACY
help
Version 6.3.x of the Linux kernel headers are no longer
maintained upstream and are now removed.
config BR2_PACKAGE_TOVID
bool "tovid removed"
select BR2_LEGACY
help
tovid was removed
config BR2_PACKAGE_LIBASPLIB
bool "libasplib removed"
select BR2_LEGACY
help
libasplib is no longer needed.
config BR2_PACKAGE_OCF_LINUX
bool "ocf-linux has been removed"
select BR2_LEGACY
help
ocf-linux is incompatible with newer kernels.
config BR2_BINUTILS_VERSION_2_37_X
bool "binutils 2.37.x has been removed"
select BR2_LEGACY
help
binutils 2.37 has been removed, use a newer version.
comment "Legacy options removed in 2023.05"
config BR2_KERNEL_HEADERS_6_2

152
DEVELOPERS
View File

@@ -311,7 +311,7 @@ F: package/taskd/
N: Benjamin Kamath <kamath.ben@gmail.com>
F: package/lapack/
N: Bernd Kuhls <bernd.kuhls@t-online.de>
N: Bernd Kuhls <bernd@kuhls.net>
F: package/alsa-lib/
F: package/alsa-utils/
F: package/apache/
@@ -321,19 +321,19 @@ F: package/apr-util/
F: package/bcg729/
F: package/bento4/
F: package/bitcoin/
F: package/bluez-tools/
F: package/boinc/
F: package/clamav/
F: package/dav1d/
F: package/dht/
F: package/dovecot/
F: package/dovecot-pigeonhole/
F: package/dtv-scan-tables/
F: package/ethtool/
F: package/eudev/
F: package/exim/
F: package/fetchmail/
F: package/ffmpeg/
F: package/flac/
F: package/flatbuffers/
F: package/freeswitch/
F: package/freeswitch-mod-bcg729/
F: package/freetype/
@@ -341,13 +341,10 @@ F: package/fstrcmp/
F: package/ghostscript/
F: package/giflib/
F: package/gkrellm/
F: package/gli/
F: package/glmark2/
F: package/gpsd/
F: package/gptfdisk/
F: package/hdparm/
F: package/hddtemp/
F: package/inih/
F: package/hdparm/
F: package/intel-gmmlib/
F: package/intel-mediadriver/
F: package/intel-mediasdk/
@@ -355,18 +352,22 @@ F: package/intel-microcode/
F: package/jsoncpp/
F: package/kodi*
F: package/lame/
F: package/lcms2/
F: package/leafnode2/
F: package/libaacs/
F: package/libasplib/
F: package/libass/
F: package/libbdplus/
F: package/libbluray/
F: package/libbroadvoice/
F: package/libcap/
F: package/libcdio/
F: package/libcec/
F: package/libcodec2/
F: package/libcrossguid/
F: package/libde265/
F: package/libdecor/
F: package/libdeflate/
F: package/libdisplay-info/
F: package/libdrm/
F: package/libdvbcsa/
F: package/libdvdcss/
@@ -374,11 +375,13 @@ F: package/libdvdnav/
F: package/libdvdread/
F: package/libebur128/
F: package/libfreeglut/
F: package/libfribidi/
F: package/libg7221/
F: package/libglew/
F: package/libglfw/
F: package/libglu/
F: package/libhdhomerun/
F: package/libheif/
F: package/libilbc/
F: package/libks/
F: package/libldns/
@@ -396,21 +399,27 @@ F: package/libsidplay2/
F: package/libsilk/
F: package/libsndfile/
F: package/libsoundtouch/
F: package/libsquish/
F: package/libudfread/
F: package/libunibreak/
F: package/liburiparser/
F: package/libutp/
F: package/libuv/
F: package/libva/
F: package/libva-intel-driver/
F: package/libva-utils/
F: package/libvorbis/
F: package/libvpx/
F: package/libyuv/
F: package/linux-firmware/
F: package/mc/
F: package/mesa3d/
F: package/minidlna/
F: package/mjpg-streamer/
F: package/mpg123/
F: package/ntp/
F: package/nut/
F: package/opus/
F: package/pciutils/
F: package/perl-crypt-openssl-guess/
F: package/perl-crypt-openssl-random/
F: package/perl-crypt-openssl-rsa/
@@ -429,33 +438,34 @@ F: package/perl-io-html/
F: package/perl-lwp-mediatypes/
F: package/perl-mail-dkim/
F: package/perl-mailtools/
F: package/perl-netaddr-ip/
F: package/perl-net-dns/
F: package/perl-net-http/
F: package/perl-netaddr-ip/
F: package/perl-timedate/
F: package/perl-uri/
F: package/perl-www-robotrules/
F: package/php/
F: package/pixman/
F: package/pngquant/
F: package/pound/
F: package/pppd/
F: package/privoxy/
F: package/pure-ftpd/
F: package/python-couchdb/
F: package/python-cssutils/
F: package/python-glslang/
F: package/python-mako/
F: package/python-mwclient/
F: package/python-mwscrape/
F: package/python-mwscrape2slob/
F: package/python-mako/
F: package/python-oauthlib/
F: package/python-pyicu/
F: package/python-pylru/
F: package/python-requests-oauthlib/
F: package/python-slob/
F: package/rrdtool/
F: package/rsync/
F: package/rtmpdump/
F: package/samba4/
F: package/softether/
F: package/sofia-sip/
F: package/spandsp/
F: package/sqlite/
F: package/stellarium/
@@ -465,13 +475,10 @@ F: package/tor/
F: package/transmission/
F: package/tvheadend/
F: package/unixodbc/
F: package/utf8proc/
F: package/vdr/
F: package/vdr-plugin-vnsiserver/
F: package/vlc/
F: package/vnstat/
F: package/waylandpp/
F: package/x11r7/
F: package/wget/
F: package/wireless-regdb/
F: package/wireless_tools/
F: package/x264/
F: package/x265/
F: package/xmrig/
@@ -543,6 +550,7 @@ F: package/balena-engine/
F: package/batman-adv/
F: package/catatonit/
F: package/cni-plugins/
F: package/conmon/
F: package/containerd/
F: package/crun/
F: package/delve/
@@ -552,6 +560,8 @@ F: package/docker-engine/
F: package/embiggen-disk/
F: package/fuse-overlayfs/
F: package/go/
F: package/go-bootstrap-stage1/
F: package/go-bootstrap-stage2/
F: package/gocryptfs/
F: package/mbpfan/
F: package/moby-buildkit/
@@ -643,7 +653,7 @@ F: package/odroidc2-firmware/
N: Daniel J. Leach <dleach@belcan.com>
F: package/dacapo/
N: Daniel Lang <d.lang@abatec.at>
N: Daniel Lang <dalang@gmx.at>
F: package/atkmm/
F: package/atkmm2_28/
F: package/cairomm/
@@ -654,9 +664,11 @@ F: package/glibmm2_66/
F: package/gtkmm3/
F: package/libsigc/
F: package/libsigc2/
F: package/llvm-project/
F: package/paho-mqtt-cpp/
F: package/pangomm/
F: package/pangomm2_46/
F: package/sam-ba/
N: Damien Lanson <damien@kal-host.com>
F: package/libvdpau/
@@ -1014,6 +1026,7 @@ F: package/tinycbor/
F: package/tinydtls/
F: package/tinymembench/
F: package/whois/
F: package/x11r7/xlib_libXpresent/
F: package/zeek/
N: Fabrice Goucem <fabrice.goucem@oss.nxp.com>
@@ -1163,6 +1176,7 @@ F: package/at/
F: package/binutils/
F: package/cryptsetup/
F: package/erlang-jiffy/
F: package/esp-hosted/
F: package/gcc/
F: package/harfbuzz/
F: package/libfuse3/
@@ -1172,6 +1186,7 @@ F: package/mali-driver/
F: package/minicom/
F: package/mmc-utils/
F: package/nfs-utils/
F: package/python-libconf/
F: package/python-uvloop/
F: package/qt5/
F: package/rockchip-mali/
@@ -1186,6 +1201,7 @@ F: package/rtl8821cu/
F: package/sunxi-mali-utgard/
F: package/sunxi-mali-utgard-driver/
F: package/sunxi-tools/
F: package/swugenerator/
F: package/trace-cmd/
F: package/udisks/
F: package/wilc-driver/
@@ -1416,6 +1432,7 @@ F: package/python-pydyf/
F: package/python-pypa-build/
F: package/python-pyphen/
F: package/python-pyproject-hooks/
F: package/python-rpds-py/
F: package/python-rtoml/
F: package/python-selenium/
F: package/python-snappy/
@@ -1451,6 +1468,7 @@ F: package/gtkmm3/
F: package/libpqxx/
F: package/pangomm/
F: package/rpm/
F: package/swaybg/
F: package/yad/
N: Jan Heylen <jan.heylen@nokia.com>
@@ -1525,6 +1543,7 @@ F: package/libnet/
F: package/libteam/
F: package/libuev/
F: package/mg/
F: package/mdnsd/
F: package/mini-snmpd/
F: package/mrouted/
F: package/netcalc/
@@ -1594,6 +1613,9 @@ N: John Faith <jfaith@impinj.com>
F: package/python-inflection/
F: package/sdbusplus/
N: Jon Ringle <jringle@gridpoint.com>
F: package/mbpoll/
N: Jonathan Ben Avraham <yba@tkos.co.il>
F: arch/Config.in.xtensa
F: package/autofs/
@@ -1619,27 +1641,14 @@ N: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
F: package/zfs/
F: support/testing/tests/package/test_zfs.py
N: José Pekkarinen <jose.pekkarinen@unikie.com>
F: package/alfred/
F: package/avocado/
F: package/bmx7/
F: package/opensc/
F: package/python-aexpect/
F: package/python-alembic/
F: package/python-lark/
F: package/softhsm2/
F: support/testing/tests/package/sample_python_aexpect.py
F: support/testing/tests/package/test_avocado.py
F: support/testing/tests/package/test_python_aexpect.py
N: Joseph Kogut <joseph.kogut@gmail.com>
F: package/at-spi2-core/
F: package/clang/
F: package/earlyoom/
F: package/gconf/
F: package/libnss/
F: package/lld/
F: package/llvm/
F: package/llvm-project/clang/
F: package/llvm-project/lld/
F: package/llvm-project/llvm/
F: package/python-cython/
F: package/python-pycups/
F: package/python-raven/
@@ -1713,6 +1722,7 @@ F: package/libjxl/
F: package/octave/
F: package/ola/
F: package/openblas/
F: package/opencsd/
F: package/openmpi/
F: package/perftest/
F: package/ptm2human/
@@ -1723,6 +1733,7 @@ F: package/python-hwdata/
F: package/python-magic-wormhole/
F: package/python-magic-wormhole-mailbox-server/
F: package/python-magic-wormhole-transit-relay/
F: package/python-midiutil/
F: package/python-pyalsa/
F: package/python-spake2/
F: package/rdma-core/
@@ -1733,37 +1744,63 @@ F: package/zynaddsubfx/
F: support/testing/tests/package/sample_python_distro.py
F: support/testing/tests/package/sample_python_gnupg.py
F: support/testing/tests/package/sample_python_hwdata.py
F: support/testing/tests/package/sample_python_midiutil.py
F: support/testing/tests/package/sample_python_pyalsa.py
F: support/testing/tests/package/sample_python_spake2.py
F: support/testing/tests/package/test_acpica.py
F: support/testing/tests/package/test_acpica/
F: support/testing/tests/package/test_brotli.py
F: support/testing/tests/package/test_bzip2.py
F: support/testing/tests/package/test_compressor_base.py
F: support/testing/tests/package/test_ddrescue.py
F: support/testing/tests/package/test_ddrescue/
F: support/testing/tests/package/test_dos2unix.py
F: support/testing/tests/package/test_fluidsynth.py
F: support/testing/tests/package/test_fluidsynth/
F: support/testing/tests/package/test_gawk.py
F: support/testing/tests/package/test_glslsandbox_player.py
F: support/testing/tests/package/test_glslsandbox_player/
F: support/testing/tests/package/test_gnupg2.py
F: support/testing/tests/package/test_gnuradio.py
F: support/testing/tests/package/test_gnuradio/
F: support/testing/tests/package/test_gzip.py
F: support/testing/tests/package/test_highway.py
F: support/testing/tests/package/test_hwloc.py
F: support/testing/tests/package/test_iperf3.py
F: support/testing/tests/package/test_kexec.py
F: support/testing/tests/package/test_kexec/
F: support/testing/tests/package/test_libjxl.py
F: support/testing/tests/package/test_lrzip.py
F: support/testing/tests/package/test_lzip.py
F: support/testing/tests/package/test_lsof.py
F: support/testing/tests/package/test_lz4.py
F: support/testing/tests/package/test_lzop.py
F: support/testing/tests/package/test_mtools.py
F: support/testing/tests/package/test_ncdu.py
F: support/testing/tests/package/test_nftables.py
F: support/testing/tests/package/test_nftables/
F: support/testing/tests/package/test_octave.py
F: support/testing/tests/package/test_ola.py
F: support/testing/tests/package/test_ola/
F: support/testing/tests/package/test_openblas.py
F: support/testing/tests/package/test_perftest.py
F: support/testing/tests/package/test_pigz.py
F: support/testing/tests/package/test_python_distro.py
F: support/testing/tests/package/test_python_gnupg.py
F: support/testing/tests/package/test_python_hkdf.py
F: support/testing/tests/package/test_python_hwdata.py
F: support/testing/tests/package/test_python_magic_wormhole.py
F: support/testing/tests/package/test_python_midiutil.py
F: support/testing/tests/package/test_python_pyalsa.py
F: support/testing/tests/package/test_python_spake2.py
F: support/testing/tests/package/test_rdma_core.py
F: support/testing/tests/package/test_rdma_core/
F: support/testing/tests/package/test_stress_ng.py
F: support/testing/tests/package/test_xz.py
F: support/testing/tests/package/test_z3.py
F: support/testing/tests/package/test_z3/
F: support/testing/tests/package/test_zchunk.py
F: support/testing/tests/package/test_zstd.py
N: Julien Viard de Galbert <julien@vdg.name>
F: package/dieharder/
@@ -1790,6 +1827,11 @@ F: package/ramsmp/
N: Kieran Bingham <kieran.bingham@ideasonboard.com>
F: package/libcamera/
N: Kilian Zinnecker <kilian.zinnecker@mail.de>
F: package/rockchip-rkbin/
F: configs/rock5b_defconfig
F: board/radxa/rock5b/
N: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
F: package/wqy-zenhei/
@@ -2085,11 +2127,6 @@ F: package/protobuf/
F: package/re2/
F: package/spdlog/
N: Michael Rommel <rommel@layer-7.net>
F: package/knock/
F: package/python-crc16/
F: package/python-pyzmq/
N: Michael Trimarchi <michael@amarulasolutions.com>
F: board/bsh/
F: configs/imx8mn_bsh_smm_s2_defconfig
@@ -2149,12 +2186,11 @@ N: Neal Frager <neal.frager@amd.com>
F: board/versal/
F: board/zynq/
F: board/zynqmp/
F: board/zynqmp/kria/
F: configs/versal_vck190_defconfig
F: configs/zynq_zc706_defconfig
F: configs/zynqmp_kria_kv260_defconfig
F: configs/zynqmp_zcu102_defconfig
F: configs/zynqmp_zcu106_defconfig
F: configs/zynqmp_kria_kv260_defconfig
F: package/bootgen/
F: package/versal-firmware/
@@ -2167,6 +2203,7 @@ F: configs/galileo_defconfig
N: Nicolas Carrier <nicolas.carrier@orolia.com>
F: package/bmap-tools/
F: package/composer/
F: package/libdbi/
F: package/libdbi-drivers/
F: package/lua-augeas/
@@ -2308,6 +2345,7 @@ F: configs/roseapplepi_defconfig
F: configs/sheevaplug_defconfig
F: configs/visionfive_defconfig
F: package/bats-core/
F: package/dfu-programmer/
F: package/docker-compose/
F: package/dump1090/
F: package/fatcat/
@@ -2342,6 +2380,7 @@ F: support/testing/tests/package/test_docker_compose.py
N: Peter Seiderer <ps.report@gmx.net>
F: package/dotconf/
F: package/python-blinker/
F: package/qt5/qt5speech/
F: package/speechd/
@@ -2418,11 +2457,14 @@ F: package/tree/
N: Pieter De Gendt <pieter.degendt@gmail.com>
F: package/libvips/
N: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
N: Pieterjan Camerlynck <pieterjanca@gmail.com>
F: package/libdvbpsi/
F: package/mraa/
F: package/synergy/
N: Prabhu Sannachi <prabhu.sannachi@collins.com>
F: package/redis-plus-plus/
N: Rafal Susz <rafal.susz@gmail.com>
F: board/avnet/s6lx9_microboard/
F: configs/s6lx9_microboard_defconfig
@@ -2502,6 +2544,7 @@ F: package/azmq/
N: Robert Marko <robimarko@gmail.com>
F: package/mdio-tools/
F: package/mhz/
N: Robert Rose <robertroyrose@gmail.com>
F: package/grpc/
@@ -2518,7 +2561,6 @@ F: package/alure/
F: package/aubio/
F: package/binutils/
F: package/bullet/
F: package/clang/
F: package/clinfo/
F: package/efl/
F: package/enet/
@@ -2532,12 +2574,13 @@ F: package/irrlicht/
F: package/liblinear/
F: package/lensfun/
F: package/libbpf/
F: package/libclc/
F: package/libgta/
F: package/libiec61850/
F: package/libspatialindex/
F: package/linux-syscall-support/
F: package/llvm/
F: package/llvm-project/clang/
F: package/llvm-project/libclc/
F: package/llvm-project/llvm/
F: package/lugaru/
F: package/mcelog/
F: package/mesa3d/
@@ -2724,7 +2767,6 @@ F: package/dvdauthor/
F: package/dvdrw-tools/
F: package/memtest86/
F: package/mjpegtools/
F: package/tovid/
F: package/udftools/
F: package/xorriso/
@@ -2873,6 +2915,7 @@ F: package/msmtp/
F: package/musl/
F: package/musl-fts/
F: package/ne10/
F: package/nodejs/
F: package/pkg-python.mk
F: package/pkg-autotools.mk
F: package/pkg-generic.mk
@@ -2945,14 +2988,17 @@ F: package/gettext-tiny/
F: package/tinyssh/
N: Valentin Korenblit <valentinkorenblit@gmail.com>
F: package/clang/
F: package/clinfo/
F: package/libclc/
F: package/llvm/
F: package/llvm-project/clang/
F: package/llvm-project/libclc/
F: package/llvm-project/llvm/
N: Vanya Sergeev <vsergeev@gmail.com>
F: package/lua-periphery/
N: Viacheslav Bocharov <adeep@lexina.in>
F: package/rtl8822cs/
N: Victor Huesca <victor.huesca@bootlin.com>
F: support/testing/tests/core/test_root_password.py
@@ -3130,11 +3176,13 @@ F: package/zlog/
F: support/testing/tests/package/sample_python_dicttoxml2.py
F: support/testing/tests/package/sample_python_dtschema.py
F: support/testing/tests/package/sample_python_munch.py
F: support/testing/tests/package/sample_python_pysmb.py
F: support/testing/tests/package/test_libftdi1.py
F: support/testing/tests/package/test_python_can.py
F: support/testing/tests/package/test_python_dicttoxml2.py
F: support/testing/tests/package/test_python_dtschema.py
F: support/testing/tests/package/test_python_munch.py
F: support/testing/tests/package/test_python_pysmb.py
F: utils/scanpypi
N: Yunhao Tian <t123yh.xyz@gmail.com>

