2 days agolibfdt: Replace deprecated 0-length arrays with proper flexible arrays main master
Kees Cook [Sat, 28 Jan 2023 00:20:50 +0000 (16:20 -0800)] 
libfdt: Replace deprecated 0-length arrays with proper flexible arrays

Replace the 0-length arrays in structures with proper flexible
arrays. This will avoid warnings when building under GCC 13 with
-fstrict-flex-arrays, which the Linux kernel will be doing soon:

In file included from ../lib/fdt_ro.c:2:
../lib/../scripts/dtc/libfdt/fdt_ro.c: In function 'fdt_get_name':
../lib/../scripts/dtc/libfdt/fdt_ro.c:319:24: warning: 'strrchr' reading 1 or more bytes from a region of size 0 [-Wstringop-overread]
  319 |                 leaf = strrchr(nameptr, '/');
      |                        ^~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 months agodtc: Warning rather than error on possible truncation of cell values
David Gibson [Mon, 21 Nov 2022 03:18:44 +0000 (14:18 +1100)] 
dtc: Warning rather than error on possible truncation of cell values

We always evaluate integer values in cell arrays as 64-bit quantities, then
truncate to the size of the array cells (32-bit by default).  However to
detect accidental truncation of meaningful values, we give an error if the
truncated portion isn't either all 0 or all 1 bits.  However, this can
still give counterintuitive errors.  For if the user is thinking in 2's
complement 32-bit arithmetic (which would be quite natural), then they'd
expect the expression (-0xffffffff-2) to evaluate to -1 (0xffffffff).
However in 64-bit it evaluates to 0xfffffffeffffffff which does truncate
to the expected value but trips this error message.

Because of this reduce the error to only a warnings, with a somewhat more
helpful message.

Fixes: https://github.com/dgibson/dtc/issues/74

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agolibfdt: tests: add get_next_tag_invalid_prop_len
Tadeusz Struk [Tue, 11 Oct 2022 18:26:11 +0000 (11:26 -0700)] 
libfdt: tests: add get_next_tag_invalid_prop_len

Add a new test get_next_tag_invalid_prop_len, which covers
fdt_next_tag(), when it is passed an corrupted blob, with
invalid property len values. The test runs twice, on a blob
in sw and finished state.

Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Message-Id: <20221011182611.116011-2-tadeusz.struk@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agolibfdt: prevent integer overflow in fdt_next_tag
Tadeusz Struk [Wed, 5 Oct 2022 23:29:30 +0000 (16:29 -0700)] 
libfdt: prevent integer overflow in fdt_next_tag

Since fdt_next_tag() in a public API function all input parameters,
including the fdt blob should not be trusted. It is possible to forge
a blob with invalid property length that will cause integer overflow
during offset calculation. To prevent that, validate the property length
read from the blob before doing calculations.

Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Message-Id: <20221005232931.3016047-1-tadeusz.struk@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agolibfdt: add fdt_get_property_by_offset_w helper
Tadeusz Struk [Tue, 11 Oct 2022 18:26:10 +0000 (11:26 -0700)] 
libfdt: add fdt_get_property_by_offset_w helper

Add a new fdt_get_property_by_offset_w helper function.
It is a wrapper on fdt_get_property_by_offset that returns
a writable pointer to a property at a given offset.

Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Message-Id: <20221011182611.116011-1-tadeusz.struk@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 months agoMakefile: fix infinite recursion by dropping non-existent `%.output`
Sergei Trofimovich [Sun, 25 Sep 2022 10:42:03 +0000 (11:42 +0100)] 
Makefile: fix infinite recursion by dropping non-existent `%.output`

Without the change GNU `make-4.4` falls into infinite recursion of trying
to generate %.output files (bison is not passed flags to generate debug

This happens on GNU `make-4.4` only after GNU make change to more eagerly
rebuild all target outputs in multiple targets:

The recursion here is the following:

- Makefile depends on *.d files
- *.d files depend on *.c files
- *.c files are generated by bison
- bison is triggered whenever some of it's multiple targets are missing

In our case `%.output` is always missing and bison is always reran.
*.d files are always regenerated on `make` run. And make is always
restarted as *.d files are always regenerated.

The fix removes infeasible `%.output`.

Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
Message-Id: <20220925104203.648449-2-slyich@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 months agoMakefile: limit make re-execution to avoid infinite spin
Sergei Trofimovich [Sun, 25 Sep 2022 10:42:02 +0000 (11:42 +0100)] 
Makefile: limit make re-execution to avoid infinite spin

make-4.4 became intentionally more eager at rebuilding outdated Makefile
includes. Currently this causes `dtc` to spin infinitely in
parser/dependency loop:

    $ make
        CHK version_gen.h
         BISON dtc-parser.tab.h
         DEP dtc-lexer.lex.c
         DEP dtc-parser.tab.c
        CHK version_gen.h
         BISON dtc-parser.tab.h
         DEP dtc-lexer.lex.c
         DEP dtc-parser.tab.c
    ... # never stops

After the change build eventually fails when gets into this state:

    $ make
        CHK version_gen.h
        UPD version_gen.h
         DEP util.c
         BISON dtc-parser.tab.h
         DEP dtc-lexer.lex.c
         DEP dtc-parser.tab.c
        CHK version_gen.h
         BISON dtc-parser.tab.h
         DEP dtc-lexer.lex.c
         DEP dtc-parser.tab.c
    Makefile:394: *** "Make re-executed itself 10 times. Infinite recursion?".  Stop.