16
Makefile
View File

@@ -90,9 +90,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2023.05
export BR2_VERSION := 2023.08.2
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1686172000
BR2_VERSION_EPOCH = 1697404000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -927,14 +927,6 @@ pkg-stats:
--html $(O)/pkg-stats.html \
--nvd-path $(DL_DIR)/buildroot-nvd
.PHONY: missing-cpe
missing-cpe:
$(Q)mkdir -p $(CPE_UPDATES_DIR)
$(Q)cd "$(CONFIG_DIR)" ; \
$(TOPDIR)/support/scripts/gen-missing-cpe \
--nvd-path $(DL_DIR)/buildroot-nvd \
--output $(CPE_UPDATES_DIR)
else # ifeq ($(BR2_HAVE_DOT_CONFIG),y)
# Some subdirectories are also package names. To avoid that "make linux"
@@ -1191,7 +1183,6 @@ help:
@echo ' legal-info - generate info about license compliance'
@echo ' show-info - generate info about packages, as a JSON blurb'
@echo ' pkg-stats - generate info about packages as JSON and HTML'
@echo ' missing-cpe - generate XML snippets for missing CPE identifiers'
@echo ' printvars - dump internal variables selected with VARS=...'
@echo ' show-vars - dump all internal variables as a JSON blurb; use VARS=...'
@echo ' to limit the list to variables names matching that pattern'
@@ -1263,4 +1254,7 @@ include docs/manual/manual.mk
.PHONY: $(noconfig_targets)
# .WAIT was introduced in make 4.4. For older make, define it as phony.
.PHONY: .WAIT
endif #umask / $(CURDIR) / $(O)

9
arch/Config.in
View File

@@ -216,6 +216,11 @@ config BR2_sh
config BR2_sparc
bool "SPARC"
select BR2_USE_MMU
# uClibc-ng broken on sparc due to recent gcc changes
# that need to be reverted since gcc 8.4, 9.3 and 10.1.
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98784
# gcc <= 10.x has been removed from Buildroot.
select BR2_ARCH_HAS_NO_TOOLCHAIN_BUILDROOT
help
SPARC (from Scalable Processor Architecture) is a RISC
instruction set architecture (ISA) developed by Sun
@@ -304,6 +309,10 @@ config BR2_ARCH_NEEDS_GCC_AT_LEAST_12
bool
select BR2_ARCH_NEEDS_GCC_AT_LEAST_11
config BR2_ARCH_NEEDS_GCC_AT_LEAST_13
bool
select BR2_ARCH_NEEDS_GCC_AT_LEAST_12
# The following string values are defined by the individual
# Config.in.$ARCH files
config BR2_ARCH

10
arch/Config.in.riscv
View File

@@ -18,6 +18,9 @@ config BR2_RISCV_ISA_RVD
config BR2_RISCV_ISA_RVC
bool
config BR2_RISCV_ISA_RVV
bool
choice
prompt "Target Architecture Variant"
default BR2_riscv_g
@@ -35,7 +38,6 @@ config BR2_riscv_g
config BR2_riscv_custom
bool "Custom architecture"
select BR2_RISCV_ISA_RVI
select BR2_RISCV_ISA_CUSTOM_RVA
endchoice
@@ -63,6 +65,12 @@ config BR2_RISCV_ISA_CUSTOM_RVD
config BR2_RISCV_ISA_CUSTOM_RVC
bool "Compressed Instructions (C)"
select BR2_RISCV_ISA_RVC
config BR2_RISCV_ISA_CUSTOM_RVV
bool "Vector Instructions (V)"
select BR2_RISCV_ISA_RVV
select BR2_ARCH_NEEDS_GCC_AT_LEAST_12
endif
choice

210
arch/Config.in.x86
View File

@@ -19,12 +19,20 @@ config BR2_X86_CPU_HAS_AVX
bool
config BR2_X86_CPU_HAS_AVX2
bool
# BR2_X86_CPU_HAS_AVX512 implies the following AVX512 extensions:
# AVX512F, AVX512BW, AVX512CD, AVX512DQ, AVX512VL
# This subset is common to Intel Xeon (excl Xeon Phi), AMD Zen 4, and
# the x86-64-v4 psABI.
#
# Only select BR2_X86_CPU_HAS_AVX512 if the CPU supports this entire
# subset of extensions.
config BR2_X86_CPU_HAS_AVX512
bool
# This list of CPU architecture variant is (loosely) ordered according
# to the gcc documentation at
# https://gcc.gnu.org/onlinedocs/gcc-11.2.0/gcc/x86-Options.html
# https://gcc.gnu.org/onlinedocs/gcc-13.2.0/gcc/x86-Options.html
choice
prompt "Target Architecture Variant"
default BR2_x86_i586 if BR2_i386
@@ -227,6 +235,17 @@ config BR2_x86_sandybridge
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_ARCH_NEEDS_GCC_AT_LEAST_4_9
config BR2_x86_ivybridge
bool "ivybridge"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_ARCH_NEEDS_GCC_AT_LEAST_4_9
config BR2_x86_core_avx2
bool "core-avx2"
select BR2_X86_CPU_HAS_MMX
@@ -335,6 +354,54 @@ config BR2_x86_tremont
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_ARCH_NEEDS_GCC_AT_LEAST_9
config BR2_x86_sierraforest
bool "sierraforest"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_13
config BR2_x86_grandridge
bool "grandridge"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_13
config BR2_x86_knightslanding
bool "knightslanding"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_5
config BR2_x86_knightsmill
bool "knightsmill"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_8
config BR2_x86_skylake_avx512
bool "skylake-avx512"
select BR2_X86_CPU_HAS_MMX
@@ -439,6 +506,8 @@ config BR2_x86_sapphirerapids
select BR2_X86_CPU_HAS_AVX2
select BR2_X86_CPU_HAS_AVX512
select BR2_ARCH_NEEDS_GCC_AT_LEAST_11
help
Use for Sapphire Rapids, Emerald Rapids
config BR2_x86_alderlake
bool "alderlake"
select BR2_X86_CPU_HAS_MMX
@@ -450,8 +519,9 @@ config BR2_x86_alderlake
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_X86_CPU_HAS_AVX512
select BR2_ARCH_NEEDS_GCC_AT_LEAST_11
help
Use for Alder Lake, Raptor Lake, Meteor Lake
config BR2_x86_rocketlake
bool "rocketlake"
select BR2_X86_CPU_HAS_MMX
@@ -465,6 +535,32 @@ config BR2_x86_rocketlake
select BR2_X86_CPU_HAS_AVX2
select BR2_X86_CPU_HAS_AVX512
select BR2_ARCH_NEEDS_GCC_AT_LEAST_11
config BR2_x86_graniterapids
bool "graniterapids"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_X86_CPU_HAS_AVX512
select BR2_ARCH_NEEDS_GCC_AT_LEAST_13
config BR2_x86_graniterapids_d
bool "graniterapids-d"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_X86_CPU_HAS_AVX512
select BR2_ARCH_NEEDS_GCC_AT_LEAST_13
config BR2_x86_k6
bool "k6"
depends on !BR2_x86_64
@@ -502,6 +598,13 @@ config BR2_x86_barcelona
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
config BR2_x86_bobcat
bool "bobcat"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
config BR2_x86_jaguar
bool "jaguar"
select BR2_X86_CPU_HAS_MMX
@@ -511,6 +614,25 @@ config BR2_x86_jaguar
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_ARCH_NEEDS_GCC_AT_LEAST_4_8
config BR2_x86_bulldozer
bool "bulldozer"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
config BR2_x86_piledriver
bool "piledriver"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
config BR2_x86_steamroller
bool "steamroller"
select BR2_X86_CPU_HAS_MMX
@@ -520,12 +642,73 @@ config BR2_x86_steamroller
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_ARCH_NEEDS_GCC_AT_LEAST_4_8
config BR2_x86_excavator
bool "excavator"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_4_9
config BR2_x86_zen
bool "zen"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_6
config BR2_x86_zen2
bool "zen 2"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_9
config BR2_x86_zen3
bool "zen 3"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_ARCH_NEEDS_GCC_AT_LEAST_11
config BR2_x86_zen4
bool "zen 4"
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_SSE
select BR2_X86_CPU_HAS_SSE2
select BR2_X86_CPU_HAS_SSE3
select BR2_X86_CPU_HAS_SSSE3
select BR2_X86_CPU_HAS_SSE4
select BR2_X86_CPU_HAS_SSE42
select BR2_X86_CPU_HAS_AVX
select BR2_X86_CPU_HAS_AVX2
select BR2_X86_CPU_HAS_AVX512
select BR2_ARCH_NEEDS_GCC_AT_LEAST_13
config BR2_x86_geode
bool "geode"
# Don't include MMX support because there several variant of geode
# processor, some with MMX support, some without.
# See: http://en.wikipedia.org/wiki/Geode_%28processor%29
bool "AMD Geode"
depends on !BR2_x86_64
select BR2_X86_CPU_HAS_MMX
select BR2_X86_CPU_HAS_3DNOW
config BR2_x86_c3
bool "Via/Cyrix C3 (Samuel/Ezra cores)"
depends on !BR2_x86_64
@@ -593,6 +776,7 @@ config BR2_GCC_TARGET_ARCH
default "nehalem" if BR2_x86_nehalem
default "corei7-avx" if BR2_x86_corei7_avx
default "sandybridge" if BR2_x86_sandybridge
default "ivybridge" if BR2_x86_ivybridge
default "core-avx2" if BR2_x86_core_avx2
default "haswell" if BR2_x86_haswell
default "broadwell" if BR2_x86_broadwell
@@ -604,6 +788,10 @@ config BR2_GCC_TARGET_ARCH
default "goldmont" if BR2_x86_goldmont
default "goldmont-plus" if BR2_x86_goldmont_plus
default "tremont" if BR2_x86_tremont
default "sierraforest" if BR2_x86_sierraforest
default "grandridge" if BR2_x86_grandridge
default "knl" if BR2_x86_knightslanding
default "knm" if BR2_x86_knightsmill
default "skylake-avx512" if BR2_x86_skylake_avx512
default "cannonlake" if BR2_x86_cannonlake
default "icelake-client" if BR2_x86_icelake_client
@@ -614,11 +802,21 @@ config BR2_GCC_TARGET_ARCH
default "sapphirerapids" if BR2_x86_sapphirerapids
default "alderlake" if BR2_x86_alderlake
default "rocketlake" if BR2_x86_rocketlake
default "graniterapids" if BR2_x86_graniterapids
default "graniterapids-d" if BR2_x86_graniterapids_d
default "k8" if BR2_x86_opteron
default "k8-sse3" if BR2_x86_opteron_sse3
default "barcelona" if BR2_x86_barcelona
default "btver1" if BR2_x86_bobcat
default "btver2" if BR2_x86_jaguar
default "bdver1" if BR2_x86_bulldozer
default "bdver2" if BR2_x86_piledriver
default "bdver3" if BR2_x86_steamroller
default "bdver4" if BR2_x86_excavator
default "znver1" if BR2_x86_zen
default "znver2" if BR2_x86_zen2
default "znver3" if BR2_x86_zen3
default "znver4" if BR2_x86_zen4
default "k6" if BR2_x86_k6
default "k6-2" if BR2_x86_k6_2
default "athlon" if BR2_x86_athlon

3
arch/arch.mk.riscv
View File

@@ -26,6 +26,9 @@ endif
ifeq ($(BR2_RISCV_ISA_RVC),y)
GCC_TARGET_ARCH := $(GCC_TARGET_ARCH)c
endif
ifeq ($(BR2_RISCV_ISA_RVV),y)
GCC_TARGET_ARCH := $(GCC_TARGET_ARCH)v
endif
# Starting from gcc 12.x, csr and fence instructions have been
# separated from the base I instruction set, and special -march

58
board/beaglev/patches/uboot/0001-riscv-Fix-build-against-binutils-2.38.patch Normal file
View File

@@ -0,0 +1,58 @@
From 0cf11f3c0478f4286adcfb09bf9137f8b00212e3 Mon Sep 17 00:00:00 2001
From: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Date: Mon, 3 Oct 2022 18:07:54 +0200
Subject: [PATCH] riscv: Fix build against binutils 2.38
The following description is copied from the equivalent patch for the
Linux Kernel proposed by Aurelien Jarno:
>From version 2.38, binutils default to ISA spec version 20191213. This
means that the csr read/write (csrr*/csrw*) instructions and fence.i
instruction has separated from the `I` extension, become two standalone
extensions: Zicsr and Zifencei. As the kernel uses those instruction,
this causes the following build failure:
arch/riscv/cpu/mtrap.S: Assembler messages:
arch/riscv/cpu/mtrap.S:65: Error: unrecognized opcode `csrr a0,scause'
arch/riscv/cpu/mtrap.S:66: Error: unrecognized opcode `csrr a1,sepc'
arch/riscv/cpu/mtrap.S:67: Error: unrecognized opcode `csrr a2,stval'
arch/riscv/cpu/mtrap.S:70: Error: unrecognized opcode `csrw sepc,a0'
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Christian Stewart <christian@paral.in>
Reviewed-by: Rick Chen <rick@andestech.com>
(cherry picked from commit 1dde977518f13824b847e23275001191139bc384)
Upstream: https://gitlab.com/u-boot/u-boot/-/commit/1dde977518f13824b847e23275001191139bc384
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
arch/riscv/Makefile | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
index 0b80eb8d864..53d1194ffb6 100644
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -24,7 +24,16 @@ ifeq ($(CONFIG_CMODEL_MEDANY),y)
CMODEL = medany
endif
-ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_C) -mabi=$(ABI) \
+RISCV_MARCH = $(ARCH_BASE)$(ARCH_A)$(ARCH_C)
+
+# Newer binutils versions default to ISA spec version 20191213 which moves some
+# instructions from the I extension to the Zicsr and Zifencei extensions.
+toolchain-need-zicsr-zifencei := $(call cc-option-yn, -mabi=$(ABI) -march=$(RISCV_MARCH)_zicsr_zifencei)
+ifeq ($(toolchain-need-zicsr-zifencei),y)
+ RISCV_MARCH := $(RISCV_MARCH)_zicsr_zifencei
+endif
+
+ARCH_FLAGS = -march=$(RISCV_MARCH) -mabi=$(ABI) \
-mcmodel=$(CMODEL)
PLATFORM_CPPFLAGS += $(ARCH_FLAGS)
--
2.41.0

2
board/bsh/imx8mn-bsh-smm-s2/readme.txt
View File

@@ -2,7 +2,7 @@ i.MX8MN BSH SMM S2
==================
This tutorial describes how to use the predefined Buildroot
configuration for the i.MX8MN BSH SMM S2 PRO board.
configuration for the i.MX8MN BSH SMM S2 board.
Building
--------

58
board/canaan/k210-soc/patches/uboot/0001-riscv-Fix-build-against-binutils-2.38.patch Normal file
View File

@@ -0,0 +1,58 @@
From 0cf11f3c0478f4286adcfb09bf9137f8b00212e3 Mon Sep 17 00:00:00 2001
From: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Date: Mon, 3 Oct 2022 18:07:54 +0200
Subject: [PATCH] riscv: Fix build against binutils 2.38
The following description is copied from the equivalent patch for the
Linux Kernel proposed by Aurelien Jarno:
>From version 2.38, binutils default to ISA spec version 20191213. This
means that the csr read/write (csrr*/csrw*) instructions and fence.i
instruction has separated from the `I` extension, become two standalone
extensions: Zicsr and Zifencei. As the kernel uses those instruction,
this causes the following build failure:
arch/riscv/cpu/mtrap.S: Assembler messages:
arch/riscv/cpu/mtrap.S:65: Error: unrecognized opcode `csrr a0,scause'
arch/riscv/cpu/mtrap.S:66: Error: unrecognized opcode `csrr a1,sepc'
arch/riscv/cpu/mtrap.S:67: Error: unrecognized opcode `csrr a2,stval'
arch/riscv/cpu/mtrap.S:70: Error: unrecognized opcode `csrw sepc,a0'
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Christian Stewart <christian@paral.in>
Reviewed-by: Rick Chen <rick@andestech.com>
(cherry picked from commit 1dde977518f13824b847e23275001191139bc384)
Upstream: https://gitlab.com/u-boot/u-boot/-/commit/1dde977518f13824b847e23275001191139bc384
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
arch/riscv/Makefile | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
index 0b80eb8d864..53d1194ffb6 100644
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -24,7 +24,16 @@ ifeq ($(CONFIG_CMODEL_MEDANY),y)
CMODEL = medany
endif
-ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_C) -mabi=$(ABI) \
+RISCV_MARCH = $(ARCH_BASE)$(ARCH_A)$(ARCH_C)
+
+# Newer binutils versions default to ISA spec version 20191213 which moves some
+# instructions from the I extension to the Zicsr and Zifencei extensions.
+toolchain-need-zicsr-zifencei := $(call cc-option-yn, -mabi=$(ABI) -march=$(RISCV_MARCH)_zicsr_zifencei)
+ifeq ($(toolchain-need-zicsr-zifencei),y)
+ RISCV_MARCH := $(RISCV_MARCH)_zicsr_zifencei
+endif
+
+ARCH_FLAGS = -march=$(RISCV_MARCH) -mabi=$(ABI) \
-mcmodel=$(CMODEL)
PLATFORM_CPPFLAGS += $(ARCH_FLAGS)
--
2.41.0

61
board/freescale/common/patches/arm-trusted-firmware/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

51
board/freescale/common/patches/arm-trusted-firmware/0002-LF-7968-01-fix-Makefile-Suppress-array-bounds-error.patch Normal file
View File

@@ -0,0 +1,51 @@
From b2a94de52ae4a940a87d569815b19d3fa92dd32a Mon Sep 17 00:00:00 2001
From: Tom Hochstein <tom.hochstein@nxp.com>
Date: Mon, 16 May 2022 13:45:16 -0500
Subject: [PATCH] LF-7968-01 fix(Makefile): Suppress array-bounds error
The array-bounds error is triggered now in cases where it was silent
before, causing errors like:
```
plat/imx/imx8m/hab.c: In function 'imx_hab_handler':
plat/imx/imx8m/hab.c:64:57: error: array subscript 0 is outside array bounds of 'uint32_t[0]' {aka 'unsigned int[]'} [-Werror=array-bounds]
64 | #define HAB_RVT_CHECK_TARGET_ARM64 ((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x18))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
The error is a false-positive and is entered as a bug [1]. The problem
is fixed partially in GCC 12 and fully in GCC 13 [2].
The partial fix does not work here because the constant addresses used
are less than the 4kB boundary chosen for the partial fix, so suppress
the error until GCC is upgraded to 13.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578#c39
Upstream-Status: Inappropriate [other]
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Upstream: https://github.com/nxp-imx/imx-atf/commit/058bf0f104115037d03e277f079825ef3659c5b9
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index c87c3ae08..2d6b90f47 100644
--- a/Makefile
+++ b/Makefile
@@ -346,7 +346,7 @@ WARNINGS += -Wshift-overflow -Wshift-sign-overflow \
endif
ifneq (${E},0)
-ERRORS := -Werror
+ERRORS := -Werror -Wno-error=array-bounds
endif
CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \
--
2.41.0

2
board/orangepi/orangepi-lite2/readme.txt
View File

@@ -6,7 +6,7 @@ buildroot environment for the Orangepi Lite2. With the current configuration
it will bring-up the board, and allow access through the serial console.
Orangepi Lite2 link:
http://www.orangepi.org/Orange%20Pi%20Lite%202/
http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/details/Orange-Pi-Lite-2.html
Wiki link:
https://openedev.amarulasolutions.com/display/ODWIKI/Orangepi+Lite2

2
board/orangepi/orangepi-one-plus/readme.txt
View File

@@ -6,7 +6,7 @@ buildroot environment for the Orangepi One Plus. With the current configuration
it will bring-up the board, and allow access through the serial console.
Orangepi One Plus link:
http://www.orangepi.org/OrangePiOneplus/
http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/details/Orange-Pi-One-Plus.html
Wiki link:
https://openedev.amarulasolutions.com/display/ODWIKI/Orangepi+One+Plus

2
board/orangepi/orangepi-zero-plus/readme.txt
View File

@@ -6,7 +6,7 @@ buildroot environment for the Orangepi Zero Plus. With the current configuration
it will bring-up the board, and allow access through the serial console.
Orangepi Zero Plus link:
http://www.orangepi.org/OrangePiZeroPlus/
http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/details/Orange-Pi-Zero-Plus.html
This configuration uses U-Boot mainline and kernel mainline.

2
board/orangepi/orangepi-zero-plus2/readme.txt
View File

@@ -6,7 +6,7 @@ buildroot environment for the Orangepi Zero Plus2. With the current configuratio
it will bring-up the board, and allow access through the serial console.
Orangepi Zero Plus2 link:
http://www.orangepi.org/OrangePiZeroPlus2/
http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/details/Orange-Pi-Zero-Plus-2.html
Wiki link:
https://openedev.amarulasolutions.com/display/ODWIKI/Orangepi+Zero+Plus2

5
board/qemu/aarch64-virt/linux.config
View File

@@ -12,8 +12,7 @@ CONFIG_SCHED_AUTOGROUP=y
CONFIG_PROFILING=y
CONFIG_ARCH_VEXPRESS=y
CONFIG_COMPAT=y
CONFIG_FW_CFG_SYSFS=y
CONFIG_FW_CFG_SYSFS_CMDLINE=y
CONFIG_ACPI=y
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_BLK_DEV_BSGLIB=y
@@ -34,6 +33,8 @@ CONFIG_PCI=y
CONFIG_PCI_HOST_GENERIC=y
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_FW_CFG_SYSFS=y
CONFIG_FW_CFG_SYSFS_CMDLINE=y
CONFIG_VIRTIO_BLK=y
CONFIG_BLK_DEV_SD=y
CONFIG_CHR_DEV_SG=y

97
board/qemu/m68k-mcf5208/0001-m68k-Fix-invalid-.section-syntax.patch Normal file
View File

@@ -0,0 +1,97 @@
From 0bb6b7477f5dcfafbdd76eea9c7aa7a5f78d7613 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Fri, 16 Jun 2023 17:36:10 +0200
Subject: [PATCH] m68k: Fix invalid .section syntax
gas supports several different forms for .section for ELF targets,
including:
.section NAME [, "FLAGS"[, @TYPE[,FLAG_SPECIFIC_ARGUMENTS]]]
and:
.section "NAME"[, #FLAGS...]
In several places we use a mix of these two forms:
.section NAME, #FLAGS...
A current development snapshot of binutils (2.40.50.20230611) treats
this mixed syntax as an error.
Change to consistently use:
.section NAME, "FLAGS"
as is used elsewhere in the kernel.
Link: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=m68k&ver=6.4%7Erc6-1%7Eexp1&stamp=1686907300&raw=1
Signed-off-by: Ben Hutchings <benh@debian.org>
Tested-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Link: https://lore.kernel.org/r/ZIyBaueWT9jnTwRC@decadent.org.uk
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Upstream: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=922a9bd138101e3e5718f0f4d40dba68ef89bb43
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
arch/m68k/fpsp040/skeleton.S | 4 ++--
arch/m68k/ifpsp060/os.S | 4 ++--
arch/m68k/kernel/relocate_kernel.S | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/m68k/fpsp040/skeleton.S b/arch/m68k/fpsp040/skeleton.S
index 439395aa6fb4..081922c72daa 100644
--- a/arch/m68k/fpsp040/skeleton.S
+++ b/arch/m68k/fpsp040/skeleton.S
@@ -499,13 +499,13 @@ in_ea:
dbf %d0,morein
rts
- .section .fixup,#alloc,#execinstr
+ .section .fixup,"ax"
.even
1:
jbsr fpsp040_die
jbra .Lnotkern
- .section __ex_table,#alloc
+ .section __ex_table,"a"
.align 4
.long in_ea,1b
diff --git a/arch/m68k/ifpsp060/os.S b/arch/m68k/ifpsp060/os.S
index 7a0d6e428066..89e2ec224ab6 100644
--- a/arch/m68k/ifpsp060/os.S
+++ b/arch/m68k/ifpsp060/os.S
@@ -379,11 +379,11 @@ _060_real_access:
| Execption handling for movs access to illegal memory
- .section .fixup,#alloc,#execinstr
+ .section .fixup,"ax"
.even
1: moveq #-1,%d1
rts
-.section __ex_table,#alloc
+.section __ex_table,"a"
.align 4
.long dmrbuae,1b
.long dmrwuae,1b
diff --git a/arch/m68k/kernel/relocate_kernel.S b/arch/m68k/kernel/relocate_kernel.S
index ab0f1e7d4653..f7667079e08e 100644
--- a/arch/m68k/kernel/relocate_kernel.S
+++ b/arch/m68k/kernel/relocate_kernel.S
@@ -26,7 +26,7 @@ ENTRY(relocate_new_kernel)
lea %pc@(.Lcopy),%a4
2: addl #0x00000000,%a4 /* virt_to_phys() */
- .section ".m68k_fixup","aw"
+ .section .m68k_fixup,"aw"
.long M68K_FIXUP_MEMOFFSET, 2b+2
.previous
@@ -49,7 +49,7 @@ ENTRY(relocate_new_kernel)
lea %pc@(.Lcont040),%a4
5: addl #0x00000000,%a4 /* virt_to_phys() */
- .section ".m68k_fixup","aw"
+ .section .m68k_fixup,"aw"
.long M68K_FIXUP_MEMOFFSET, 5b+2
.previous
--
2.41.0

97
board/qemu/m68k-q800/0001-m68k-Fix-invalid-.section-syntax.patch Normal file
View File

@@ -0,0 +1,97 @@
From 0bb6b7477f5dcfafbdd76eea9c7aa7a5f78d7613 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Fri, 16 Jun 2023 17:36:10 +0200
Subject: [PATCH] m68k: Fix invalid .section syntax
gas supports several different forms for .section for ELF targets,
including:
.section NAME [, "FLAGS"[, @TYPE[,FLAG_SPECIFIC_ARGUMENTS]]]
and:
.section "NAME"[, #FLAGS...]
In several places we use a mix of these two forms:
.section NAME, #FLAGS...
A current development snapshot of binutils (2.40.50.20230611) treats
this mixed syntax as an error.
Change to consistently use:
.section NAME, "FLAGS"
as is used elsewhere in the kernel.
Link: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=m68k&ver=6.4%7Erc6-1%7Eexp1&stamp=1686907300&raw=1
Signed-off-by: Ben Hutchings <benh@debian.org>
Tested-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Link: https://lore.kernel.org/r/ZIyBaueWT9jnTwRC@decadent.org.uk
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Upstream: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=922a9bd138101e3e5718f0f4d40dba68ef89bb43
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
arch/m68k/fpsp040/skeleton.S | 4 ++--
arch/m68k/ifpsp060/os.S | 4 ++--
arch/m68k/kernel/relocate_kernel.S | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/m68k/fpsp040/skeleton.S b/arch/m68k/fpsp040/skeleton.S
index 439395aa6fb4..081922c72daa 100644
--- a/arch/m68k/fpsp040/skeleton.S
+++ b/arch/m68k/fpsp040/skeleton.S
@@ -499,13 +499,13 @@ in_ea:
dbf %d0,morein
rts
- .section .fixup,#alloc,#execinstr
+ .section .fixup,"ax"
.even
1:
jbsr fpsp040_die
jbra .Lnotkern
- .section __ex_table,#alloc
+ .section __ex_table,"a"
.align 4
.long in_ea,1b
diff --git a/arch/m68k/ifpsp060/os.S b/arch/m68k/ifpsp060/os.S
index 7a0d6e428066..89e2ec224ab6 100644
--- a/arch/m68k/ifpsp060/os.S
+++ b/arch/m68k/ifpsp060/os.S
@@ -379,11 +379,11 @@ _060_real_access:
| Execption handling for movs access to illegal memory
- .section .fixup,#alloc,#execinstr
+ .section .fixup,"ax"
.even
1: moveq #-1,%d1
rts
-.section __ex_table,#alloc
+.section __ex_table,"a"
.align 4
.long dmrbuae,1b
.long dmrwuae,1b
diff --git a/arch/m68k/kernel/relocate_kernel.S b/arch/m68k/kernel/relocate_kernel.S
index ab0f1e7d4653..f7667079e08e 100644
--- a/arch/m68k/kernel/relocate_kernel.S
+++ b/arch/m68k/kernel/relocate_kernel.S
@@ -26,7 +26,7 @@ ENTRY(relocate_new_kernel)
lea %pc@(.Lcopy),%a4
2: addl #0x00000000,%a4 /* virt_to_phys() */
- .section ".m68k_fixup","aw"
+ .section .m68k_fixup,"aw"
.long M68K_FIXUP_MEMOFFSET, 2b+2
.previous
@@ -49,7 +49,7 @@ ENTRY(relocate_new_kernel)
lea %pc@(.Lcont040),%a4
5: addl #0x00000000,%a4 /* virt_to_phys() */
- .section ".m68k_fixup","aw"
+ .section .m68k_fixup,"aw"
.long M68K_FIXUP_MEMOFFSET, 5b+2
.previous
--
2.41.0

2
board/qemu/ppc64le-powernv8/readme.txt
View File

@@ -1,5 +1,5 @@
Run the emulation with:
qemu-system-ppc64 -M powernv9 -kernel vmlinux -append "console=hvc0 rootwait root=/dev/nvme0n1" -device nvme,bus=pcie.3,addr=0x0,drive=drive0,serial=1234 -drive file=./rootfs.ext2,if=none,id=drive0,format=raw,cache=none -device e1000e,netdev=net0,mac=C0:FF:EE:00:01:03,bus=pcie.1,addr=0x0 -netdev user,id=net0 -serial mon:stdio -nographic # qemu_ppc64le_powernv8_defconfig
qemu-system-ppc64 -M powernv9 -kernel output/images/vmlinux -append "console=hvc0 rootwait root=/dev/nvme0n1" -device nvme,bus=pcie.3,addr=0x0,drive=drive0,serial=1234 -drive file=output/images/rootfs.ext2,if=none,id=drive0,format=raw,cache=none -device e1000e,netdev=net0,mac=C0:FF:EE:00:01:03,bus=pcie.1,addr=0x0 -netdev user,id=net0 -serial mon:stdio -nographic # qemu_ppc64le_powernv8_defconfig
The login prompt will appear in the terminal window.

3
board/radxa/rock5b/boot.cmd Normal file
View File

@@ -0,0 +1,3 @@
setenv bootargs root=/dev/mmcblk0p2 rw rootfstype=ext4 clkin_hz=(25000000) earlycon clk_ignore_unused earlyprintk console=ttyS2,1500000n8 rootwait
fatload mmc 1:1 ${loadaddr} image.itb
bootm ${loadaddr}

34
board/radxa/rock5b/genimage.cfg Normal file
View File

@@ -0,0 +1,34 @@
# SD card image for Radxa Rock 5b
image boot.vfat {
vfat {
files = {
"image.itb",
"boot.scr"
}
}
size = 16M
}
image sdcard.img {
hdimage {
partition-table-type = "hybrid"
}
partition uboot {
in-partition-table = "false"
image = "u-boot-rockchip.bin"
offset = 32K
}
partition boot {
partition-type = "0xC"
bootable = "true"
image = "boot.vfat"
}
partition rootfs {
partition-type = 0x83
image = "rootfs.ext2"
}
}

4
board/radxa/rock5b/linux.fragment Normal file
View File

@@ -0,0 +1,4 @@
CONFIG_R8169=y
# Disable Rockchip specific WiFi drivers, as the kernel
# code cannot be build with GCC 12 due to several Werrors
# CONFIG_WL_ROCKCHIP is not set

64
board/radxa/rock5b/patches/linux/0001-etherdevice-Adjust-ether_addr-prototypes-to-silence-.patch Normal file
View File

@@ -0,0 +1,64 @@
From 2618a0dae09ef37728dab89ff60418cbe25ae6bd Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Sat, 12 Feb 2022 09:14:49 -0800
Subject: etherdevice: Adjust ether_addr* prototypes to silence
-Wstringop-overead
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
With GCC 12, -Wstringop-overread was warning about an implicit cast from
char[6] to char[8]. However, the extra 2 bytes are always thrown away,
alignment doesn't matter, and the risk of hitting the edge of unallocated
memory has been accepted, so this prototype can just be converted to a
regular char *. Silences:
net/core/dev.c: In function bpf_prog_run_generic_xdp: net/core/dev.c:4618:21: warning: ether_addr_equal_64bits reading 8 bytes from a region of size 6 [-Wstringop-overread]
4618 | orig_host = ether_addr_equal_64bits(eth->h_dest, > skb->dev->dev_addr);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/dev.c:4618:21: note: referencing argument 1 of type const u8[8] {aka const unsigned char[8]}
net/core/dev.c:4618:21: note: referencing argument 2 of type const u8[8] {aka const unsigned char[8]}
In file included from net/core/dev.c:91: include/linux/etherdevice.h:375:20: note: in a call to function ether_addr_equal_64bits
375 | static inline bool ether_addr_equal_64bits(const u8 addr1[6+2],
| ^~~~~~~~~~~~~~~~~~~~~~~
Reported-by: Marc Kleine-Budde <mkl@pengutronix.de>
Tested-by: Marc Kleine-Budde <mkl@pengutronix.de>
Link: https://lore.kernel.org/netdev/20220212090811.uuzk6d76agw2vv73@pengutronix.de
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2618a0dae09ef37728dab89ff60418cbe25ae6bd
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
---
include/linux/etherdevice.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h
index 2ad71cc90b37d..92b10e67d5f87 100644
--- a/include/linux/etherdevice.h
+++ b/include/linux/etherdevice.h
@@ -134,7 +134,7 @@ static inline bool is_multicast_ether_addr(const u8 *addr)
#endif
}
-static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2])
+static inline bool is_multicast_ether_addr_64bits(const u8 *addr)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
#ifdef __BIG_ENDIAN
@@ -372,8 +372,7 @@ static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2)
* Please note that alignment of addr1 & addr2 are only guaranteed to be 16 bits.
*/
-static inline bool ether_addr_equal_64bits(const u8 addr1[6+2],
- const u8 addr2[6+2])
+static inline bool ether_addr_equal_64bits(const u8 *addr1, const u8 *addr2)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
u64 fold = (*(const u64 *)addr1) ^ (*(const u64 *)addr2);
--
cgit

43
board/radxa/rock5b/patches/linux/0002-mm-page_alloc-fix-building-error-on-Werror-array-com.patch Normal file
View File

@@ -0,0 +1,43 @@
From ca831f29f8f25c97182e726429b38c0802200c8f Mon Sep 17 00:00:00 2001
From: Xiongwei Song <sxwjean@gmail.com>
Date: Fri, 14 Jan 2022 14:07:24 -0800
Subject: mm: page_alloc: fix building error on -Werror=array-compare
Arthur Marsh reported we would hit the error below when building kernel
with gcc-12:
CC mm/page_alloc.o
mm/page_alloc.c: In function `mem_init_print_info':
mm/page_alloc.c:8173:27: error: comparison between two arrays [-Werror=array-compare]
8173 | if (start <= pos && pos < end && size > adj) \
|
In C++20, the comparision between arrays should be warned.
Link: https://lkml.kernel.org/r/20211125130928.32465-1-sxwjean@me.com
Signed-off-by: Xiongwei Song <sxwjean@gmail.com>
Reported-by: Arthur Marsh <arthur.marsh@internode.on.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca831f29f8f25c97182e726429b38c0802200c8f
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
---
mm/page_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 806f317c2e7e2..c4ef450ac4428 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -8228,7 +8228,7 @@ void __init mem_init_print_info(void)
*/
#define adj_init_size(start, end, size, pos, adj) \
do { \
- if (start <= pos && pos < end && size > adj) \
+ if (&start[0] <= &pos[0] && &pos[0] < &end[0] && size > adj) \
size -= adj; \
} while (0)
--
cgit

7
board/radxa/rock5b/post-image.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -e
gzip -fk "${BINARIES_DIR}/Image"
cp board/radxa/rock5b/rock5b.its "${BINARIES_DIR}"
(cd "${BINARIES_DIR}" && mkimage -f rock5b.its image.itb)
support/scripts/genimage.sh -c board/radxa/rock5b/genimage.cfg

82
board/radxa/rock5b/readme.txt Normal file
View File

@@ -0,0 +1,82 @@
RADXA ROCK 5B
==============
https://wiki.radxa.com/Rock5/hardware/5b
Build:
======
$ make rock5b_defconfig
$ make
Files created in output directory
=================================
output/images
.
├── Image
├── Image.gz
├── boot.scr
├── boot.vfat
├── image.itb
├── rk3588-rock-5b.dtb
├── rk3588_bl31_v1.40.elf
├── rk3588_ddr_lp4_2112MHz_lp5_2736MHz_v1.12.bin
├── rock5b.its
├── rootfs.ext2
├── rootfs.ext4
├── rootfs.tar
├── sdcard.img
├── u-boot-rockchip.bin
└── u-boot.bin
Creating bootable SD card:
==========================
Simply invoke (as root)
sudo dd if=output/images/sdcard.img of=/dev/sdX && sync
Where X is your SD card device.
Booting:
========
Serial console:
---------------
The Rock 5B has a 40-pin GPIO header. Its layout can be seen here:
https://wiki.radxa.com/Rock5/hardware/5b/gpio
The Uart pins are as follows:
pin 6: gnd
pin 8: tx
pin 10: rx
Baudrate for this board is 1500000.
Login:
------
Enter 'root' as login user, and the prompt is ready.
wiki link:
----------
https://forum.radxa.com/c/rock5
Issues:
=======
The custom Radxa kernel provides custom code to support WiFi. However,
that code does not compile with GCC 12, which is the current default
version in buildroot. Hence, the WiFi kernel drivers are disabled, until
the issues get fixed (if ever). If they are desperately needed, one may
apply the following workaround, as long as buildroot still supports GCC
version 11:
1. Set GCC version 11, by adding the following line to
configs/rock5b_defconfig:
BR2_GCC_VERSION_11_X=y
2. Re-enable custom WiFi drivers by removing the following line from
board/radxa/rock5b/linux.fragment:
# CONFIG_WL_ROCKCHIP is not set

46
board/radxa/rock5b/rock5b.its Normal file
View File

@@ -0,0 +1,46 @@
/dts-v1/;
/ {
description = "Rock 5B FIT Image";
#address-cells = <1>;
images {
kernel {
description = "Kernel";
data = /incbin/("Image.gz");
type = "kernel";
arch = "arm64";
os = "linux";
compression = "gzip";
load = <0x0a200000>;
entry = <0x0a200000>;
hash {
algo = "sha256";
};
};
fdt {
description = "Device Tree";
data = /incbin/("rk3588-rock-5b.dtb");
type = "flat_dt";
arch = "arm64";
compression = "none";
load = <0x0e000000>;
entry = <0x0e000000>;
hash {
algo = "sha256";
};
};
};
configurations {
default = "standard";
standard {
description = "Standard Boot";
kernel = "kernel";
fdt = "fdt";
hash {
algo = "sha256";
};
};
};
};

1
board/raspberrypi/genimage-raspberrypi0.cfg
View File

@@ -7,6 +7,7 @@ image boot.vfat {
"rpi-firmware/config.txt",
"rpi-firmware/fixup.dat",
"rpi-firmware/start.elf",
"rpi-firmware/overlays",
"zImage"
}
}

1
board/raspberrypi/genimage-raspberrypi2.cfg
View File