The actual recursion will be fixed separately.

Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
Message-Id: <20220925104203.648449-1-slyich@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 months agolibdtc: remove duplicate judgments
Jia Xianhua [Thu, 15 Sep 2022 08:47:03 +0000 (16:47 +0800)] 
libdtc: remove duplicate judgments

There is no need to check the VALID_DTB repeatedly, and can be combined
into one if statement.

Signed-off-by: Jia Xianhua <jiaxianhua@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoDon't generate erroneous fixups from reference to path
David Gibson [Sun, 31 Jul 2022 12:10:05 +0000 (22:10 +1000)] 
Don't generate erroneous fixups from reference to path

The dtb overlay format only permits (non local) fixups to reference labels,
not paths.  That's because the fixup target goes into the property name in
the overlay, and property names aren't permitted to include '/' characters.

Stop erroneously generating such fixups, because we didn't check for this

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agolibfdt: Don't mask fdt_get_name() returned error
Pierre-Clément Tosi [Fri, 29 Jul 2022 13:00:19 +0000 (14:00 +0100)] 
libfdt: Don't mask fdt_get_name() returned error

Return the error code from fdt_get_name() (contained in len when the
result is NULL) instead of masking it with FDT_ERR_BADSTRUCTURE.

Fixes: fda71da26e7f ("libfdt: Handle failed get_name() on BEGIN_NODE")
Reported-by: Mike McTernan <mikemcternan@google.com>
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Message-Id: <20220729130019.804288-1-ptosi@google.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agomanual.txt: Follow README.md and remove Jon
Pierre-Clément Tosi [Fri, 29 Jul 2022 13:10:19 +0000 (14:10 +0100)] 
manual.txt: Follow README.md and remove Jon

Following 0ee1d479b23a ("Remove Jon Loeliger from maintainers list"),
make the "Submitting Patches" section of the manual.txt consistent with
the README by requesting patches to only be sent to David.

Cc: Jon Loeliger <loeliger@gmail.com>
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Message-Id: <20220729131019.806164-1-ptosi@google.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoUpdate README in MANIFEST.in and setup.py to README.md
Saad Waheed [Fri, 29 Jul 2022 07:09:03 +0000 (12:09 +0500)] 
Update README in MANIFEST.in and setup.py to README.md

Signed-off-by: Saad Waheed <saad.waheed@10xengineers.ai>
6 months agoAdd description of Signed-off-by lines
David Gibson [Thu, 28 Jul 2022 07:44:45 +0000 (17:44 +1000)] 
Add description of Signed-off-by lines

dtc and libfdt have been using Signed-off-by lines (as used in the Linux
kernel) for some time, like a lot of open source projects.  However
Uwe Kleine-König pointed out we never really stated what they mean in our

Add information on what the S-o-b line means in CONTRIBUTING.md - this is
essentially a quote of the same information from the kernel documentation,
with some tweaks to make sense in the new context.

Suggested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
6 months agoSplit out information for contributors to CONTRIBUTING.md
David Gibson [Thu, 28 Jul 2022 06:24:28 +0000 (16:24 +1000)] 
Split out information for contributors to CONTRIBUTING.md

README.md covers both general information for people using and building
the software, and more specific information for people contributing to
either dtc or libfdt.  Split out the latter information into its own file
for easier reference.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoRemove Jon Loeliger from maintainers list
David Gibson [Thu, 28 Jul 2022 06:16:08 +0000 (16:16 +1000)] 
Remove Jon Loeliger from maintainers list

Jon hasn't been actively working on dtc maintenance for some years.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoConvert README to README.md
David Gibson [Thu, 28 Jul 2022 05:51:32 +0000 (15:51 +1000)] 
Convert README to README.md

Let's move vaguely into the twenty-first century by converting our old
plain text README file to Markdown.  While we're updating the formatting,
make some small polish changes to the content.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoAllow static building with meson
Tero Tervala [Wed, 29 Jun 2022 16:35:57 +0000 (19:35 +0300)] 
Allow static building with meson

Added "static-build" option in the meson_options.txt.
Setting it to "true" allows static building.

Signed-off-by: Tero Tervala <tero.tervala@unikie.com>
Message-Id: <20220629163557.932298-1-tero.tervala@unikie.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoAllow static building with make
Tero Tervala [Wed, 29 Jun 2022 16:35:31 +0000 (19:35 +0300)] 
Allow static building with make

Set STATIC_BUILD=1 environment variable to enable static building
when using makefiles.

Signed-off-by: Tero Tervala <tero.tervala@unikie.com>
Message-Id: <20220629163531.932281-1-tero.tervala@unikie.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agolibfdt: Handle failed get_name() on BEGIN_NODE
Pierre-Clément Tosi [Thu, 14 Jul 2022 08:38:48 +0000 (09:38 +0100)] 
libfdt: Handle failed get_name() on BEGIN_NODE

Validate the return value of fdt_get_name() as an ill-formed DT, causing
it to fail, could result in fdt_check_full() dereferencing NULL.

fixes: a2def5479950 ("libfdt: Check that the root-node name is empty")
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Message-Id: <20220714083848.958492-1-ptosi@google.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoFix test script to run also on dash shell
Tero Tervala [Mon, 4 Jul 2022 07:37:22 +0000 (10:37 +0300)] 
Fix test script to run also on dash shell

/bin/sh points to dash instead of bash in some linux distros.
One test would fail if dash was used, this fix will allow all tests
to run properly on dash too.

dash built-in printf does not support "\xNN" -hex escape format.
"\NNN" -octal escape format is supported by both bash and dash printf.

Replaced "$(echo "$expect")" because this actually runs /bin/echo
instead of shell internal echo and in some cases causes "\NNN" escapes
to be printed as the actual characters they represent instead of the
escape sequence itself.

Cosmetic quotes added to make printout a bit clearer.

Signed-off-by: Tero Tervala <tero.tervala@unikie.com>
Message-Id: <20220704073722.1075849-1-tero.tervala@unikie.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
7 months agoAdd missing relref_merge test to meson test list
Tero Tervala [Wed, 29 Jun 2022 16:31:14 +0000 (19:31 +0300)] 
Add missing relref_merge test to meson test list

Will remove one "Strange test result" when running tests with

Signed-off-by: Tero Tervala <tero.tervala@unikie.com>
Message-Id: <20220629163114.932175-1-tero.tervala@unikie.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
9 months agopylibfdt: add FdtRo.get_path()
Luca Weiss [Tue, 19 Apr 2022 19:45:38 +0000 (21:45 +0200)] 
pylibfdt: add FdtRo.get_path()

Add a new Python method wrapping fdt_get_path() from the C API.

Also add a test for the new method.

Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Message-Id: <20220419194537.63170-1-luca@z3ntu.xyz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
11 months agopylibfdt: fix swig build in install
Rob Herring [Thu, 3 Feb 2022 18:04:07 +0000 (12:04 -0600)] 
pylibfdt: fix swig build in install

A 'pip install' is silently broken unless the tree is dirty and contains
pylibfdt/libfdt.py. The problem is a known issue[1] with SWIG and
setuptools where the 'build_py' stage needing module.py runs before
the 'build_ext' stage which generates it. The work-around is to override
'build_py' to run 'build_ext' first.

[1] https://stackoverflow.com/questions/50239473/building-a-module-with-setuptools-and-swig

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20220203180408.611645-2-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
12 months agotests: add test cases for label-relative path references
Ahmad Fatoum [Sun, 25 Oct 2020 09:41:41 +0000 (10:41 +0100)] 
tests: add test cases for label-relative path references

Newly added &{label/path} feature doesn't yet have any tests. Add some.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
12 months agodtc: introduce label relative path references
Ahmad Fatoum [Sun, 25 Oct 2020 11:39:59 +0000 (12:39 +0100)] 
dtc: introduce label relative path references

Reference via label allows extending nodes with compile-time checking of
whether the node being extended exists. This is useful to catch
renamed/removed nodes after an update of the device trees to be extended.

In absence of labels in the original device trees, new style path
references can be used:

  /* upstream device tree */
  / {
leds: some-non-standard-led-controller-name {
led-0 {
default-state = "off";

  /* downstream device tree */
  &{/some-non-standard-led-controller-name/led-0} {
default-state = "on";

This is a common theme within the barebox bootloader[0], which extends the
upstream (Linux) device trees in that manner. The downside is that,
especially for deep nodes, these references can get quite long and tend to
break often due to upstream rework (e.g. rename to adhere to bindings).

Often there is a label a level or two higher that could be used. This
patch allows combining both a label and a new style path reference to
get a compile-time-checked reference, which allows rewriting the
previous downstream device tree snippet to:

  &{leds/led-0} {
default-state = "on";

This won't be broken when /some-non-standard-led-controller-name is
renamed or moved while keeping the label. And if led-0 is renamed, we
will get the expected compile-time error.

Overlay support is skipped for now as they require special support: The
label and relative path parts need to be resolved at overlay apply-time,
not at compile-time.

[0]: https://www.barebox.org/doc/latest/devicetree/index.html

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
12 months agoutil: introduce xstrndup helper
Ahmad Fatoum [Sun, 25 Oct 2020 09:41:18 +0000 (10:41 +0100)] 
util: introduce xstrndup helper

We already have xstrdup, add xstrndup as well to make it
straight-forward to clone part of a string.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
12 months agosetup.py: fix out of tree build
Marc-André Lureau [Mon, 3 Jan 2022 07:38:55 +0000 (11:38 +0400)] 
setup.py: fix out of tree build

Fixes: commit 1cc41b1c9 ("pylibfdt: Add packaging metadata")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220103073855.1468799-3-marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agoHandle integer overflow in check_property_phandle_args()
David Gibson [Wed, 29 Dec 2021 04:08:28 +0000 (15:08 +1100)] 
Handle integer overflow in check_property_phandle_args()

If the corresponding '#xxx-cells' value is much too large, an integer
overflow can prevent the checks in check_property_phandle_args() from
correctly determining that the checked property is too short for the
given cells value.  This leads to an infinite loops.

This patch fixes the bug, and adds a testcase for it.  Further
information in https://github.com/dgibson/dtc/issues/64

Reported-by: Anciety <anciety@pku.edu.cn>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agoREADME: Explain how to add a new API function
Simon Glass [Sun, 7 Nov 2021 22:43:43 +0000 (15:43 -0700)] 
README: Explain how to add a new API function

This is not obvious so add a little note about it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Message-Id: <20211107224346.3181320-2-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agoFix a UB when fdt_get_string return null
LoveSy [Wed, 15 Dec 2021 09:30:11 +0000 (17:30 +0800)] 
Fix a UB when fdt_get_string return null

When fdt_get_string return null, `namep` is not correctly reset.
From the document of `fdt_getprop_by_offset`, the parameter `namep` will
be always overwritten (that is, it will be overwritten without exception
of error occurance).