@@ -7,6 +7,7 @@ image boot.vfat {
"rpi-firmware/config.txt",
"rpi-firmware/fixup.dat",
"rpi-firmware/start.elf",
"rpi-firmware/overlays",
"zImage"
}
}

8
board/raspberrypi/post-build.sh
View File

@@ -8,4 +8,12 @@ if [ -e ${TARGET_DIR}/etc/inittab ]; then
grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \
sed -i '/GENERIC_SERIAL/a\
tty1::respawn:/sbin/getty -L tty1 0 vt100 # HDMI console' ${TARGET_DIR}/etc/inittab
# systemd doesn't use /etc/inittab, enable getty.tty1.service instead
elif [ -d ${TARGET_DIR}/etc/systemd ]; then
mkdir -p "${TARGET_DIR}/etc/systemd/system/getty.target.wants"
ln -sf /lib/systemd/system/getty@.service \
"${TARGET_DIR}/etc/systemd/system/getty.target.wants/getty@tty1.service"
fi
# ensure overlays exists for genimage
mkdir -p "${BINARIES_DIR}/rpi-firmware/overlays"

BIN
board/shredos/bootx64.efi
View File

Binary file not shown.

BIN
board/shredos/bootx64.efi.2021.08
View File

Binary file not shown.

BIN
board/shredos/bootx64.efi.original
View File

Binary file not shown.

BIN
board/shredos/bootx64.efi.recent.build.without.efigop.efiuga
View File

Binary file not shown.

BIN
board/shredos/bootx64.efi.used.up.to.01-Jun-23
View File

Binary file not shown.

2
board/shredos/genimage.cfg
View File

@@ -10,7 +10,7 @@ image boot.vfat {
file autorun.inf { image = 'autorun.inf' }
}
size = 230000000
size = 240000000
}
image shredos.img {

4430
board/shredos/kernel-4.14-defconfig.config
View File

File diff suppressed because it is too large Load Diff

1230
board/shredos/kernel-5.13-defconfig.config
View File

File diff suppressed because it is too large Load Diff

1082
board/shredos/kernel-5.6-defconfig.config
View File

File diff suppressed because it is too large Load Diff

42
board/shredos/kernel-6.3-defconfig.config → board/shredos/kernel-6.4-defconfig.config
View File

@@ -72,15 +72,12 @@ CONFIG_DNS_RESOLVER=y
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_CGROUP_NET_PRIO=y
CONFIG_PCI=y
CONFIG_PCIEPORTBUS=y
CONFIG_HOTPLUG_PCI_PCIE=y
CONFIG_PCIEAER=y
CONFIG_PCIEAER_INJECT=y
CONFIG_PCIE_ECRC=y
CONFIG_PCI_IOV=y
CONFIG_PCI_PRI=y
CONFIG_PCI_PASID=y
CONFIG_HOTPLUG_PCI=y
CONFIG_HOTPLUG_PCI_ACPI=y
CONFIG_HOTPLUG_PCI_ACPI_IBM=y
CONFIG_HOTPLUG_PCI_CPCI=y
@@ -156,7 +153,10 @@ CONFIG_SCSI_STEX=y
CONFIG_SCSI_SYM53C8XX_2=y
CONFIG_SCSI_IPR=y
CONFIG_SCSI_QLOGIC_1280=y
CONFIG_SCSI_QLA_FC=y
CONFIG_SCSI_QLA_ISCSI=y
CONFIG_QEDI=y
CONFIG_SCSI_LPFC=y
CONFIG_SCSI_DC395x=y
CONFIG_SCSI_AM53C974=y
CONFIG_SCSI_WD719X=y
@@ -234,6 +234,7 @@ CONFIG_PATA_RZ1000=y
CONFIG_PATA_ACPI=y
CONFIG_ATA_GENERIC=y
CONFIG_PATA_LEGACY=y
CONFIG_MD=y
CONFIG_FUSION=y
CONFIG_FUSION_SPI=y
CONFIG_FUSION_FC=y
@@ -302,7 +303,6 @@ CONFIG_E1000=y
CONFIG_E1000E=y
CONFIG_IGB=y
CONFIG_IGBVF=y
CONFIG_IXGB=y
CONFIG_IXGBE=y
CONFIG_IXGBE_DCB=y
CONFIG_I40E=y
@@ -625,7 +625,6 @@ CONFIG_DRM_RADEON_USERPTR=y
CONFIG_DRM_AMDGPU=y
CONFIG_DRM_AMDGPU_SI=y
CONFIG_DRM_AMDGPU_CIK=y
CONFIG_DRM_AMD_DC_HDCP=y
CONFIG_DRM_AMD_DC_SI=y
CONFIG_HSA_AMD=y
CONFIG_DRM_NOUVEAU=y
@@ -730,6 +729,7 @@ CONFIG_LCD_OTM3225A=y
CONFIG_BACKLIGHT_KTD253=y
CONFIG_BACKLIGHT_KTZ8866=y
CONFIG_BACKLIGHT_LM3533=y
CONFIG_BACKLIGHT_CARILLO_RANCH=y
CONFIG_BACKLIGHT_DA903X=y
CONFIG_BACKLIGHT_DA9052=y
CONFIG_BACKLIGHT_MAX8925=y
@@ -827,6 +827,8 @@ CONFIG_I2C_HID_ACPI=y
CONFIG_INTEL_ISH_HID=y
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER=y
CONFIG_AMD_SFH_HID=y
CONFIG_SURFACE_HID=y
CONFIG_SURFACE_KBD=y
CONFIG_USB_LED_TRIG=y
CONFIG_USB_CONN_GPIO=y
CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
@@ -1035,7 +1037,6 @@ CONFIG_LEDS_LM36274=y
CONFIG_LEDS_AS3645A=y
CONFIG_LEDS_LM3601X=y
CONFIG_LEDS_SGM3140=y
CONFIG_LEDS_TRIGGERS=y
CONFIG_EDAC=y
CONFIG_EDAC_AMD64=y
CONFIG_EDAC_E752X=y
@@ -1234,6 +1235,34 @@ CONFIG_COMEDI_VMK80XX=y
CONFIG_COMEDI_8255_SA=y
CONFIG_STAGING=y
CONFIG_RTS5208=y
CONFIG_CHROME_PLATFORMS=y
CONFIG_CHROMEOS_ACPI=y
CONFIG_CHROMEOS_LAPTOP=y
CONFIG_CHROMEOS_PSTORE=y
CONFIG_CHROMEOS_TBMC=y
CONFIG_CROS_EC=y
CONFIG_CROS_EC_I2C=y
CONFIG_CROS_EC_ISHTP=y
CONFIG_CROS_EC_SPI=y
CONFIG_CROS_EC_UART=y
CONFIG_CROS_EC_LPC=y
CONFIG_CROS_KBD_LED_BACKLIGHT=y
CONFIG_CROS_HPS_I2C=y
CONFIG_WILCO_EC=y
CONFIG_SURFACE3_WMI=y
CONFIG_SURFACE_ACPI_NOTIFY=y
CONFIG_SURFACE_AGGREGATOR_CDEV=y
CONFIG_SURFACE_AGGREGATOR_HUB=y
CONFIG_SURFACE_AGGREGATOR_REGISTRY=y
CONFIG_SURFACE_AGGREGATOR_TABLET_SWITCH=y
CONFIG_SURFACE_DTX=y
CONFIG_SURFACE_GPE=y
CONFIG_SURFACE_HOTPLUG=y
CONFIG_SURFACE_PLATFORM_PROFILE=y
CONFIG_SURFACE_PRO3_BUTTON=y
CONFIG_SURFACE_AGGREGATOR=y
CONFIG_X86_PLATFORM_DRIVERS_DELL=y
CONFIG_USB4=y
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_SECURITY=y
@@ -1269,5 +1298,4 @@ CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_SELINUX=y
CONFIG_LSM="selinux"
CONFIG_CRC_T10DIF=y
# CONFIG_FTRACE is not set

2
board/shredos/version.txt
View File

@@ -1 +1 @@
2023.05_24.0_x86-64_0.34
2023.08.2_25.0_x86-64_0.35

21
board/stmicroelectronics/common/stm32f4xx/busybox.fragment Normal file
View File

@@ -0,0 +1,21 @@
# CONFIG_FEATURE_HWIB is not set
# CONFIG_HOSTNAME is not set
# CONFIG_DNSDOMAINNAME is not set
# CONFIG_FEATURE_HTTPD_PORT_DEFAULT is not set
# CONFIG_IFCONFIG is not set
# CONFIG_FEATURE_IFCONFIG_HW is not set
# CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS is not set
# CONFIG_IFUP is not set
# CONFIG_IFDOWN is not set
# CONFIG_IP is not set
# CONFIG_IPADDR is not set
# CONFIG_IPLINK is not set
# CONFIG_IPROUTE is not set
# CONFIG_NC is not set
# CONFIG_NETSTAT is not set
# CONFIG_PING is not set
# CONFIG_ROUTE is not set
# CONFIG_TC is not set
# CONFIG_TELNET is not set
# CONFIG_WGET is not set
# CONFIG_UDHCPC is not set

3
board/stmicroelectronics/common/stm32f4xx/stm32-post-build.sh
View File

@@ -1,4 +1,7 @@
#!/bin/sh
# Busybox is built without network support
sed -i '/hostname/d' ${TARGET_DIR}/etc/inittab
# Kernel is built without devpts support
sed -i '/^devpts/d' ${TARGET_DIR}/etc/fstab

1
board/versal/patches/arm-trusted-firmware/0001-feat-build-add-support-for-new-binutils-versions.patch Symbolic link
View File

@@ -0,0 +1 @@
../../../../boot/arm-trusted-firmware/v2.6/0001-feat-build-add-support-for-new-binutils-versions.patch

5
board/versal/post-build.sh
View File

@@ -3,9 +3,8 @@
# genimage will need to find the extlinux.conf
# in the binaries directory
BOARD_DIR="$(dirname $0)"
CONSOLE=$2
ROOT=$3
CONSOLE="$2"
ROOT="$3"
mkdir -p "${BINARIES_DIR}"
cat <<-__HEADER_EOF > "${BINARIES_DIR}/extlinux.conf"

14
board/versal/post-image.sh
View File

@@ -6,12 +6,12 @@
FIRST_DT=$(sed -nr \
-e 's|^BR2_LINUX_KERNEL_INTREE_DTS_NAME="(xilinx/)?([-_/[:alnum:]\\.]*).*"$|\2|p' \
${BR2_CONFIG})
"${BR2_CONFIG}")
[ -z "${FIRST_DT}" ] || ln -fs ${FIRST_DT}.dtb ${BINARIES_DIR}/system.dtb
[ -z "${FIRST_DT}" ] || ln -fs "${FIRST_DT}.dtb" "${BINARIES_DIR}/system.dtb"
BOARD_DIR="$(dirname $0)"
BOARD_NAME=$4
BOARD_DIR="$(dirname "$0")"
BOARD_NAME="$4"
mkdir -p "${BINARIES_DIR}"
cat <<-__HEADER_EOF > "${BINARIES_DIR}/bootgen.bif"
@@ -23,7 +23,7 @@ cat <<-__HEADER_EOF > "${BINARIES_DIR}/bootgen.bif"
{ core=psm, file=${BINARIES_DIR}/${BOARD_NAME}_psmfw.elf }
}
image {
id = 0x1c000000, name=apu_subsystem
id = 0x1c000000, name=apu_subsystem
{ type=raw, load=0x00001000, file=${BINARIES_DIR}/u-boot.dtb }
{ core=a72-0, exception_level=el-3, trustzone, file=${BINARIES_DIR}/bl31.elf }
{ core=a72-0, exception_level=el-2, file=${BINARIES_DIR}/u-boot.elf }
@@ -31,5 +31,5 @@ cat <<-__HEADER_EOF > "${BINARIES_DIR}/bootgen.bif"
}
__HEADER_EOF
${HOST_DIR}/bin/bootgen -arch versal -image ${BINARIES_DIR}/bootgen.bif -o ${BINARIES_DIR}/boot.bin -w on
support/scripts/genimage.sh -c ${BOARD_DIR}/genimage.cfg
"${HOST_DIR}/bin/bootgen" -arch versal -image "${BINARIES_DIR}/bootgen.bif" -o "${BINARIES_DIR}/boot.bin" -w on
support/scripts/genimage.sh -c "${BOARD_DIR}/genimage.cfg"

2
board/zynq/post-image.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
# By default U-Boot loads DTB from a file named "devicetree.dtb", so
# By default U-Boot loads DTB from a file named "system.dtb", so
# let's use a symlink with that name that points to the *first*
# devicetree listed in the config.

1
board/zynqmp/patches/arm-trusted-firmware/0001-feat-build-add-support-for-new-binutils-versions.patch Symbolic link
View File

@@ -0,0 +1 @@
../../../../boot/arm-trusted-firmware/v2.6/0001-feat-build-add-support-for-new-binutils-versions.patch

1
boot/Config.in
View File

@@ -12,7 +12,6 @@ source "boot/binaries-marvell/Config.in"
source "boot/boot-wrapper-aarch64/Config.in"
source "boot/edk2/Config.in"
source "boot/grub2/Config.in"
source "boot/lpc32xxcdl/Config.in"
source "boot/mv-ddr-marvell/Config.in"
source "boot/mxs-bootlets/Config.in"
source "boot/optee-os/Config.in"

59
boot/arm-trusted-firmware/v2.2/0001-PATCH-feat-build-add-support-for-new-binutils-versio.patch Normal file
View File

@@ -0,0 +1,59 @@
From 5e1beb793c06352e87c46eca1144ff1fe8555103 Mon Sep 17 00:00:00 2001
From: Heiko Thiery <heiko.thiery@gmail.com>
Date: Mon, 10 Jul 2023 10:43:03 +0200
Subject: [PATCH] [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 721246d51..5893cf422 100644
--- a/Makefile
+++ b/Makefile
@@ -297,11 +297,16 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
TF_LDFLAGS += --remove --info=unused,unusedsymbols
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
endif
TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
--
2.30.2

61
boot/arm-trusted-firmware/v2.3/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

61
boot/arm-trusted-firmware/v2.4/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

61
boot/arm-trusted-firmware/v2.5/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

61
boot/arm-trusted-firmware/v2.6/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

61
boot/arm-trusted-firmware/v2.7/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

61
boot/arm-trusted-firmware/v2.8/0001-feat-build-add-support-for-new-binutils-versions.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0f75b03c008eacb9818af3a56dc088e72a623d17 Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions
Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
---
Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1ddb7b844..470956b19 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,7 +444,10 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case
--
2.30.2

77
boot/arm-trusted-firmware/v2.8/0002-build-tools-avoid-unnecessary-link.patch Normal file
View File

@@ -0,0 +1,77 @@
From aa57ce632c629fe72ff417e261e0f5bfd8db6bab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
Date: Tue, 4 Jul 2023 16:14:02 +0200
Subject: [PATCH] build(tools): avoid unnecessary link
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In their respective makefiles, cert_create, encrypt_fw and fiptool
depend on the --openssl phony target as a prerequisite. This forces
those tools to be re-linked each time.
Move the dependencies on the --openssl target from the tools to their
makefiles all targets, to avoid unnecessary linking while preserving the
OpenSSL version printing done in the --openssl targets when in debug.
Fixes: cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x compatibility")
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Change-Id: I98a3ab30f36dffc253cecaaf3a57d2712522135d
Upstream: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=aa57ce632c629fe72ff417e261e0f5bfd8db6bab
---
tools/cert_create/Makefile | 4 ++--
tools/encrypt_fw/Makefile | 4 ++--
tools/fiptool/Makefile | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 042e844626..b911d19d2b 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -85,9 +85,9 @@ HOSTCC ?= gcc
.PHONY: all clean realclean --openssl
-all: ${BINARY}
+all: --openssl ${BINARY}
-${BINARY}: --openssl ${OBJECTS} Makefile
+${BINARY}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
const char platform_msg[] = "${PLAT_MSG}";' | \
diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
index 2939b142be..924e5febab 100644
--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
@@ -65,9 +65,9 @@ HOSTCC ?= gcc
.PHONY: all clean realclean --openssl
-all: ${BINARY}
+all: --openssl ${BINARY}
-${BINARY}: --openssl ${OBJECTS} Makefile
+${BINARY}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__;' | \
${HOSTCC} -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 2ebee33931..4bdebd9235 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -68,9 +68,9 @@ DEPS := $(patsubst %.o,%.d,$(OBJECTS))
.PHONY: all clean distclean --openssl
-all: ${PROJECT}
+all: --openssl ${PROJECT}
-${PROJECT}: --openssl ${OBJECTS} Makefile
+${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
${Q}${HOSTCC} ${OBJECTS} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
--
2.25.1

77
boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch Normal file
View File

@@ -0,0 +1,77 @@
From aa57ce632c629fe72ff417e261e0f5bfd8db6bab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
Date: Tue, 4 Jul 2023 16:14:02 +0200
Subject: [PATCH] build(tools): avoid unnecessary link
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In their respective makefiles, cert_create, encrypt_fw and fiptool
depend on the --openssl phony target as a prerequisite. This forces
those tools to be re-linked each time.
Move the dependencies on the --openssl target from the tools to their
makefiles all targets, to avoid unnecessary linking while preserving the
OpenSSL version printing done in the --openssl targets when in debug.
Fixes: cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x compatibility")
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Change-Id: I98a3ab30f36dffc253cecaaf3a57d2712522135d
Upstream: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=aa57ce632c629fe72ff417e261e0f5bfd8db6bab
---
tools/cert_create/Makefile | 4 ++--
tools/encrypt_fw/Makefile | 4 ++--
tools/fiptool/Makefile | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 042e844626..b911d19d2b 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -85,9 +85,9 @@ HOSTCC ?= gcc
.PHONY: all clean realclean --openssl
-all: ${BINARY}
+all: --openssl ${BINARY}
-${BINARY}: --openssl ${OBJECTS} Makefile
+${BINARY}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
const char platform_msg[] = "${PLAT_MSG}";' | \
diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
index 2939b142be..924e5febab 100644
--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
@@ -65,9 +65,9 @@ HOSTCC ?= gcc
.PHONY: all clean realclean --openssl
-all: ${BINARY}
+all: --openssl ${BINARY}
-${BINARY}: --openssl ${OBJECTS} Makefile
+${BINARY}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__;' | \
${HOSTCC} -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 2ebee33931..4bdebd9235 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -68,9 +68,9 @@ DEPS := $(patsubst %.o,%.d,$(OBJECTS))
.PHONY: all clean distclean --openssl
-all: ${PROJECT}
+all: --openssl ${PROJECT}
-${PROJECT}: --openssl ${OBJECTS} Makefile
+${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
${Q}${HOSTCC} ${OBJECTS} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
--
2.25.1

8
boot/at91bootstrap/at91bootstrap.mk
View File

@@ -32,8 +32,14 @@ endef
AT91BOOTSTRAP_POST_PATCH_HOOKS += AT91BOOTSTRAP_APPLY_CUSTOM_PATCHES
endif
# The at91bootstrap Makefile doesn't support customizing
# CFLAGS/LDFLAGS, so we cheat and pass our custom flags through CC and
# LD.
define AT91BOOTSTRAP_BUILD_CMDS
$(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) -C $(@D)/$(AT91BOOTSTRAP_MAKE_SUBDIR)
$(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) \
CC="$(TARGET_CC) -fno-stack-protector" \
LD="$(TARGET_CC) -fno-PIE" \
-C $(@D)/$(AT91BOOTSTRAP_MAKE_SUBDIR)
endef
define AT91BOOTSTRAP_INSTALL_IMAGES_CMDS

7
boot/at91dataflashboot/at91dataflashboot.mk
View File

@@ -11,9 +11,14 @@ AT91DATAFLASHBOOT_SITE = ftp://www.at91.com/pub/buildroot
AT91DATAFLASHBOOT_INSTALL_TARGET = NO
AT91DATAFLASHBOOT_INSTALL_IMAGES = YES
AT91DATAFLASHBOOT_CFLAGS = $(TARGET_CFLAGS) -fno-stack-protector
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
AT91DATAFLASHBOOT_CFLAGS += -marm
endif
define AT91DATAFLASHBOOT_BUILD_CMDS
make -C $(@D) CROSS_COMPILE=$(TARGET_CROSS) \
CFLAGS="$(TARGET_CFLAGS) -fno-stack-protector"
CFLAGS="$(AT91DATAFLASHBOOT_CFLAGS)"
endef
define AT91DATAFLASHBOOT_INSTALL_IMAGES_CMDS

12
boot/barebox/Config.in
View File

@@ -54,6 +54,18 @@ config BR2_TARGET_BAREBOX_CUSTOM_PATCH_DIR
Most users may leave this empty
config BR2_TARGET_BAREBOX_NEEDS_OPENSSL
bool "Barebox needs OpenSSL"
help
Select this option if your Barebox board configuration
requires OpenSSL to be available on the host.
config BR2_TARGET_BAREBOX_NEEDS_LIBUSB
bool "Barebox needs LibUSB"
help
Select this option if your Barebox board configuration
requires libUSB to be available on the host.
if BR2_TARGET_BAREBOX_CUSTOM_GIT
config BR2_TARGET_BAREBOX_CUSTOM_GIT_REPO_URL

14
boot/barebox/barebox.mk
View File

@@ -43,6 +43,14 @@ ifeq ($(BR2_TARGET_BAREBOX_LATEST_VERSION),y)
$(1)_LICENSE_FILES = COPYING
endif
ifeq ($(BR2_TARGET_BAREBOX_NEEDS_OPENSSL),y)
BAREBOX_DEPENDENCIES += host-openssl host-pkgconf
endif
ifeq ($(BR2_TARGET_BAREBOX_NEEDS_LIBUSB),y)
BAREBOX_DEPENDENCIES += host-libusb host-pkgconf
endif
$(1)_CUSTOM_EMBEDDED_ENV_PATH = $$(call qstrip,$$(BR2_TARGET_$(1)_CUSTOM_EMBEDDED_ENV_PATH))
ifneq ($$(call qstrip,$$(BR2_TARGET_BAREBOX_CUSTOM_PATCH_DIR)),)
@@ -73,6 +81,12 @@ endif
$(1)_MAKE_FLAGS = ARCH=$$($(1)_ARCH) CROSS_COMPILE="$$(TARGET_CROSS)"
$(1)_MAKE_ENV = $$(TARGET_MAKE_ENV)
$(1)_MAKE_ENV += \
PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \
PKG_CONFIG_SYSROOT_DIR="/" \
PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 \
PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 \
PKG_CONFIG_LIBDIR="$(HOST_DIR)/lib/pkgconfig:$(HOST_DIR)/share/pkgconfig"
ifeq ($$(BR2_REPRODUCIBLE),y)
$(1)_MAKE_ENV += \

15
boot/edk2/Config.in
View File

@@ -108,6 +108,21 @@ comment "QEMU SBSA depends on ATF not using EDK2 as BL33"
endchoice
config BR2_TARGET_EDK2_OVMF_DEBUG_ON_SERIAL
bool "OVMF Debug on Serial"
depends on BR2_ENABLE_DEBUG
depends on BR2_TARGET_EDK2_PLATFORM_OVMF_I386 || \
BR2_TARGET_EDK2_PLATFORM_OVMF_X64
help
When EDK2 OVMF is built with debug, messages are printed to
IO port 0x402. Those messages are not shown in the normal
Qemu emulated serial port. Enabling this option will print
debug messages on the emulated serial port, potentially
mixing messages with UEFI serial console output.
See OVMF README:
https://github.com/tianocore/edk2/blob/master/OvmfPkg/README
config BR2_TARGET_EDK2_FD_NAME
string
default "OVMF" if BR2_TARGET_EDK2_PLATFORM_OVMF_I386

2
boot/edk2/edk2.hash
View File

@@ -1,3 +1,3 @@
# Locally calculated
sha256 c10520f269557d566e35fe8104141aa2865f9085ad2b3a30aae8a7e78a3ca5aa edk2-edk2-stable202208-br1.tar.gz
sha256 ca55351913e6258ebd8c08106f369ac71073d9cfaa80427fc5f131b06d808940 edk2-edk2-stable202305-br1.tar.gz