As for the caller (like
the code may be like:
size_t size;
const char *name;
auto *value = fdt_getprop_by_offset(fdt, prop, &name, &size);
and if `value == nullptr`, `size` is also be overwritten correctly but
`name` is not, which is quite inconsistent.

This commit makes sure `name` and `size` behavior consistently (reset to
reasonable value) when error occurs.

Signed-off-by: LoveSy <shana@zju.edu.cn>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agotests: setprop_inplace: use xstrdup instead of unchecked strdup
Ahmad Fatoum [Thu, 9 Dec 2021 08:58:00 +0000 (09:58 +0100)] 
tests: setprop_inplace: use xstrdup instead of unchecked strdup

This is the only strdup instance we have, all others are xstrdup. As
strdup is _POSIX_C_SOURCE >= v200809L, which we don't require and we
don't check strdup error return here, switch to xstrdup instead. This
aligns the test with others that call xfuncs, mainly xmalloc().

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agopylibfdt: add Property.as_*int*_array()
Luca Weiss [Sat, 25 Dec 2021 13:25:56 +0000 (14:25 +0100)] 
pylibfdt: add Property.as_*int*_array()

Add new methods to handle decoding of int32, uint32, int64 and uint64

Also add tests for the new methods.

Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Message-Id: <20211225132558.167123-3-luca@z3ntu.xyz>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agopylibfdt: add Property.as_stringlist()
Luca Weiss [Sat, 25 Dec 2021 13:25:55 +0000 (14:25 +0100)] 
pylibfdt: add Property.as_stringlist()

Add a new method for decoding a string list property, useful for e.g.
the "reg-names" property.

Also add a test for the new method.

Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Message-Id: <20211225132558.167123-2-luca@z3ntu.xyz>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agoFix Python crash on getprop deallocation
Luca Weiss [Fri, 24 Dec 2021 10:28:12 +0000 (11:28 +0100)] 
Fix Python crash on getprop deallocation

Fatal Python error: none_dealloc: deallocating None
Python runtime state: finalizing (tstate=0x000055c9bac70920)

Current thread 0x00007fbe34e47740 (most recent call first):
  <no Python frame>
Aborted (core dumped)

This is caused by a missing Py_INCREF on the returned Py_None, as
demonstrated e.g. in https://github.com/mythosil/swig-python-incref or
described at https://edcjones.tripod.com/refcount.html ("Remember to
INCREF Py_None!")

A PoC for triggering this crash is uploaded to
https://github.com/z3ntu/pylibfdt-crash .
With this patch applied to pylibfdt the crash does not happen.

Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Message-Id: <20211224102811.70695-1-luca@z3ntu.xyz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 months agoSupport 'r' format for printing raw bytes with fdtget
Rafał Miłecki [Thu, 9 Dec 2021 06:14:20 +0000 (07:14 +0100)] 
Support 'r' format for printing raw bytes with fdtget

FT is sometimes used for storing raw data. That is quite common for
U-Boot FIT images.

Extracting such data is not trivial currently. Using type 's' (string)
will replace every 0x00 (NUL) with 0x20 (space). Using type 'x' will
print bytes but in xxd incompatible format.

This commit adds support for 'r' (raw) format. Example usage:
fdtget -t r firmware.itb /images/foo data > image.raw

Support for encoding isn't added as there isn't any clean way of passing
binary data as command line argument.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Message-Id: <20211209061420.29466-1-zajec5@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agolibfdt: overlay: make overlay_get_target() public
Vikram Garhwal [Thu, 18 Nov 2021 02:53:56 +0000 (18:53 -0800)] 
libfdt: overlay: make overlay_get_target() public

This is done to get the target path for the overlay nodes which is very useful
in many cases. For example, Xen hypervisor needs it when applying overlays
because Xen needs to do further processing of the overlay nodes, e.g. mapping of
resources(IRQs and IOMMUs) to other VMs, creation of SMMU pagetables, etc.

Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Message-Id: <1637204036-382159-2-git-send-email-fnu.vikram@xilinx.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agolibfdt: fix an incorrect integer promotion
Elvira Khabirova [Tue, 9 Nov 2021 15:47:19 +0000 (18:47 +0300)] 
libfdt: fix an incorrect integer promotion

UINT32_MAX is an integer of type unsigned int. UINT32_MAX + 1 overflows
unless explicitly computed as unsigned long long. This led to some
invalid addresses being treated as valid.

Cast UINT32_MAX to uint64_t explicitly.

Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
14 months agopylibfdt: Add packaging metadata
Rob Herring [Fri, 12 Nov 2021 04:16:29 +0000 (22:16 -0600)] 
pylibfdt: Add packaging metadata

PyPI expects to have various package metadata including long
description, license, and classifiers. Add them.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211112041633.741598-3-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agoREADME: Update pylibfdt install instructions
Rob Herring [Fri, 12 Nov 2021 04:16:28 +0000 (22:16 -0600)] 
README: Update pylibfdt install instructions

Now that pip is supported for installs, update the install instructions to
use it. Using pip over setup.py is generally recommended and simpler.

Also, drop 'SETUP_PREFIX' as it doesn't exist anywhere.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211112041633.741598-2-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agopylibfdt: fix with Python 3.10
Ross Burton [Thu, 11 Nov 2021 16:05:36 +0000 (16:05 +0000)] 
pylibfdt: fix with Python 3.10

Since Python 2.5 the argument parsing functions when parsing expressions
such as s# (string plus length) expect the length to be an int or a
ssize_t, depending on whether PY_SSIZE_T_CLEAN is defined or not.

Python 3.8 deprecated the use of int, and with Python 3.10 this symbol
must be defined and ssize_t used[1].

Define the magic symbol when building the extension, and cast the ints
from the libfdt API to ssize_t as appropriate.

[1] https://docs.python.org/3.10/whatsnew/3.10.html#id2

Signed-off-by: Ross Burton <ross.burton@arm.com>
Message-Id: <20211111160536.2516573-1-ross.burton@arm.com>
[dwg: Adjust for new location of setup.py]
Tested-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agopylibfdt: Move setup.py to the top level
Rob Herring [Thu, 11 Nov 2021 01:11:35 +0000 (19:11 -0600)] 
pylibfdt: Move setup.py to the top level

Using 'pip' and several setup.py sub-commands currently don't work with
pylibfdt. The primary reason is Python packaging has opinions on the
directory structure of repositories and one of those appears to be the
inability to reference source files outside of setup.py's subtree. This
means a sdist cannot be created with all necessary source components
(i.e. libfdt headers). Moving setup.py to the top-level solves these

With this change. the following commands now work:

Creating packages for pypi.org:
./setup.py sdist bdist_wheel

Using pip for installs:
pip install .
pip install git+http://github.com/robherring/dtc.git@pypi-v2

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211111011135.2386773-5-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agopylibfdt: Split setup.py author name and email
Rob Herring [Thu, 11 Nov 2021 01:11:34 +0000 (19:11 -0600)] 
pylibfdt: Split setup.py author name and email

The 'author' field in setup.py is supposed to be just the name. The
email address goes in 'author_email' field.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211111011135.2386773-4-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agopylibfdt: Use setuptools_scm for the version
Rob Herring [Thu, 11 Nov 2021 01:11:33 +0000 (19:11 -0600)] 
pylibfdt: Use setuptools_scm for the version

The DTC version in version_gen.h causes a warning with setuptools:

setuptools/dist.py:501: UserWarning: The version specified ('1.6.1-g5454474d') \
is an invalid version, this may not work as expected with newer versions of \
setuptools, pip, and PyPI. Please see PEP 440 for more details.

It also creates an unnecessary dependency on the rest of the build
system(s). Switch to use setuptools_scm instead to get the version for

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211111011135.2386773-3-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agopylibfdt: Use setuptools instead of distutils
Rob Herring [Thu, 11 Nov 2021 01:11:32 +0000 (19:11 -0600)] 
pylibfdt: Use setuptools instead of distutils

The use of setuptools is favored over distutils. setuptools is needed to
support building Python 'wheels' and for pip support.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211111011135.2386773-2-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
14 months agolibfdt: Add static lib to meson build
Rob Herring [Thu, 11 Nov 2021 00:33:29 +0000 (18:33 -0600)] 
libfdt: Add static lib to meson build

The meson build is not building the static libfdt, so add it.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211111003329.2347536-1-robh@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
15 months agoCI: Cirrus: bump used FreeBSD from 12.1 to 13.0
Ahmad Fatoum [Sun, 31 Oct 2021 13:09:31 +0000 (14:09 +0100)] 
CI: Cirrus: bump used FreeBSD from 12.1 to 13.0

CI freebsd_12 job currently fails to build PRs, because of:
ld-elf.so.1: /usr/local/bin/bison: Undefined symbol "fread_unlocked@FBSD_1.6"

According to FreeBSD issue tracker[1], the proper solution is to upgrade to a
supported release, so do that for our CI.

[1]: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253452

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
15 months agochecks: Add an interrupt-map check
Rob Herring [Fri, 15 Oct 2021 21:35:26 +0000 (16:35 -0500)] 
checks: Add an interrupt-map check

Add a check for parsing 'interrupt-map' properties. The check primarily
tests parsing 'interrupt-map' properties which depends on and the parent
interrupt controller (or another map) node.

Note that this does not require '#address-cells' in the interrupt-map
parent, but treats missing '#address-cells' as 0 which is how the Linux
kernel parses it. There's numerous cases that expect this behavior.

Cc: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211015213527.2237774-1-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
15 months agochecks: Ensure '#interrupt-cells' only exists in interrupt providers
Rob Herring [Mon, 11 Oct 2021 19:12:44 +0000 (14:12 -0500)] 
checks: Ensure '#interrupt-cells' only exists in interrupt providers

The interrupt provider check currently checks if an interrupt provider
has #interrupt-cells, but not whether #interrupt-cells is present
outside of interrupt-providers. Rework the check to cover the latter

Cc: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211011191245.1009682-4-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
15 months agochecks: Drop interrupt provider '#address-cells' check
Rob Herring [Mon, 11 Oct 2021 19:12:43 +0000 (14:12 -0500)] 
checks: Drop interrupt provider '#address-cells' check

'#address-cells' is only needed when parsing 'interrupt-map' properties, so
remove it from the common interrupt-provider test.

Cc: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211011191245.1009682-3-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
15 months agochecks: Make interrupt_provider check dependent on interrupts_extended_is_cell
Rob Herring [Mon, 11 Oct 2021 19:12:41 +0000 (14:12 -0500)] 
checks: Make interrupt_provider check dependent on interrupts_extended_is_cell

If '#interrupt-cells' doesn't pass checks, no reason to run interrupt
provider check.