sha256 50ce20c9cfdb0e19ee34fe0a51fc0afe961f743697b068359ab2f862b494df80 License.txt

9
boot/edk2/edk2.mk
View File

@@ -4,7 +4,7 @@
#
################################################################################
EDK2_VERSION = edk2-stable202208
EDK2_VERSION = edk2-stable202305
EDK2_SITE = https://github.com/tianocore/edk2
EDK2_SITE_METHOD = git
EDK2_LICENSE = BSD-2-Clause-Patent
@@ -16,8 +16,15 @@ EDK2_INSTALL_IMAGES = YES
ifeq ($(BR2_ENABLE_DEBUG),y)
EDK2_BUILD_TYPE = DEBUG
ifeq ($(BR2_TARGET_EDK2_OVMF_DEBUG_ON_SERIAL),y)
# DEBUG_ON_SERIAL_PORT is only tested to be set, so don't disable it, as
# it would still be set.
EDK2_BUILD_OPTS += -DDEBUG_ON_SERIAL_PORT
endif
else
EDK2_BUILD_TYPE = RELEASE
# DEBUG_ON_SERIAL_PORT is only valid in debug builds, so useless to set
# it (enabled or disabled) on a relase build.
endif
# Build system notes.

6
boot/grub2/0002-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
View File

@@ -1,4 +1,4 @@
From 8418defaf0902bdd8af188221ae54c5a3d6ad05d Mon Sep 17 00:00:00 2001
From 4c1ad500e73d46c83dec369da85db39ae2fe62dd Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 3 Dec 2021 16:13:28 +0800
Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
@@ -17,7 +17,7 @@ Fixes: CVE-2021-3981
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
[Upstream: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0adec29674561034771c13e446069b41ef41e4d4]
Upstream: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0adec29674561034771c13e446069b41ef41e4d4
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
util/grub-mkconfig.in | 3 +++
@@ -39,5 +39,5 @@ index f8cbb8d7a..84f356ea4 100644
fi
fi
--
2.37.2
2.41.0

126
boot/grub2/0003-loader-efi-chainloader-Simplify-the-loader-state.patch Normal file
View File

@@ -0,0 +1,126 @@
From dfdc742bdb22be468035f96cce0be5fee23b6df5 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Tue, 5 Apr 2022 10:02:04 +0100
Subject: [PATCH] loader/efi/chainloader: Simplify the loader state
The chainloader command retains the source buffer and device path passed
to LoadImage(), requiring the unload hook passed to grub_loader_set() to
free them. It isn't required to retain this state though - they aren't
required by StartImage() or anything else in the boot hook, so clean them
up before grub_cmd_chainloader() finishes.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 1469983ebb9674753ad333d37087fb8cb20e1dce
[Thomas: needed to cherry-pick
04c86e0bb7b58fc2f913f798cdb18934933e532d which fixes CVE-2022-28736]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++-------------
1 file changed, 21 insertions(+), 17 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 2bd80f4db..d1602c89b 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
-static grub_efi_physical_address_t address;
-static grub_efi_uintn_t pages;
-static grub_efi_device_path_t *file_path;
static grub_efi_handle_t image_handle;
-static grub_efi_char16_t *cmdline;
static grub_err_t
grub_chainloader_unload (void)
{
+ grub_efi_loaded_image_t *loaded_image;
grub_efi_boot_services_t *b;
+ loaded_image = grub_efi_get_loaded_image (image_handle);
+ if (loaded_image != NULL)
+ grub_free (loaded_image->load_options);
+
b = grub_efi_system_table->boot_services;
efi_call_1 (b->unload_image, image_handle);
- efi_call_2 (b->free_pages, address, pages);
-
- grub_free (file_path);
- grub_free (cmdline);
- cmdline = 0;
- file_path = 0;
grub_dl_unref (my_mod);
return GRUB_ERR_NONE;
@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
char *dir_start;
char *dir_end;
grub_size_t size;
- grub_efi_device_path_t *d;
+ grub_efi_device_path_t *d, *file_path;
dir_start = grub_strchr (filename, ')');
if (! dir_start)
@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_status_t status;
grub_efi_boot_services_t *b;
grub_device_t dev = 0;
- grub_efi_device_path_t *dp = 0;
+ grub_efi_device_path_t *dp = NULL, *file_path = NULL;
grub_efi_loaded_image_t *loaded_image;
char *filename;
void *boot_image = 0;
grub_efi_handle_t dev_handle = 0;
+ grub_efi_physical_address_t address = 0;
+ grub_efi_uintn_t pages = 0;
+ grub_efi_char16_t *cmdline = NULL;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_dl_ref (my_mod);
- /* Initialize some global variables. */
- address = 0;
- image_handle = 0;
- file_path = 0;
-
b = grub_efi_system_table->boot_services;
file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_file_close (file);
grub_device_close (dev);
+ /* We're finished with the source image buffer and file path now. */
+ efi_call_2 (b->free_pages, address, pages);
+ grub_free (file_path);
+
grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
return 0;
@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
if (file)
grub_file_close (file);
+ grub_free (cmdline);
grub_free (file_path);
if (address)
efi_call_2 (b->free_pages, address, pages);
+ if (image_handle != NULL)
+ {
+ efi_call_1 (b->unload_image, image_handle);
+ image_handle = NULL;
+ }
+
grub_dl_unref (my_mod);
return grub_errno;
--
2.41.0

165
boot/grub2/0004-commands-boot-Add-API-to-pass-context-to-loader.patch Normal file
View File

@@ -0,0 +1,165 @@
From 8b6336696d93b51703c2015eff3e2d8a02145e43 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Tue, 5 Apr 2022 10:58:28 +0100
Subject: [PATCH] commands/boot: Add API to pass context to loader
Loaders rely on global variables for saving context which is consumed
in the boot hook and freed in the unload hook. In the case where a loader
command is executed twice, calling grub_loader_set() a second time executes
the unload hook, but in some cases this runs when the loader's global
context has already been updated, resulting in the updated context being
freed and potential use-after-free bugs when the boot hook is subsequently
called.
This adds a new API, grub_loader_set_ex(), which allows a loader to specify
context that is passed to its boot and unload hooks. This is an alternative
to requiring that loaders call grub_loader_unset() before mutating their
global context.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 14ceb3b3ff6db664649138442b6562c114dcf56e
[Thomas: needed to backport 04c86e0bb7b58fc2f913f798cdb18934933e532d,
which fixes CVE-2022-28736]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++-----
include/grub/loader.h | 5 +++
2 files changed, 63 insertions(+), 8 deletions(-)
diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
index bbca81e94..61514788e 100644
--- a/grub-core/commands/boot.c
+++ b/grub-core/commands/boot.c
@@ -27,10 +27,20 @@
GRUB_MOD_LICENSE ("GPLv3+");
-static grub_err_t (*grub_loader_boot_func) (void);
-static grub_err_t (*grub_loader_unload_func) (void);
+static grub_err_t (*grub_loader_boot_func) (void *context);
+static grub_err_t (*grub_loader_unload_func) (void *context);
+static void *grub_loader_context;
static int grub_loader_flags;
+struct grub_simple_loader_hooks
+{
+ grub_err_t (*boot) (void);
+ grub_err_t (*unload) (void);
+};
+
+/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
+static struct grub_simple_loader_hooks simple_loader_hooks;
+
struct grub_preboot
{
grub_err_t (*preboot_func) (int);
@@ -44,6 +54,29 @@ static int grub_loader_loaded;
static struct grub_preboot *preboots_head = 0,
*preboots_tail = 0;
+static grub_err_t
+grub_simple_boot_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+ return hooks->boot ();
+}
+
+static grub_err_t
+grub_simple_unload_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+ grub_err_t ret;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+
+ ret = hooks->unload ();
+ grub_memset (hooks, 0, sizeof (*hooks));
+
+ return ret;
+}
+
int
grub_loader_is_loaded (void)
{
@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
}
void
-grub_loader_set (grub_err_t (*boot) (void),
- grub_err_t (*unload) (void),
- int flags)
+grub_loader_set_ex (grub_err_t (*boot) (void *context),
+ grub_err_t (*unload) (void *context),
+ void *context,
+ int flags)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = boot;
grub_loader_unload_func = unload;
+ grub_loader_context = context;
grub_loader_flags = flags;
grub_loader_loaded = 1;
}
+void
+grub_loader_set (grub_err_t (*boot) (void),
+ grub_err_t (*unload) (void),
+ int flags)
+{
+ grub_loader_set_ex (grub_simple_boot_hook,
+ grub_simple_unload_hook,
+ &simple_loader_hooks,
+ flags);
+
+ simple_loader_hooks.boot = boot;
+ simple_loader_hooks.unload = unload;
+}
+
void
grub_loader_unset(void)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = 0;
grub_loader_unload_func = 0;
+ grub_loader_context = 0;
grub_loader_loaded = 0;
}
@@ -158,7 +208,7 @@ grub_loader_boot (void)
return err;
}
}
- err = (grub_loader_boot_func) ();
+ err = (grub_loader_boot_func) (grub_loader_context);
for (cur = preboots_tail; cur; cur = cur->prev)
if (! err)
diff --git a/include/grub/loader.h b/include/grub/loader.h
index b20864282..97f231054 100644
--- a/include/grub/loader.h
+++ b/include/grub/loader.h
@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
grub_err_t (*unload) (void),
int flags);
+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context),
+ grub_err_t (*unload) (void *context),
+ void *context,
+ int flags);
+
/* Unset current loader, if any. */
void EXPORT_FUNC (grub_loader_unset) (void);
--
2.41.0

80
boot/grub2/0005-loader-efi-chainloader-Use-grub_loader_set_ex.patch Normal file
View File

@@ -0,0 +1,80 @@
From 583fca49f413e00fe26f8ae7abe0837bbc574f79 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Tue, 5 Apr 2022 11:48:58 +0100
Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex()
This ports the EFI chainloader to use grub_loader_set_ex() in order to fix
a use-after-free bug that occurs when grub_cmd_chainloader() is executed
more than once before a boot attempt is performed.
Fixes: CVE-2022-28736
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 04c86e0bb7b58fc2f913f798cdb18934933e532d
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/loader/efi/chainloader.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index d1602c89b..7557eb269 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
-static grub_efi_handle_t image_handle;
-
static grub_err_t
-grub_chainloader_unload (void)
+grub_chainloader_unload (void *context)
{
+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
grub_efi_loaded_image_t *loaded_image;
grub_efi_boot_services_t *b;
@@ -64,8 +63,9 @@ grub_chainloader_unload (void)
}
static grub_err_t
-grub_chainloader_boot (void)
+grub_chainloader_boot (void *context)
{
+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
grub_efi_boot_services_t *b;
grub_efi_status_t status;
grub_efi_uintn_t exit_data_size;
@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_physical_address_t address = 0;
grub_efi_uintn_t pages = 0;
grub_efi_char16_t *cmdline = NULL;
+ grub_efi_handle_t image_handle = NULL;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
efi_call_2 (b->free_pages, address, pages);
grub_free (file_path);
- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0);
return 0;
fail:
@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
efi_call_2 (b->free_pages, address, pages);
if (image_handle != NULL)
- {
- efi_call_1 (b->unload_image, image_handle);
- image_handle = NULL;
- }
+ efi_call_1 (b->unload_image, image_handle);
grub_dl_unref (my_mod);
--
2.41.0

105
boot/grub2/0006-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch Normal file
View File

@@ -0,0 +1,105 @@
From 1e1b1271b7a7c6ac20a4c5f8e0dc29614b4975d1 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Thu, 2 Dec 2021 15:03:53 +0100
Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock
verifier
We must not allow other verifiers to pass things like the GRUB modules.
Instead of maintaining a blocklist, maintain an allowlist of things
that we do not care about.
This allowlist really should be made reusable, and shared by the
lockdown verifier, but this is the minimal patch addressing
security concerns where the TPM verifier was able to mark modules
as verified (or the OpenPGP verifier for that matter), when it
should not do so on shim-powered secure boot systems.
Fixes: CVE-2022-28735
Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 6fe755c5c07bb386fda58306bfd19e4a1c974c53
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++---
include/grub/verify.h | 1 +
2 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index c52ec6226..89c4bb3fd 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
void **context __attribute__ ((unused)),
enum grub_verify_flags *flags)
{
- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ *flags = GRUB_VERIFY_FLAGS_NONE;
switch (type & GRUB_FILE_TYPE_MASK)
{
+ /* Files we check. */
case GRUB_FILE_TYPE_LINUX_KERNEL:
case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
case GRUB_FILE_TYPE_BSD_KERNEL:
@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
case GRUB_FILE_TYPE_PLAN9_KERNEL:
case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
*flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+ return GRUB_ERR_NONE;
- /* Fall through. */
+ /* Files that do not affect secureboot state. */
+ case GRUB_FILE_TYPE_NONE:
+ case GRUB_FILE_TYPE_LOOPBACK:
+ case GRUB_FILE_TYPE_LINUX_INITRD:
+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
+ case GRUB_FILE_TYPE_XNU_RAMDISK:
+ case GRUB_FILE_TYPE_SIGNATURE:
+ case GRUB_FILE_TYPE_PUBLIC_KEY:
+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
+ case GRUB_FILE_TYPE_TESTLOAD:
+ case GRUB_FILE_TYPE_GET_SIZE:
+ case GRUB_FILE_TYPE_FONT:
+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
+ case GRUB_FILE_TYPE_CAT:
+ case GRUB_FILE_TYPE_HEXCAT:
+ case GRUB_FILE_TYPE_CMP:
+ case GRUB_FILE_TYPE_HASHLIST:
+ case GRUB_FILE_TYPE_TO_HASH:
+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
+ case GRUB_FILE_TYPE_PIXMAP:
+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
+ case GRUB_FILE_TYPE_CONFIG:
+ case GRUB_FILE_TYPE_THEME:
+ case GRUB_FILE_TYPE_GETTEXT_CATALOG:
+ case GRUB_FILE_TYPE_FS_SEARCH:
+ case GRUB_FILE_TYPE_LOADENV:
+ case GRUB_FILE_TYPE_SAVEENV:
+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ return GRUB_ERR_NONE;
+ /* Other files. */
default:
- return GRUB_ERR_NONE;
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
}
}
diff --git a/include/grub/verify.h b/include/grub/verify.h
index cd129c398..672ae1692 100644
--- a/include/grub/verify.h
+++ b/include/grub/verify.h
@@ -24,6 +24,7 @@
enum grub_verify_flags
{
+ GRUB_VERIFY_FLAGS_NONE = 0,
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
/* Defer verification to another authority. */
--
2.41.0

689
boot/grub2/0007-video-Remove-trailing-whitespaces.patch Normal file
View File

@@ -0,0 +1,689 @@
From 1faa412c502c7c4ca1230fc152be30b88847fdd2 Mon Sep 17 00:00:00 2001
From: Elyes Haouas <ehaouas@noos.fr>
Date: Fri, 4 Mar 2022 07:42:13 +0100
Subject: [PATCH] video: Remove trailing whitespaces
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 1f48917d8ddb490dcdc70176e0f58136b7f7811a
[Thomas: needed to backport patches fixing CVEs in the video code]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/video/bochs.c | 2 +-
grub-core/video/capture.c | 2 +-
grub-core/video/cirrus.c | 4 ++--
grub-core/video/coreboot/cbfb.c | 2 +-
grub-core/video/efi_gop.c | 22 +++++++++----------
grub-core/video/fb/fbblit.c | 8 +++----
grub-core/video/fb/video_fb.c | 10 ++++-----
grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++---------------
grub-core/video/i386/pc/vga.c | 6 ++---
grub-core/video/ieee1275.c | 4 ++--
grub-core/video/radeon_fuloong2e.c | 6 ++---
grub-core/video/radeon_yeeloong3a.c | 6 ++---
grub-core/video/readers/png.c | 2 +-
grub-core/video/readers/tga.c | 2 +-
grub-core/video/sis315_init.c | 2 +-
grub-core/video/sis315pro.c | 8 +++----
grub-core/video/sm712.c | 10 ++++-----
grub-core/video/video.c | 8 +++----
18 files changed, 69 insertions(+), 69 deletions(-)
diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c
index 30ea1bd82..edc651697 100644
--- a/grub-core/video/bochs.c
+++ b/grub-core/video/bochs.c
@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234)
return 0;
-
+
addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK;
if (!framebuffer.base)
diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
index 4d3195e01..c653d89f9 100644
--- a/grub-core/video/capture.c
+++ b/grub-core/video/capture.c
@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
if (!framebuffer.ptr)
return grub_errno;
-
+
err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target,
&framebuffer.mode_info,
framebuffer.ptr);
diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c
index e2149e8ce..f5542ccdc 100644
--- a/grub-core/video/cirrus.c
+++ b/grub-core/video/cirrus.c
@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height,
grub_uint8_t sr_ext = 0, hidden_dac = 0;
grub_vga_set_geometry (&config, grub_vga_cr_write);
-
+
grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1,
GRUB_VGA_GR_MODE);
grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6);
-
+
grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE);
grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT)
diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c
index 9af81fa5b..986003c51 100644
--- a/grub-core/video/coreboot/cbfb.c
+++ b/grub-core/video/coreboot/cbfb.c
@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height,
grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
grub_video_fbstd_colors);
-
+
return err;
}
diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
index b7590dc6c..7a5054631 100644
--- a/grub-core/video/efi_gop.c
+++ b/grub-core/video/efi_gop.c
@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
grub_efi_status_t status;
struct grub_efi_gop_mode_info *info = NULL;
struct grub_video_mode_info mode_info;
-
+
status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
if (status)
@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
found = 1;
}
}
-
+
if (!found)
{
unsigned mode;
@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
{
grub_efi_uintn_t size;
grub_efi_status_t status;
-
+
status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
if (status)
{
@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
framebuffer.offscreen
= grub_malloc (framebuffer.mode_info.height
- * framebuffer.mode_info.width
+ * framebuffer.mode_info.width
* sizeof (struct grub_efi_gop_blt_pixel));
buffer = framebuffer.offscreen;
-
+
if (!buffer)
{
grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
&framebuffer.mode_info);
buffer = framebuffer.ptr;
}
-
+
grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n",
framebuffer.ptr, framebuffer.mode_info.width,
framebuffer.mode_info.height, framebuffer.mode_info.bpp);
-
+
err = grub_video_fb_create_render_target_from_pointer
(&framebuffer.render_target, &framebuffer.mode_info, buffer);
@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
grub_dprintf ("video", "GOP: Couldn't create FB target\n");
return err;
}
-
+
err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-
+
if (err)
{
grub_dprintf ("video", "GOP: Couldn't set FB target\n");
return err;
}
-
+
err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
grub_video_fbstd_colors);
@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
grub_dprintf ("video", "GOP: Couldn't set palette\n");
else
grub_dprintf ("video", "GOP: Success\n");
-
+
return err;
}
diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c
index d55924837..1010ef393 100644
--- a/grub-core/video/fb/fbblit.c
+++ b/grub-core/video/fb/fbblit.c
@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
for (i = 0; i < width; i++)
{
register grub_uint32_t col;
- if (*srcptr == 0xf0)
+ if (*srcptr == 0xf0)
col = palette[16];
else
col = palette[*srcptr & 0xf];
@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
*dstptr++ = col >> 0;
*dstptr++ = col >> 8;
*dstptr++ = col >> 16;
-#endif
+#endif
srcptr++;
}
@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
for (i = 0; i < width; i++)
{
register grub_uint32_t col;
- if (*srcptr != 0xf0)
+ if (*srcptr != 0xf0)
{
col = palette[*srcptr & 0xf];
#ifdef GRUB_CPU_WORDS_BIGENDIAN
@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
*dstptr++ = col >> 0;
*dstptr++ = col >> 8;
*dstptr++ = col >> 16;
-#endif
+#endif
}
else
dstptr += 3;
diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
index ae6b89f9a..fa4ebde26 100644
--- a/grub-core/video/fb/video_fb.c
+++ b/grub-core/video/fb/video_fb.c
@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source,
*alpha = 0;
return;
}
-
+
/* If we have an out-of-bounds color, return transparent black. */
if (color > 255)
{
@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
/* If everything is aligned on 32-bit use 32-bit copy. */
if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
% sizeof (grub_uint32_t) == 0
- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y)
+ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y)
% sizeof (grub_uint32_t) == 0
&& linelen % sizeof (grub_uint32_t) == 0
&& linedelta % sizeof (grub_uint32_t) == 0)
@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
% sizeof (grub_uint16_t) == 0
&& (grub_addr_t) grub_video_fb_get_video_ptr (&target,
- dst_x, dst_y)
+ dst_x, dst_y)
% sizeof (grub_uint16_t) == 0
&& linelen % sizeof (grub_uint16_t) == 0
&& linedelta % sizeof (grub_uint16_t) == 0)
@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
{
grub_uint8_t *src, *dst;
DO_SCROLL
- }
+ }
}
/* 4. Fill empty space with specified color. In this implementation
@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask,
framebuffer.render_target = framebuffer.back_target;
return GRUB_ERR_NONE;
}
-
+
mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
| GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c
index b7f911926..0e65b5206 100644
--- a/grub-core/video/i386/pc/vbe.c
+++ b/grub-core/video/i386/pc/vbe.c
@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr)
}
/* Call VESA BIOS 0x4f09 to set palette data, return status. */
-static grub_vbe_status_t
+static grub_vbe_status_t
grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
grub_uint32_t start_index,
struct grub_vbe_palette_data *palette_data)
@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
}
/* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
{
struct grub_bios_int_registers regs;
@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
}
/* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_get_mode_info (grub_uint32_t mode,
struct grub_vbe_mode_info_block *mode_info)
{
@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode,
}
/* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_get_mode (grub_uint32_t *mode)
{
struct grub_bios_int_registers regs;
@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode)
return regs.eax & 0xffff;
}
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size)
{
struct grub_bios_int_registers regs;
@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window,
}
/* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_set_scanline_length (grub_uint32_t length)
{
struct grub_bios_int_registers regs;
@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length)
regs.ecx = length;
regs.eax = 0x4f06;
/* BL = 2, Set Scan Line in Bytes. */
- regs.ebx = 0x0002;
+ regs.ebx = 0x0002;
regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
grub_bios_interrupt (0x10, &regs);
return regs.eax & 0xffff;
}
/* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
{
struct grub_bios_int_registers regs;
@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
}
/* Call VESA BIOS 0x4f07 to set display start, return status. */
-static grub_vbe_status_t
+static grub_vbe_status_t
grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
{
struct grub_bios_int_registers regs;
@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
regs.edx = y;
regs.eax = 0x4f07;
/* BL = 80h, Set Display Start during Vertical Retrace. */
- regs.ebx = 0x0080;
+ regs.ebx = 0x0080;
regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
grub_bios_interrupt (0x10, &regs);
@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
}
/* Call VESA BIOS 0x4f07 to get display start, return status. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_get_display_start (grub_uint32_t *x,
grub_uint32_t *y)
{
@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x,
}
/* Call VESA BIOS 0x4f0a. */
-grub_vbe_status_t
+grub_vbe_status_t
grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset,
grub_uint16_t *length)
{
@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode,
case GRUB_VBE_MEMORY_MODEL_YUV:
mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV;
break;
-
+
case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR:
mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB;
break;
@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode,
break;
case 8:
mode_info->bytes_per_pixel = 1;
- break;
+ break;
case 4:
mode_info->bytes_per_pixel = 0;
- break;
+ break;
}
if (controller_info.version >= 0x300)
@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
static grub_err_t
grub_video_vbe_setup (unsigned int width, unsigned int height,
- grub_video_mode_type_t mode_type,
+ grub_video_mode_type_t mode_type,
grub_video_mode_type_t mode_mask)
{
grub_uint16_t *p;
@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void)
controller_info.version & 0xFF,
controller_info.oem_software_rev >> 8,
controller_info.oem_software_rev & 0xFF);
-
+
/* The total_memory field is in 64 KiB units. */
grub_printf_ (N_(" total memory: %d KiB\n"),
(controller_info.total_memory << 6));
diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
index b2f776c99..50d0b5e02 100644
--- a/grub-core/video/i386/pc/vga.c
+++ b/grub-core/video/i386/pc/vga.c
@@ -48,7 +48,7 @@ static struct
int back_page;
} framebuffer;
-static unsigned char
+static unsigned char
grub_vga_set_mode (unsigned char mode)
{
struct grub_bios_int_registers regs;
@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
is_target = 1;
err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-
+
if (err)
return err;
-
+
err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
grub_video_fbstd_colors);
diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c
index 17a3dbbb5..f8cf94d96 100644
--- a/grub-core/video/ieee1275.c
+++ b/grub-core/video/ieee1275.c
@@ -234,7 +234,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
/* TODO. */
return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height);
}
-
+
err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info);
if (err)
{
@@ -261,7 +261,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors,
grub_video_fbstd_colors);
-
+
return err;
}
diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c
index b4da34b5e..40917acb7 100644
--- a/grub-core/video/radeon_fuloong2e.c
+++ b/grub-core/video/radeon_fuloong2e.c
@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
|| pciid != 0x515a1002)
return 0;
-
+
*found = 1;
addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
framebuffer.mapped = 1;
/* Prevent garbage from appearing on the screen. */
- grub_memset (framebuffer.ptr, 0x55,
+ grub_memset (framebuffer.ptr, 0x55,
framebuffer.mode_info.height * framebuffer.mode_info.pitch);
#ifndef TEST
@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
return err;
err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-
+
if (err)
return err;
diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c
index 52614feb6..48631c181 100644
--- a/grub-core/video/radeon_yeeloong3a.c
+++ b/grub-core/video/radeon_yeeloong3a.c
@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
|| pciid != 0x96151002)
return 0;
-
+
*found = 1;
addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
#endif
/* Prevent garbage from appearing on the screen. */
- grub_memset (framebuffer.ptr, 0,
+ grub_memset (framebuffer.ptr, 0,
framebuffer.mode_info.height * framebuffer.mode_info.pitch);
#ifndef TEST
@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
return err;
err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-
+
if (err)
return err;
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 0157ff742..54dfedf43 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data)
}
return;
}
-
+
if (data->is_gray)
{
switch (data->bpp)
diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c
index 7cb9d1d2a..a9ec3a1b6 100644
--- a/grub-core/video/readers/tga.c
+++ b/grub-core/video/readers/tga.c
@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data)
if (len > sizeof (data->palette))
len = sizeof (data->palette);
-
+
if (grub_file_read (data->file, &data->palette, len)
!= (grub_ssize_t) len)
return grub_errno;
diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c
index ae5c1419c..09c3c7bbe 100644
--- a/grub-core/video/sis315_init.c
+++ b/grub-core/video/sis315_init.c
@@ -1,4 +1,4 @@
-static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] =
+static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] =
{
{ 0x28, 0x81 },
{ 0x2a, 0x00 },
diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c
index 22a0c85a6..4d2f9999a 100644
--- a/grub-core/video/sis315pro.c
+++ b/grub-core/video/sis315pro.c
@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
|| pciid != GRUB_SIS315PRO_PCIID)
return 0;
-
+
*found = 1;
addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
#ifndef TEST
/* Prevent garbage from appearing on the screen. */
- grub_memset (framebuffer.ptr, 0,
+ grub_memset (framebuffer.ptr, 0,
framebuffer.mode_info.height * framebuffer.mode_info.pitch);
grub_arch_sync_dma_caches (framebuffer.ptr,
framebuffer.mode_info.height
@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
| GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
| GRUB_VGA_IO_MISC_28MHZ
| GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS
- | GRUB_VGA_IO_MISC_COLOR,
+ | GRUB_VGA_IO_MISC_COLOR,
GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE);
grub_vga_sr_write (0x86, 5);
@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
{
if (read_sis_cmd (0x5) != 0xa1)
write_sis_cmd (0x86, 0x5);
-
+
write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20);
write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e);
diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c
index 10c46eb65..65f59f84b 100644
--- a/grub-core/video/sm712.c
+++ b/grub-core/video/sm712.c
@@ -167,7 +167,7 @@ enum
GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46,
GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47,
GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48,
- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,
+ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,
GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a,
GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b,
GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c,
@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
|| pciid != GRUB_SM712_PCIID)
return 0;
-
+
*found = 1;
addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
#if !defined (TEST) && !defined(GENINIT)
/* Prevent garbage from appearing on the screen. */
- grub_memset ((void *) framebuffer.cached_ptr, 0,
+ grub_memset ((void *) framebuffer.cached_ptr, 0,
framebuffer.mode_info.height * framebuffer.mode_info.pitch);
#endif
@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
grub_sm712_sr_write (0x2, 0x6b);
grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK);
grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET);
- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY
+ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY
| GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY
| GRUB_VGA_IO_MISC_UPPER_64K
| GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
for (i = 0; i < ARRAY_SIZE (dda_lookups); i++)
grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda,
dda_lookups[i].vcentering);
-
+
/* Undocumented */
grub_sm712_cr_write (0, 0x9c);
grub_sm712_cr_write (0, 0x9d);
diff --git a/grub-core/video/video.c b/grub-core/video/video.c
index 983424107..8937da745 100644
--- a/grub-core/video/video.c
+++ b/grub-core/video/video.c
@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
current_mode);
param++;
-
+
*width = grub_strtoul (value, 0, 0);
if (grub_errno != GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("invalid video mode specification `%s'"),
current_mode);
-
+
/* Find height value. */
value = param;
param = grub_strchr(param, 'x');
@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
{
/* We have optional color depth value. */
param++;
-
+
*height = grub_strtoul (value, 0, 0);
if (grub_errno != GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("invalid video mode specification `%s'"),
current_mode);
-
+
/* Convert color depth value. */
value = param;
*depth = grub_strtoul (value, 0, 0);
--
2.41.0

204
boot/grub2/0008-video-readers-png-Abort-sooner-if-a-read-operation-f.patch Normal file
View File

@@ -0,0 +1,204 @@
From 91d16e415b79f5080fa2bcc21bff6471f6be9f08 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 6 Jul 2021 14:02:55 +1000
Subject: [PATCH] video/readers/png: Abort sooner if a read operation fails
Fuzzing revealed some inputs that were taking a long time, potentially
forever, because they did not bail quickly upon encountering an I/O error.
Try to catch I/O errors sooner and bail out.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: d5caac8ab79d068ad9a41030c772d03a4d4fbd7b
[Thomas: needed to cherry-pick
e623866d9286410156e8b9d2c82d6253a1b22d08, which fixes CVE-2021-3695]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 8 deletions(-)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 54dfedf43..d715c4629 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -142,6 +142,7 @@ static grub_uint8_t
grub_png_get_byte (struct grub_png_data *data)
{
grub_uint8_t r;
+ grub_ssize_t bytes_read = 0;
if ((data->inside_idat) && (data->idat_remain == 0))
{
@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data)
}
r = 0;
- grub_file_read (data->file, &r, 1);
+ bytes_read = grub_file_read (data->file, &r, 1);
+
+ if (bytes_read != 1)
+ {
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: unexpected end of data");
+ return 0;
+ }
if (data->inside_idat)
data->idat_remain--;
@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data,
if (len == 0)
return GRUB_ERR_NONE;
- for (i = 0; 3 * i < len && i < 256; i++)
+ grub_errno = GRUB_ERR_NONE;
+ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++)
for (j = 0; j < 3; j++)
data->palette[i][j] = grub_png_get_byte (data);
- for (i *= 3; i < len; i++)
+ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++)
grub_png_get_byte (data);
grub_png_get_dword (data);
- return GRUB_ERR_NONE;
+ return grub_errno;
}
static grub_err_t
@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size");
color_bits = grub_png_get_byte (data);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
data->is_16bit = (color_bits == 16);
color_type = grub_png_get_byte (data);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
/* According to PNG spec, no other types are valid. */
if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR))
@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data)
if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE)
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: compression method not supported");
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE)
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: filter method not supported");
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
if (grub_png_get_byte (data) != PNG_INTERLACE_NONE)
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: interlace method not supported");
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
/* Skip crc checksum. */
grub_png_get_dword (data);
@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht)
int code, i;
code = 0;
- for (i = 0; i < ht->max_length; i++)
+ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++)
{
code = (code << 1) + grub_png_get_bits (data, 1);
if (code < ht->maxval[i])
@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data)
grub_uint8_t lens[DEFLATE_HCLEN_MAX];
nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) ||
(nb > DEFLATE_HCLEN_MAX))
@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data)
data->dist_offset);
prev = 0;
- for (i = 0; i < nl + nd; i++)
+ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++)
{
int n, code;
struct huff_table *ht;
@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data)
len = cplens[n];
if (cplext[n])
len += grub_png_get_bits (data, cplext[n]);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
n = grub_png_get_huff_code (data, &data->dist_table);
dist = cpdist[n];
if (cpdext[n])
dist += grub_png_get_bits (data, cpdext[n]);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
pos = data->wp - dist;
if (pos < 0)
pos += WSIZE;
- while (len > 0)
+ while (len > 0 && grub_errno == GRUB_ERR_NONE)
{
data->slide[data->wp] = data->slide[pos];
grub_png_output_byte (data, data->slide[data->wp]);
@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data)
int final;
cmf = grub_png_get_byte (data);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
flg = grub_png_get_byte (data);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
if ((cmf & 0xF) != Z_DEFLATED)
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data)
int block_type;
final = grub_png_get_bits (data, 1);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
block_type = grub_png_get_bits (data, 2);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
switch (block_type)
{
@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data)
grub_png_get_byte (data);
grub_png_get_byte (data);