Cc: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20211011191245.1009682-1-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
15 months agotreesource: Maintain phandle label/path on output
Rob Herring [Tue, 27 Jul 2021 18:30:23 +0000 (12:30 -0600)] 
treesource: Maintain phandle label/path on output

The dts output will just output phandle integer values, but often the
necessary markers are present with path or label references. Improve the
output and maintain phandle label or path references when present in dts

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20210727183023.3212077-6-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
16 months agoflattree: Use '\n', not ';' to separate asm pseudo-ops
David Gibson [Fri, 24 Sep 2021 13:39:56 +0000 (23:39 +1000)] 
flattree: Use '\n', not ';' to separate asm pseudo-ops

The output of -Oasm is peculiar for assembler in that we want its output
to be portable across targets (it consists entirely of pseudo-ops and
labels, no actual instructions).

It turns out that while ';' is a valid instruction/pseudo-op separator
on most targets, it's not correct for all of them - e.g. HP PA-RISC.  So,
switch to using an actual \n instead.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
16 months agoasm: Use assembler macros instead of cpp macros
David Gibson [Fri, 24 Sep 2021 11:14:34 +0000 (21:14 +1000)] 
asm: Use assembler macros instead of cpp macros

tests/trees.S is a weird thing: a portable aseembler file, used to produce
a specific binary output.  Currently it uses CPP macros quite heavily to
construct the dtbs we want (including some partial and broken trees).

Using cpp has the side effect that we need to use ; separators between
instructions (or, rather, pseudo-ops), because cpp won't expand newlines.
However, it turns out that while ; is a suitable separator on most
targets, it doesn't work for all of them (e.g. HP PA-RISC).

Switch to using the assembler's inbuilt macros rather than CPP, so that we
can use genuine newlines.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
16 months agoasm: Use .asciz and .ascii instead of .string
Rob Herring [Tue, 27 Jul 2021 18:30:19 +0000 (12:30 -0600)] 
asm: Use .asciz and .ascii instead of .string

We use the .string pseudo-op both in some of our test assembly files
and in our -Oasm output.  We expect this to emit a \0 terminated
string into the .o file.  However for certain targets (e.g. HP
PA-RISC) it doesn't include the \0.  Use .asciz instead, which
explicitly does what we want.

There's also one place we can use .ascii (which explicitly emits a
string *without* \0 termination) instead of multiple .byte directives.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
17 months agofdtdump: fix -Werror=int-to-pointer-cast
Marc-André Lureau [Wed, 25 Aug 2021 12:13:50 +0000 (16:13 +0400)] 
fdtdump: fix -Werror=int-to-pointer-cast

With mingw64-gcc, the compiler complains with various warnings:
error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210825121350.213551-1-marcandre.lureau@redhat.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
18 months agolibfdt: Add ALIGNMENT error string
Georg Kotheimer [Sat, 31 Jul 2021 11:48:42 +0000 (13:48 +0200)] 
libfdt: Add ALIGNMENT error string

The ALIGNMENT error was missing a string, leading to <unknown error>
being returned.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agochecks: Fix bus-range check
Thierry Reding [Tue, 29 Jun 2021 11:43:04 +0000 (13:43 +0200)] 
checks: Fix bus-range check

The upper limit of the bus-range is specified by the second cell of the
bus-range property.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Message-Id: <20210629114304.2451114-1-thierry.reding@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agoMakefile: add -Wsign-compare to warning options
Andre Przywara [Fri, 18 Jun 2021 17:20:30 +0000 (18:20 +0100)] 
Makefile: add -Wsign-compare to warning options

Now that all signedness comparison warnings in the source tree have been
fixed, let's enable the warning option, to avoid them creeping in again.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210618172030.9684-6-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agochecks: Fix signedness comparisons warnings
Andre Przywara [Fri, 18 Jun 2021 17:20:29 +0000 (18:20 +0100)] 
checks: Fix signedness comparisons warnings

With -Wsign-compare, compilers warn about a mismatching signedness in
comparisons in various parts in checks.c.

Fix those by making all affected variables unsigned. This covers return
values of the (unsigned) size_t type, phandles, variables holding sizes
in general and loop counters only ever counting positives values.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210618172030.9684-5-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agodtc: Wrap phandle validity check
Andre Przywara [Fri, 18 Jun 2021 17:20:28 +0000 (18:20 +0100)] 
dtc: Wrap phandle validity check

In several places we check for a returned phandle value to be valid,
for that it must not be 0 or "-1".

Wrap this check in a static inline function in dtc.h, and use ~0U instead
of -1 on the way, to keep everything in the unsigned realm.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210618172030.9684-4-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agofdtget: Fix signedness comparisons warnings
Andre Przywara [Fri, 18 Jun 2021 17:20:27 +0000 (18:20 +0100)] 
fdtget: Fix signedness comparisons warnings

With -Wsign-compare, compilers warn about a mismatching signedness in
the different legs of the conditional operator, in fdtget.c.

In the questionable expression, we are constructing a 16-bit value out of
two unsigned 8-bit values, however are relying on the compiler's
automatic expansion of the uint8_t to a larger type, to survive the left
shift. This larger type happens to be an "int", so this part of the
expression becomes signed.

Fix this by explicitly blowing up the uint8_t to a larger *unsigned* type,
before doing the left shift. And while we are at it, convert the hardly
readable conditional operator usage into a sane switch/case expression.