- for (i = 0; i < len; i++)
+ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++)
grub_png_output_byte (data, grub_png_get_byte (data));
break;
@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data)
len = grub_png_get_dword (data);
type = grub_png_get_dword (data);
+ if (grub_errno != GRUB_ERR_NONE)
+ break;
data->next_offset = data->file->offset + len + 4;
switch (type)
--
2.41.0

34
boot/grub2/0009-video-readers-png-Refuse-to-handle-multiple-image-he.patch Normal file
View File

@@ -0,0 +1,34 @@
From e170edd18fcfdd9e6f91ba750fd022cef8d43cd4 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 6 Jul 2021 14:13:40 +1000
Subject: [PATCH] video/readers/png: Refuse to handle multiple image headers
This causes the bitmap to be leaked. Do not permit multiple image headers.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 166a4d61448f74745afe1dac2f2cfb85d04909bf
[Thomas: needed to cherry-pick
e623866d9286410156e8b9d2c82d6253a1b22d08, which fixes CVE-2021-3695]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/video/readers/png.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index d715c4629..35ae553c8 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data)
int color_bits;
enum grub_video_blit_format blt;
+ if (data->image_width || data->image_height)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found");
+
data->image_width = grub_png_get_dword (data);
data->image_height = grub_png_get_dword (data);
--
2.41.0

173
boot/grub2/0010-video-readers-png-Drop-greyscale-support-to-fix-heap.patch Normal file
View File

@@ -0,0 +1,173 @@
From 5b42d132a029c1d245d94c813a45836522b46226 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 6 Jul 2021 18:51:35 +1000
Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap
out-of-bounds write
A 16-bit greyscale PNG without alpha is processed in the following loop:
for (i = 0; i < (data->image_width * data->image_height);
i++, d1 += 4, d2 += 2)
{
d1[R3] = d2[1];
d1[G3] = d2[1];
d1[B3] = d2[1];
}
The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration,
but there are only 3 bytes allocated for storage. This means that image
data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes
out of every 4 following the end of the image.
This has existed since greyscale support was added in 2013 in commit
3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale).
Saving starfield.png as a 16-bit greyscale image without alpha in the gimp
and attempting to load it causes grub-emu to crash - I don't think this code
has ever worked.
Delete all PNG greyscale support.
Fixes: CVE-2021-3695
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: e623866d9286410156e8b9d2c82d6253a1b22d08
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/video/readers/png.c | 87 +++--------------------------------
1 file changed, 7 insertions(+), 80 deletions(-)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 35ae553c8..a3161e25b 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -100,7 +100,7 @@ struct grub_png_data
unsigned image_width, image_height;
int bpp, is_16bit;
- int raw_bytes, is_gray, is_alpha, is_palette;
+ int raw_bytes, is_alpha, is_palette;
int row_bytes, color_bits;
grub_uint8_t *image_data;
@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
data->bpp = 3;
else
{
- data->is_gray = 1;
- data->bpp = 1;
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: color type not supported");
}
if ((color_bits != 8) && (color_bits != 16)
&& (color_bits != 4
- || !(data->is_gray || data->is_palette)))
+ || !data->is_palette))
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: bit depth must be 8 or 16");
@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
}
#ifndef GRUB_CPU_WORDS_BIGENDIAN
- if (data->is_16bit || data->is_gray || data->is_palette)
+ if (data->is_16bit || data->is_palette)
#endif
{
data->image_data = grub_calloc (data->image_height, data->row_bytes);
@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data)
int shift;
int mask = (1 << data->color_bits) - 1;
unsigned j;
- if (data->is_gray)
- {
- /* Generic formula is
- (0xff * i) / ((1U << data->color_bits) - 1)
- but for allowed bit depth of 1, 2 and for it's
- equivalent to
- (0xff / ((1U << data->color_bits) - 1)) * i
- Precompute the multipliers to avoid division.
- */
-
- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 };
- for (i = 0; i < (1U << data->color_bits); i++)
- {
- grub_uint8_t col = multipliers[data->color_bits] * i;
- palette[i][0] = col;
- palette[i][1] = col;
- palette[i][2] = col;
- }
- }
- else
- grub_memcpy (palette, data->palette, 3 << data->color_bits);
+
+ grub_memcpy (palette, data->palette, 3 << data->color_bits);
d1c = d1;
d2c = d2;
for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3,
@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data)
return;
}
- if (data->is_gray)
- {
- switch (data->bpp)
- {
- case 4:
- /* 16-bit gray with alpha. */
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 4)
- {
- d1[R4] = d2[3];
- d1[G4] = d2[3];
- d1[B4] = d2[3];
- d1[A4] = d2[1];
- }
- break;
- case 2:
- if (data->is_16bit)
- /* 16-bit gray without alpha. */
- {
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 2)
- {
- d1[R3] = d2[1];
- d1[G3] = d2[1];
- d1[B3] = d2[1];
- }
- }
- else
- /* 8-bit gray with alpha. */
- {
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 2)
- {
- d1[R4] = d2[1];
- d1[G4] = d2[1];
- d1[B4] = d2[1];
- d1[A4] = d2[0];
- }
- }
- break;
- /* 8-bit gray without alpha. */
- case 1:
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 3, d2++)
- {
- d1[R3] = d2[0];
- d1[G3] = d2[0];
- d1[B3] = d2[0];
- }
- break;
- }
- return;
- }
-
{
/* Only copy the upper 8 bit. */
#ifndef GRUB_CPU_WORDS_BIGENDIAN
--
2.41.0

44
boot/grub2/0011-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch Normal file
View File

@@ -0,0 +1,44 @@
From 43a7d9cb829467993ba683a26c980fcfdaa924c8 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 6 Jul 2021 23:25:07 +1000
Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table
items
In fuzzing we observed crashes where a code would attempt to be inserted
into a huffman table before the start, leading to a set of heap OOB reads
and writes as table entries with negative indices were shifted around and
the new code written in.
Catch the case where we would underflow the array and bail.
Fixes: CVE-2021-3696
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 210245129c932dc9e1c2748d9d35524fb95b5042
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/video/readers/png.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index a3161e25b..d7ed5aa6c 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len)
for (i = len; i < ht->max_length; i++)
n += ht->maxval[i];
+ if (n > ht->num_values)
+ {
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: out of range inserting huffman table item");
+ return;
+ }
+
for (i = 0; i < n; i++)
ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1];
--
2.41.0

78
boot/grub2/0012-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch Normal file
View File

@@ -0,0 +1,78 @@
From 6be7ccfcc33da513de66f71de63fdc129fa019c2 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 7 Jul 2021 15:38:19 +1000
Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write
Certain 1 px wide images caused a wild pointer write in
grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(),
we have the following loop:
for (; data->r1 < nr1 && (!data->dri || rst);
data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
We did not check if vb * width >= hb * nc1.
On a 64-bit platform, if that turns out to be negative, it will underflow,
be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so
we see data->bitmap_ptr jump, e.g.:
0x6180_0000_0480 to
0x6181_0000_0498
^
~--- carry has occurred and this pointer is now far away from
any object.
On a 32-bit platform, it will decrement the pointer, creating a pointer
that won't crash but will overwrite random data.
Catch the underflow and error out.
Fixes: CVE-2021-3697
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/video/readers/jpeg.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
index e31602f76..1d256af01 100644
--- a/grub-core/video/readers/jpeg.c
+++ b/grub-core/video/readers/jpeg.c
@@ -23,6 +23,7 @@
#include <grub/mm.h>
#include <grub/misc.h>
#include <grub/bufio.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -639,6 +640,7 @@ static grub_err_t
grub_jpeg_decode_data (struct grub_jpeg_data *data)
{
unsigned c1, vb, hb, nr1, nc1;
+ unsigned stride_a, stride_b, stride;
int rst = data->dri;
vb = 8 << data->log_vs;
@@ -650,8 +652,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
return grub_error(GRUB_ERR_BAD_FILE_TYPE,
"jpeg: attempted to decode data before start of stream");
+ if (grub_mul(vb, data->image_width, &stride_a) ||
+ grub_mul(hb, nc1, &stride_b) ||
+ grub_sub(stride_a, stride_b, &stride))
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: cannot decode image with these dimensions");
+
for (; data->r1 < nr1 && (!data->dri || rst);
- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
+ data->r1++, data->bitmap_ptr += stride * 3)
for (c1 = 0; c1 < nc1 && (!data->dri || rst);
c1++, rst--, data->bitmap_ptr += hb * 3)
{
--
2.41.0

56
boot/grub2/0013-net-ip-Do-IP-fragment-maths-safely.patch Normal file
View File

@@ -0,0 +1,56 @@
From cadde7e36b8797060ac8cdf7cca7d8e1e09697e6 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Mon, 20 Dec 2021 19:41:21 +1100
Subject: [PATCH] net/ip: Do IP fragment maths safely
We can receive packets with invalid IP fragmentation information. This
can lead to rsm->total_len underflowing and becoming very large.
Then, in grub_netbuff_alloc(), we add to this very large number, which can
cause it to overflow and wrap back around to a small positive number.
The allocation then succeeds, but the resulting buffer is too small and
subsequent operations can write past the end of the buffer.
Catch the underflow here.
Fixes: CVE-2022-28733
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 3e4817538de828319ba6d59ced2fbb9b5ca13287
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/net/ip.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c
index ea5edf8f1..74e4e8b06 100644
--- a/grub-core/net/ip.c
+++ b/grub-core/net/ip.c
@@ -25,6 +25,7 @@
#include <grub/net/netbuff.h>
#include <grub/mm.h>
#include <grub/priority_queue.h>
+#include <grub/safemath.h>
#include <grub/time.h>
struct iphdr {
@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb,
{
rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK)
+ (nb->tail - nb->data));
- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t));
+
+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t),
+ &rsm->total_len))
+ {
+ grub_dprintf ("net", "IP reassembly size underflow\n");
+ return GRUB_ERR_NONE;
+ }
+
rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len);
if (!rsm->asm_netbuff)
{
--
2.41.0

50
boot/grub2/0014-net-http-Fix-OOB-write-for-split-http-headers.patch Normal file
View File

@@ -0,0 +1,50 @@
From 6bb49bda656e1121fd303cf3e69709172e267718 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 8 Mar 2022 18:17:03 +1100
Subject: [PATCH] net/http: Fix OOB write for split http headers
GRUB has special code for handling an http header that is split
across two packets.
The code tracks the end of line by looking for a "\n" byte. The
code for split headers has always advanced the pointer just past the
end of the line, whereas the code that handles unsplit headers does
not advance the pointer. This extra advance causes the length to be
one greater, which breaks an assumption in parse_line(), leading to
it writing a NUL byte one byte past the end of the buffer where we
reconstruct the line from the two packets.
It's conceivable that an attacker controlled set of packets could
cause this to zero out the first byte of the "next" pointer of the
grub_mm_region structure following the current_line buffer.
Do not advance the pointer in the split header case.
Fixes: CVE-2022-28734
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: ec6bfd3237394c1c7dbf2fd73417173318d22f4b
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/net/http.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index b616cf40b..a19b0a205 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)),
int have_line = 1;
char *t;
ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data);
- if (ptr)
- ptr++;
- else
+ if (ptr == NULL)
{
have_line = 0;
ptr = (char *) nb->tail;
--
2.41.0

52
boot/grub2/0015-net-http-Error-out-on-headers-with-LF-without-CR.patch Normal file
View File

@@ -0,0 +1,52 @@
From 2974684d2f7f85a5c57af8155cc3b70c04ec1d6b Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 8 Mar 2022 19:04:40 +1100
Subject: [PATCH] net/http: Error out on headers with LF without CR
In a similar vein to the previous patch, parse_line() would write
a NUL byte past the end of the buffer if there was an HTTP header
with a LF rather than a CRLF.
RFC-2616 says:
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value (as defined in section 3.6).
We don't support quoted sections or continuation lines, etc.
If we see an LF that's not part of a CRLF, bail out.
Fixes: CVE-2022-28734
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/net/http.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index a19b0a205..1fa62b5cb 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
char *end = ptr + len;
while (end > ptr && *(end - 1) == '\r')
end--;
+
+ /* LF without CR. */
+ if (end == ptr + len)
+ {
+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR"));
+ return GRUB_ERR_NONE;
+ }
*end = 0;
+
/* Trailing CRLF. */
if (data->in_chunk_len == 1)
{
--
2.41.0

116
boot/grub2/0016-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch Normal file
View File

@@ -0,0 +1,116 @@
From 1aefeca0f6304a20c1a3711cb9e89c5fdb901b6b Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Fri, 5 Aug 2022 00:51:20 +0800
Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
The length of memory allocation and file read may overflow. This patch
fixes the problem by using safemath macros.
There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
It is safe replacement for such code. It has safemath-like prototype.
This patch also introduces grub_cast(value, pointer), it casts value to
typeof(*pointer) then store the value to *pointer. It returns true when
overflow occurs or false if there is no overflow. The semantics of arguments
and return value are designed to be consistent with other safemath macros.
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 9c76ec09ae08155df27cd237eaea150b4f02f532
[Thomas: needed to backport 768e1ef2fc159f6e14e7246e4be09363708ac39e,
which fixes CVE-2022-2601]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/font/font.c | 17 +++++++++++++----
include/grub/bitmap.h | 18 ++++++++++++++++++
include/grub/safemath.h | 2 ++
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index d09bb38d8..876b5b695 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
grub_int16_t xoff;
grub_int16_t yoff;
grub_int16_t dwidth;
- int len;
+ grub_ssize_t len;
+ grub_size_t sz;
if (index_entry->glyph)
/* Return cached glyph. */
@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
return 0;
}
- len = (width * height + 7) / 8;
- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
- if (!glyph)
+ /* Calculate real struct size of current glyph. */
+ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
+ grub_add (sizeof (struct grub_font_glyph), len, &sz))
+ {
+ remove_font (font);
+ return 0;
+ }
+
+ /* Allocate and initialize the glyph struct. */
+ glyph = grub_malloc (sz);
+ if (glyph == NULL)
{
remove_font (font);
return 0;
diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
index 5728f8ca3..0d9603f61 100644
--- a/include/grub/bitmap.h
+++ b/include/grub/bitmap.h
@@ -23,6 +23,7 @@
#include <grub/symbol.h>
#include <grub/types.h>
#include <grub/video.h>
+#include <grub/safemath.h>
struct grub_video_bitmap
{
@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap)
return bitmap->mode_info.height;
}
+/*
+ * Calculate and store the size of data buffer of 1bit bitmap in result.
+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
+ * Return true when overflow occurs or false if there is no overflow.
+ * This function is intentionally implemented as a macro instead of
+ * an inline function. Although a bit awkward, it preserves data types for
+ * safemath macros and reduces macro side effects as much as possible.
+ *
+ * XXX: Will report false overflow if width * height > UINT64_MAX.
+ */
+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \
+({ \
+ grub_uint64_t _bitmap_pixels; \
+ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \
+ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \
+})
+
void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap,
struct grub_video_mode_info *mode_info);
diff --git a/include/grub/safemath.h b/include/grub/safemath.h
index c17b89bba..bb0f826de 100644
--- a/include/grub/safemath.h
+++ b/include/grub/safemath.h
@@ -30,6 +30,8 @@
#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+#define grub_cast(a, res) grub_add ((a), 0, (res))
+
#else
#error gcc 5.1 or newer or clang 3.8 or newer is required
#endif
--
2.41.0

83
boot/grub2/0017-font-Fix-several-integer-overflows-in-grub_font_cons.patch Normal file
View File

@@ -0,0 +1,83 @@
From fefba72d17364d6212cfd3be2232f4ce0ba23b82 Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Fri, 5 Aug 2022 01:58:27 +0800
Subject: [PATCH] font: Fix several integer overflows in
grub_font_construct_glyph()
This patch fixes several integer overflows in grub_font_construct_glyph().
Glyphs of invalid size, zero or leading to an overflow, are rejected.
The inconsistency between "glyph" and "max_glyph_size" when grub_malloc()
returns NULL is fixed too.
Fixes: CVE-2022-2601
Reported-by: Zhang Boyang <zhangboyang.id@gmail.com>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 768e1ef2fc159f6e14e7246e4be09363708ac39e
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/font/font.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 876b5b695..0ff552578 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font,
struct grub_video_signed_rect bounds;
static struct grub_font_glyph *glyph = 0;
static grub_size_t max_glyph_size = 0;
+ grub_size_t cur_glyph_size;
ensure_comb_space (glyph_id);
@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font,
if (!glyph_id->ncomb && !glyph_id->attributes)
return main_glyph;
- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT)
+ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) ||
+ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size))
+ return main_glyph;
+
+ if (max_glyph_size < cur_glyph_size)
{
grub_free (glyph);
- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2;
- if (max_glyph_size < 8)
- max_glyph_size = 8;
- glyph = grub_malloc (max_glyph_size);
+ if (grub_mul (cur_glyph_size, 2, &max_glyph_size))
+ max_glyph_size = 0;
+ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL;
}
if (!glyph)
{
+ max_glyph_size = 0;
grub_errno = GRUB_ERR_NONE;
return main_glyph;
}
- grub_memset (glyph, 0, sizeof (*glyph)
- + (bounds.width * bounds.height
- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT);
+ grub_memset (glyph, 0, cur_glyph_size);
glyph->font = main_glyph->font;
- glyph->width = bounds.width;
- glyph->height = bounds.height;
- glyph->offset_x = bounds.x;
- glyph->offset_y = bounds.y;
+ if (bounds.width == 0 || bounds.height == 0 ||
+ grub_cast (bounds.width, &glyph->width) ||
+ grub_cast (bounds.height, &glyph->height) ||
+ grub_cast (bounds.x, &glyph->offset_x) ||
+ grub_cast (bounds.y, &glyph->offset_y))
+ return main_glyph;
if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR)
grub_font_blit_glyph_mirror (glyph, main_glyph,
--
2.41.0

93
boot/grub2/0018-font-Fix-an-integer-underflow-in-blit_comb.patch Normal file
View File

@@ -0,0 +1,93 @@
From 79bd19e078c5053d800b1b4d3a901083da947e70 Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Mon, 24 Oct 2022 08:05:35 +0800
Subject: [PATCH] font: Fix an integer underflow in blit_comb()
The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may
evaluate to a very big invalid value even if both ctx.bounds.height and
combining_glyphs[i]->height are small integers. For example, if
ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this
expression evaluates to 2147483647 (expected -1). This is because
coordinates are allowed to be negative but ctx.bounds.height is an
unsigned int. So, the subtraction operates on unsigned ints and
underflows to a very big value. The division makes things even worse.
The quotient is still an invalid value even if converted back to int.
This patch fixes the problem by casting ctx.bounds.height to int. As
a result the subtraction will operate on int and grub_uint16_t which
will be promoted to an int. So, the underflow will no longer happen. Other
uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int,
to ensure coordinates are always calculated on signed integers.
Fixes: CVE-2022-3775
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 992c06191babc1e109caf40d6a07ec6fdef427af
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
grub-core/font/font.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 0ff552578..7b1cbde07 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
ctx.bounds.height = main_glyph->height;
above_rightx = main_glyph->offset_x + main_glyph->width;
- above_righty = ctx.bounds.y + ctx.bounds.height;
+ above_righty = ctx.bounds.y + (int) ctx.bounds.height;
above_leftx = main_glyph->offset_x;
- above_lefty = ctx.bounds.y + ctx.bounds.height;
+ above_lefty = ctx.bounds.y + (int) ctx.bounds.height;
- below_rightx = ctx.bounds.x + ctx.bounds.width;
+ below_rightx = ctx.bounds.x + (int) ctx.bounds.width;
below_righty = ctx.bounds.y;
comb = grub_unicode_get_comb (glyph_id);
@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
if (!combining_glyphs[i])
continue;
- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
+ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
/* CGJ is to avoid diacritics reordering. */
if (comb[i].code
== GRUB_UNICODE_COMBINING_GRAPHEME_JOINER)
@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
case GRUB_UNICODE_COMB_OVERLAY:
do_blit (combining_glyphs[i],
targetx,
- (ctx.bounds.height - combining_glyphs[i]->height) / 2
- - (ctx.bounds.height + ctx.bounds.y), &ctx);
+ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2
+ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
break;
@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
/* Fallthrough. */
case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
do_blit (combining_glyphs[i], targetx,
- -(ctx.bounds.height + ctx.bounds.y + space
+ -((int) ctx.bounds.height + ctx.bounds.y + space
+ combining_glyphs[i]->height), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
case GRUB_UNICODE_COMB_HEBREW_DAGESH:
do_blit (combining_glyphs[i], targetx,
- -(ctx.bounds.height / 2 + ctx.bounds.y
+ -((int) ctx.bounds.height / 2 + ctx.bounds.y
+ combining_glyphs[i]->height / 2), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
--
2.41.0

61
boot/grub2/0019-fs-ext2-Ignore-checksum-seed-incompat-feature.patch Normal file
View File

@@ -0,0 +1,61 @@
From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 11 Jun 2021 21:36:16 +0200
Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature
This incompat feature is used to denote that the filesystem stored its
metadata checksum seed in the superblock. This is used to allow tune2fs
changing the UUID on a mounted metdata_csum filesystem without having
to rewrite all the disk metadata. However, the GRUB doesn't use the
metadata checksum at all. So, it can just ignore this feature if it
is enabled. This is consistent with the GRUB filesystem code in general
which just does a best effort to access the filesystem's data.
The checksum seed incompat feature has to be removed from the ignore
list if the support for metadata checksum verification is added to the
GRUB ext2 driver later.
Suggested-by: Eric Sandeen <esandeen@redhat.com>
Suggested-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763
Signed-off-by: Jens Maus <mail@jens-maus.de>
---
grub-core/fs/ext2.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index e7dd78e66..4953a1591 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
* mmp: Not really back-incompatible - was added as such to
* avoid multiple read-write mounts. Safe to ignore for this
* RO driver.
+ * checksum seed: Not really back-incompatible - was added to allow tools
+ * such as tune2fs to change the UUID on a mounted metadata
+ * checksummed filesystem. Safe to ignore for now since the
+ * driver doesn't support checksum verification. However, it
+ * has to be removed from this list if the support is added later.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
- | EXT4_FEATURE_INCOMPAT_MMP)
-
+ | EXT4_FEATURE_INCOMPAT_MMP \
+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
--
2.34.1

60
boot/grub2/0020-fs-ext2-Ignore-the-large_dir-incompat-feature.patch Normal file
View File

@@ -0,0 +1,60 @@
From 2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Tue, 30 Aug 2022 22:41:59 -0400
Subject: [PATCH] fs/ext2: Ignore the large_dir incompat feature
Recently, ext4 added the large_dir feature, which adds support for
a 3 level htree directory support.
The GRUB supports existing file systems with htree directories by
ignoring their existence, and since the index nodes for the hash tree
look like deleted directory entries (by design), the GRUB can simply do
a brute force O(n) linear search of directories. The same is true for
3 level deep htrees indicated by large_dir feature flag.
Hence, it is safe for the GRUB to ignore the large_dir incompat feature.
Fixes: https://savannah.gnu.org/bugs/?61606
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream: 2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b
Signed-off-by: Jens Maus <mail@jens-maus.de>
---
grub-core/fs/ext2.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index 0989e26e1..e1cc5e62a 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -104,6 +104,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000
+#define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3 level htree */
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -129,10 +130,17 @@ GRUB_MOD_LICENSE ("GPLv3+");
* checksummed filesystem. Safe to ignore for now since the
* driver doesn't support checksum verification. However, it
* has to be removed from this list if the support is added later.
+ * large_dir: Not back-incompatible given that the GRUB ext2 driver does
+ * not implement EXT2_FEATURE_COMPAT_DIR_INDEX. If the GRUB
+ * eventually supports the htree feature (aka dir_index)
+ * it should support 3 level htrees and then move
+ * EXT4_FEATURE_INCOMPAT_LARGEDIR to
+ * EXT2_DRIVER_SUPPORTED_INCOMPAT.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
| EXT4_FEATURE_INCOMPAT_MMP \
- | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED \
+ | EXT4_FEATURE_INCOMPAT_LARGEDIR)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
--
2.34.1

19
boot/grub2/grub2.mk
View File

@@ -34,6 +34,25 @@ GRUB2_IGNORE_CVES += CVE-2020-15705
GRUB2_IGNORE_CVES += CVE-2021-3981
# vulnerability is specific to the SUSE distribution
GRUB2_IGNORE_CVES += CVE-2021-46705
# 0005-loader-efi-chainloader-Use-grub_loader_set_ex.patch
GRUB2_IGNORE_CVES += CVE-2022-28736
# 0006-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
GRUB2_IGNORE_CVES += CVE-2022-28735
# 0010-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
GRUB2_IGNORE_CVES += CVE-2021-3695
# 0011-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
GRUB2_IGNORE_CVES += CVE-2021-3696
# 0012-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
GRUB2_IGNORE_CVES += CVE-2021-3697
# 0013-net-ip-Do-IP-fragment-maths-safely.patch
GRUB2_IGNORE_CVES += CVE-2022-28733
# 0014-net-http-Fix-OOB-write-for-split-http-headers.patch
# 0015-net-http-Error-out-on-headers-with-LF-without-CR.patch
GRUB2_IGNORE_CVES += CVE-2022-28734
# 0017-font-Fix-several-integer-overflows-in-grub_font_cons.patch
GRUB2_IGNORE_CVES += CVE-2022-2601
# 0018-font-Fix-an-integer-underflow-in-blit_comb.patch
GRUB2_IGNORE_CVES += CVE-2022-3775
ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y)
GRUB2_INSTALL_TARGET = YES

49
boot/mv-ddr-marvell/0001-Allow-access-to-low-addresses-with-gcc-12.patch Normal file
View File

@@ -0,0 +1,49 @@
From 4796a1eacc6a5ccb623e7d2e46a5196f8335e496 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Fri, 11 Aug 2023 11:19:49 +0300
Subject: [PATCH] Allow access to low addresses with gcc 12
gcc 12 added a warning that triggers on access to low addresses. Add a
compile option that allows access to lower addresses.
Add the 'cc_option' macro to avoid the compile option when the compiler
does not support it.
This fixes build with TF-A. TF-A added a similar fix in commit
dea23e245fb89.
See some more details in
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523
Upstream: https://github.com/MarvellEmbeddedProcessors/mv-ddr-marvell/pull/42
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Makefile b/Makefile
index 3f0dd89a7381..045284c30cbc 100644
--- a/Makefile
+++ b/Makefile
@@ -108,6 +108,10 @@ MV_DDR_VER_CSRC = mv_ddr_build_message.c
# create mv_ddr build message and version string source file
$(shell $(MV_DDR_ROOT)/scripts/localversion.sh $(MV_DDR_ROOT) $(MV_DDR_VER_CSRC) 2> /dev/null)
+define cc_option
+ $(shell if $(CC) $(1) -c -x c /dev/null -o /dev/null >/dev/null 2>&1; then echo $(1); fi )
+endef
+
# ******************
# U-BOOT SPL SUPPORT
# ******************
@@ -331,6 +335,7 @@ OBJ_DIR ?= $(MV_DDR_ROOT)
CFLAGS = -DMV_DDR_ATF -DCONFIG_DDR4
CFLAGS += -Wall -Werror -Os -ffreestanding -mlittle-endian -g -gdwarf-2 -nostdinc
CFLAGS += -march=armv8-a -fpie
+CFLAGS += $(call cc_option, --param=min-pagesize=0)
# PLATFORM is set in ble/ble.mk
ifneq ($(findstring a80x0,$(PLATFORM)),)
--
2.40.1

33
boot/mv-ddr-marvell/0002-Makefile-disable-stack-protection.patch Normal file
View File

@@ -0,0 +1,33 @@
From 53e34e3bff26fcbb7cc14178fa9fc80e7a73d556 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Tue, 11 Oct 2022 16:34:44 +0300
Subject: [PATCH] Makefile: disable stack protection
The Buildroot toolchain might enable stack protection by default. That
breaks linking because ATF does not provide the required __stack_chk
routines.
The mv-ddr-marvell Makefile provides no way to add custom CFLAGS. Patch
Makefile to disable stack protection.
Upstream: not applicable; Buildroot specific
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index 045284c30cbc..9641354bcf86 100644
--- a/Makefile
+++ b/Makefile
@@ -336,6 +336,7 @@ CFLAGS = -DMV_DDR_ATF -DCONFIG_DDR4
CFLAGS += -Wall -Werror -Os -ffreestanding -mlittle-endian -g -gdwarf-2 -nostdinc
CFLAGS += -march=armv8-a -fpie
CFLAGS += $(call cc_option, --param=min-pagesize=0)
+CFLAGS += -fno-stack-protector
# PLATFORM is set in ble/ble.mk
ifneq ($(findstring a80x0,$(PLATFORM)),)
--
2.40.1

6
boot/opensbi/Config.in
View File

@@ -19,7 +19,7 @@ choice
Select the specific OpenSBI version you want to use
config BR2_TARGET_OPENSBI_LATEST_VERSION
bool "1.2"
bool "1.3"
config BR2_TARGET_OPENSBI_CUSTOM_VERSION
bool "Custom version"
@@ -57,10 +57,10 @@ endif
config BR2_TARGET_OPENSBI_VERSION
string
default "1.2" if BR2_TARGET_OPENSBI_LATEST_VERSION
default "1.3" if BR2_TARGET_OPENSBI_LATEST_VERSION
default BR2_TARGET_OPENSBI_CUSTOM_VERSION_VALUE \
if BR2_TARGET_OPENSBI_CUSTOM_VERSION
default "custom" if BR2_TARGET_OPENSBI_CUSTOM_TARBALL
default "custom" if BR2_TARGET_OPENSBI_CUSTOM_TARBALL
default BR2_TARGET_OPENSBI_CUSTOM_REPO_VERSION \
if BR2_TARGET_OPENSBI_CUSTOM_GIT

2
boot/opensbi/opensbi.hash
View File

@@ -1,3 +1,3 @@
# locally computed
sha256 8fcbce598a73acc2c7f7d5607d46b9d5107d3ecbede8f68f42631dcfc25ef2b2 opensbi-1.2.tar.gz
sha256 2c0501eb3475f463b15f5b8531996f64604ea49e0e3ed040ecbd1fc27ecd8c5c opensbi-1.3.tar.gz
sha256 82d13fb1bf6bb162629deeea9eb9c117e74548d3b707e478967691fe79a68e21 COPYING.BSD

19
boot/uboot/Config.in
View File

@@ -262,6 +262,15 @@ config BR2_TARGET_UBOOT_NEEDS_IMX_FIRMWARE
This option makes sure that the i.MX firmwares are copied into
the U-Boot source directory.
config BR2_TARGET_UBOOT_NEEDS_ROCKCHIP_RKBIN
bool "U-Boot needs rockchip-rkbin"
depends on BR2_PACKAGE_ROCKCHIP_RKBIN
help
For some Rockchip SoCs U-Boot needs binary blobs from
Rockchip.
This option makes sure that the needed binary blobs are copied
into the U-Boot source directory.
menu "U-Boot binary format"
config BR2_TARGET_UBOOT_FORMAT_AIS
@@ -395,6 +404,16 @@ config BR2_TARGET_UBOOT_FORMAT_STM32
bool "u-boot.stm32"
depends on BR2_arm
if BR2_TARGET_UBOOT_FORMAT_STM32
config BR2_TARGET_UBOOT_BUILD_FORMAT_STM32_LEGACY
bool "Legacy build (u-boot.stm32 target)"
help
Select this option if you use U-Boot with version older than
2022.01), so that we use the old build target. Otherwise,
binman application is called to create the stm32 binary
format.
endif
config BR2_TARGET_UBOOT_FORMAT_CUSTOM
bool "Custom (specify below)"
help

22
boot/uboot/uboot.mk
View File

@@ -133,8 +133,10 @@ endif
ifeq ($(BR2_TARGET_UBOOT_FORMAT_STM32),y)
UBOOT_BINS += u-boot.stm32
ifeq ($(BR2_TARGET_UBOOT_BUILD_FORMAT_STM32_LEGACY),y)
UBOOT_MAKE_TARGET += u-boot.stm32
endif
endif
ifeq ($(BR2_TARGET_UBOOT_FORMAT_CUSTOM),y)
UBOOT_BINS += $(call qstrip,$(BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME))
@@ -207,8 +209,26 @@ endef
UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_IMX_FW_FILES
endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_ROCKCHIP_RKBIN),y)
UBOOT_DEPENDENCIES += rockchip-rkbin
define UBOOT_INSTALL_UBOOT_ROCKCHIP_BIN
$(INSTALL) -D -m 0644 $(@D)/u-boot-rockchip.bin $(BINARIES_DIR)/u-boot-rockchip.bin
endef
UBOOT_POST_INSTALL_IMAGES_HOOKS += UBOOT_INSTALL_UBOOT_ROCKCHIP_BIN
ifneq ($(ROCKCHIP_RKBIN_BL31_FILENAME),)
UBOOT_MAKE_OPTS += BL31=$(BINARIES_DIR)/$(notdir $(ROCKCHIP_RKBIN_BL31_FILENAME))
endif
ifneq ($(ROCKCHIP_RKBIN_TPL_FILENAME),)
UBOOT_MAKE_OPTS += ROCKCHIP_TPL=$(BINARIES_DIR)/$(notdir $(ROCKCHIP_RKBIN_TPL_FILENAME))
endif
ifneq ($(ROCKCHIP_RKBIN_TEE_FILENAME),)
UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/$(notdir $(ROCKCHIP_RKBIN_TEE_FILENAME))
endif
endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_DTC),y)
UBOOT_DEPENDENCIES += host-dtc
UBOOT_MAKE_OPTS += DTC=$(HOST_DIR)/bin/dtc
endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYTHON3),y)
@@ -216,7 +236,7 @@ UBOOT_DEPENDENCIES += host-python3 host-python-setuptools
endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYLIBFDT),y)
UBOOT_DEPENDENCIES += host-swig
UBOOT_DEPENDENCIES += host-python-pylibfdt
endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS),y)

1
configs/andes_ae350_45_defconfig
View File

@@ -38,7 +38,6 @@ BR2_TARGET_UBOOT_NEEDS_OPENSBI=y
BR2_TARGET_UBOOT_FORMAT_CUSTOM=y
BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME="u-boot.itb"
BR2_TARGET_UBOOT_SPL=y
BR2_TARGET_UBOOT_CUSTOM_MAKEOPTS="ARCH_FLAGS=-march=rv64imafdc"
BR2_PACKAGE_HOST_DOSFSTOOLS=y
BR2_PACKAGE_HOST_GENIMAGE=y
BR2_PACKAGE_HOST_MTOOLS=y

3
configs/avenger96_defconfig
View File

@@ -17,7 +17,7 @@ BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE="v2.2"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE="v2.9"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="stm32mp1"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="STM32MP_SDMMC=1 AARCH32_SP=sp_min DTB_FILE_NAME=stm32mp157a-avenger96.dtb"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG=y
@@ -30,5 +30,6 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2020.07"
BR2_TARGET_UBOOT_BOARD_DEFCONFIG="stm32mp15_trusted"
# BR2_TARGET_UBOOT_FORMAT_BIN is not set
BR2_TARGET_UBOOT_FORMAT_STM32=y
BR2_TARGET_UBOOT_BUILD_FORMAT_STM32_LEGACY=y
BR2_TARGET_UBOOT_CUSTOM_MAKEOPTS="DEVICE_TREE=stm32mp15xx-dhcor-avenger96"
BR2_PACKAGE_HOST_GENIMAGE=y

1
configs/beaglebone_defconfig
View File

@@ -37,6 +37,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2023.04"
BR2_TARGET_UBOOT_BOARD_DEFCONFIG="am335x_evm"
BR2_TARGET_UBOOT_NEEDS_DTC=y
BR2_TARGET_UBOOT_NEEDS_OPENSSL=y
# BR2_TARGET_UBOOT_FORMAT_BIN is not set
BR2_TARGET_UBOOT_FORMAT_IMG=y
BR2_TARGET_UBOOT_SPL=y

2
configs/beaglebone_qt5_defconfig
View File

@@ -15,7 +15,7 @@ BR2_LINUX_KERNEL_CUSTOM_TARBALL_LOCATION="$(call github,beagleboard,linux,4.19.7
BR2_LINUX_KERNEL_DEFCONFIG="omap2plus"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/beaglebone/linux-sgx.fragment"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="am335x-evm am335x-bone am335x-boneblack am335x-bonegreen am335x-evmsk am335x-boneblue am335x-boneblack-wireless"
BR2_LINUX_KERNEL_INTREE_DTS_NAME="am335x-evm am335x-bone am335x-boneblack am335x-bonegreen am335x-evmsk am335x-boneblue am335x-boneblack-wireless am335x-bonegreen-wireless"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_PACKAGE_FBV=y
BR2_PACKAGE_QT5=y

2
configs/beaglev_defconfig
View File

@@ -1,6 +1,7 @@
BR2_riscv=y
BR2_riscv_custom=y
BR2_RISCV_ISA_CUSTOM_RVM=y
BR2_RISCV_ISA_CUSTOM_RVA=y
BR2_RISCV_ISA_CUSTOM_RVF=y
BR2_RISCV_ISA_CUSTOM_RVD=y
BR2_RISCV_ISA_CUSTOM_RVC=y
@@ -39,3 +40,4 @@ BR2_TARGET_UBOOT_CUSTOM_TARBALL_LOCATION="$(call github,starfive-tech,u-boot,64e
BR2_TARGET_UBOOT_BOARD_DEFCONFIG="starfive_vic7100_beagle_v_smode"
BR2_PACKAGE_HOST_GENIMAGE=y
BR2_PACKAGE_HOST_JH71XX_TOOLS=y
BR2_GLOBAL_PATCH_DIR="board/beaglev/patches"

Some files were not shown because too many files have changed in this diff Show More