This fixes "make fdtget", when compiled with -Wsign-compare.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210618172030.9684-3-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agotests: Fix signedness comparisons warnings
Andre Przywara [Fri, 18 Jun 2021 17:20:26 +0000 (18:20 +0100)] 
tests: Fix signedness comparisons warnings

With -Wsign-compare, compilers warn about a mismatching signedness in
comparisons in various files in the tests/ directory.

For about half of the cases we can simply change the signed variable to
be of an unsigned type, because they will never need to store negative
values (which is the best fix of the problem).

In the remaining cases we can cast the signed variable to an unsigned
type, provided we know for sure it is not negative.
We see two different scenarios here:
- We either just explicitly checked for this variable to be positive
  (if (rc < 0) FAIL();), or
- We rely on a function returning only positive values in the "length"
  pointer if the function returned successfully: which we just checked.

At two occassions we compare with a constant "-1" (even though the
variable is unsigned), so we just change this to ~0U to create an
unsigned comparison value.

Since this is about the tests, let's also add explicit tests for those
values really not being negative.

This fixes "make tests" (but not "make check" yet), when compiled
with -Wsign-compare.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210618172030.9684-2-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agodtc: Fix signedness comparisons warnings: pointer diff
Andre Przywara [Fri, 11 Jun 2021 17:10:38 +0000 (18:10 +0100)] 
dtc: Fix signedness comparisons warnings: pointer diff

With -Wsign-compare, compilers warn about a mismatching signedness
in comparisons in the function get_node_by_path().

Taking the difference between two pointers results in a signed ptrdiff_t
type, which mismatches the unsigned type returned by strlen().
Since "p" has been returned by a call to strchr() with "path" as its
argument, we know for sure that it's bigger than "path", so the
difference must be positive. So a cast to an unsigned type is valid.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210611171040.25524-7-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agodtc: Fix signedness comparisons warnings: reservednum
Andre Przywara [Fri, 11 Jun 2021 17:10:37 +0000 (18:10 +0100)] 
dtc: Fix signedness comparisons warnings: reservednum

With -Wsign-compare, compilers warn about a mismatching signedness
in comparisons in code using the "reservednum" variable.

There is obviously little sense in having a negative number of reserved
memory entries, so let's make this variable and all its users unsigned.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210611171040.25524-6-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agofdtdump: Fix signedness comparisons warnings
Andre Przywara [Fri, 11 Jun 2021 17:10:34 +0000 (18:10 +0100)] 
fdtdump: Fix signedness comparisons warnings

With -Wsign-compare, compilers warn about a mismatching signedness in
comparisons in fdtdump.c.

The "len" parameter to valid_header() refers to a memory size, not a
file offset, so the (unsigned) size_t is better fit, and fixes the
warning nicely.

In the main function we compare the difference between two pointers,
which produces a signed ptrdiff_t type. However the while loop above the
comparison makes sure that "p" always points before "endp" (by virtue of
the limit in the memchr() call). This means "endp - p" is never
negative, so we can safely cast this expression to an unsigned type.

This fixes "make fdtdump", when compiled with -Wsign-compare.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210611171040.25524-3-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agoBump version to v1.6.1 v1.6.1
David Gibson [Tue, 8 Jun 2021 07:00:49 +0000 (17:00 +1000)] 
Bump version to v1.6.1

A number of fixes have accumulated, so rolling up another release.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agoFix CID 1461557
David Gibson [Tue, 8 Jun 2021 05:28:55 +0000 (15:28 +1000)] 
Fix CID 1461557

Coverity gets a bit confused by loading fdt_size_dt_strings() and
using it in a memmove().  In fact this is safe because the callers
have verified this information (via FDT_RW_PROBE() in fdt_pack() or
construction in fdt_open_into()).

Passing in strings_size like we already do struct_size seems to get
Coverity to follow what's going on here.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agochecks: Introduce is_multiple_of()
David Gibson [Tue, 8 Jun 2021 05:17:11 +0000 (15:17 +1000)] 
checks: Introduce is_multiple_of()

In a number of places we check if one number is a multiple of another,
using a modulus.  In some of those cases the divisor is potentially zero,
which needs special handling or we could trigger a divide by zero.

Introduce an is_multiple_of() helper to safely handle this case, and use
it in a bunch of places.  This should close Coverity issue 1501687, maybe
others as well.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agoMake handling of cpp line information more tolerant
David Gibson [Tue, 8 Jun 2021 04:15:25 +0000 (14:15 +1000)] 
Make handling of cpp line information more tolerant

At least some cpp implementations, in at least some circumstances place
multiple numbers after the file name when they put line number information
into the output.  We don't really care what the content of these is, but
we want the dtc lexer not to choke on this, so adjust the rule for handling
cpp line number information accordingly.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agochecks: Drop interrupt_cells_is_cell check
Rob Herring [Wed, 26 May 2021 01:03:33 +0000 (20:03 -0500)] 
checks: Drop interrupt_cells_is_cell check

With the prior commit, this check is now redundant.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20210526010335.860787-4-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agochecks: Add check_is_cell() for all phandle+arg properties
Rob Herring [Wed, 26 May 2021 01:03:32 +0000 (20:03 -0500)] 
checks: Add check_is_cell() for all phandle+arg properties

There's already a check for '#.*-cells' properties, so let's enable it for
all the ones we already know about.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20210526010335.860787-3-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
19 months agoyamltree: Remove marker ordering dependency
Rob Herring [Wed, 26 May 2021 01:03:31 +0000 (20:03 -0500)] 
yamltree: Remove marker ordering dependency

The check for phandle markers is fragile because the phandle marker must
be after a type marker. The only guarantee for markers is they are in
offset order. The order at a specific offset is undefined.

Rework yaml_propval_int() to get the full marker list, so it can find a
phandle marker no matter the ordering.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20210526010335.860787-2-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
20 months agopylibfdt: Rework "avoid unused variable warning" lines
Tom Rini [Mon, 24 May 2021 15:49:10 +0000 (11:49 -0400)] 
pylibfdt: Rework "avoid unused variable warning" lines

Clang has -Wself-assign enabled by default under -Wall and so when
building with -Werror we would get an error here.  Inspired by Linux
kernel git commit a21151b9d81a ("tools/build: tweak unused value
workaround") make use of the fact that both Clang and GCC support
casting to `void` as the method to note that something is intentionally

Signed-off-by: Tom Rini <trini@konsulko.com>
Message-Id: <20210524154910.30523-1-trini@konsulko.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
20 months agotests: add a positive gpio test case
Ilya Lipnitskiy [Tue, 4 May 2021 03:59:44 +0000 (20:59 -0700)] 
tests: add a positive gpio test case

Ensure that properly named properties don't trigger warnings

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Message-Id: <20210504035944.8453-5-ilya.lipnitskiy@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
20 months agochecks: replace strstr and strrchr with strends
Ilya Lipnitskiy [Tue, 4 May 2021 03:59:43 +0000 (20:59 -0700)] 
checks: replace strstr and strrchr with strends

Makes the logic more clear

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Message-Id: <20210504035944.8453-4-ilya.lipnitskiy@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
20 months agodtc.h: add strends for suffix matching
Ilya Lipnitskiy [Tue, 4 May 2021 03:59:42 +0000 (20:59 -0700)] 
dtc.h: add strends for suffix matching

Logic is similar to strcmp_suffix in <kernel>/drivers/of/property.c with
the exception that strends allows string length to equal suffix length.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Message-Id: <20210504035944.8453-3-ilya.lipnitskiy@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
20 months agochecks: tigthen up nr-gpios prop exception
Ilya Lipnitskiy [Tue, 4 May 2021 03:59:41 +0000 (20:59 -0700)] 
checks: tigthen up nr-gpios prop exception

There are no instances of nr-gpio in the Linux kernel tree, only
"[<vendor>,]nr-gpios", so make the check stricter.

nr-gpios without a "vendor," prefix is also invalid, according to the DT
spec[0], and there are no DT files in the Linux kernel tree with
non-vendor nr-gpios. There are some drivers, but they are not DT spec
compliant, so don't suppress the check for them.

Link: https://github.com/devicetree-org/dt-schema/blob/cb53a16a1eb3e2169ce170c071e47940845ec26e/schemas/gpio/gpio-consumer.yaml#L20
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: Rob Herring <robh+dt@kernel.org>
Message-Id: <20210504035944.8453-2-ilya.lipnitskiy@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
21 months agolibfdt: Add FDT alignment check to fdt_check_header()
Rob Herring [Tue, 6 Apr 2021 19:07:12 +0000 (14:07 -0500)] 
libfdt: Add FDT alignment check to fdt_check_header()

Only checking the FDT alignment in fdt_ro_probe_() means that
fdt_check_header() can pass, but then subsequent API calls fail on
alignment checks. Let's add an alignment check to fdt_check_header() so
alignment errors are found up front.

Cc: Tom Rini <trini@konsulko.com>
Cc: Frank Rowand <frowand.list@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20210406190712.2118098-1-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
22 months agolibfdt: Check that the root-node name is empty
Simon Glass [Tue, 23 Mar 2021 01:04:10 +0000 (14:04 +1300)] 
libfdt: Check that the root-node name is empty

The root node is supposed to have an empty name, but at present this is
not checked. The behaviour of such a tree is not well defined. Most
software rightly assumes that the root node is at offset 0 and does not
check the name. This oddity was discovered as part of a security
investigation into U-Boot verified boot.

Add a check for this to fdt_check_full().

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Message-Id: <20210323010410.3222701-2-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
22 months agolibfdt: Check that there is only one root node
Simon Glass [Tue, 23 Mar 2021 00:09:25 +0000 (13:09 +1300)] 
libfdt: Check that there is only one root node

At present it is possible to have two root nodes and even access nodes
in the 'second' root. Such trees should not be considered valid. This
was discovered as part of a security investigation into U-Boot verified

Add a check for this to fdt_check_full().

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Message-Id: <20210323000926.3210733-1-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
22 months agodtc: Remove -O dtbo support
Masahiro Yamada [Thu, 11 Mar 2021 09:49:55 +0000 (18:49 +0900)] 
dtc: Remove -O dtbo support

This partially reverts 163f0469bf2e ("dtc: Allow overlays to have
.dtbo extension").

I think accepting "dtbo" as --out-format is strange. This is not
shown by --help, at least.

*.dtb and *.dtbo should have the same format, "dtb".

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Message-Id: <20210311094956.924310-1-masahiroy@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
22 months agolibfdt: Fix a possible "unchecked return value" warning
David Gibson [Tue, 9 Mar 2021 03:49:35 +0000 (14:49 +1100)] 
libfdt: Fix a possible "unchecked return value" warning

Apparently the unchecked return value of the first fdt_next_tag() call in
fdt_add_subnode_namelen() is tripping Coverity Scan in some circumstances,
although it appears not to for the scan on our project itself.

This fdt_next_tag() should always return FDT_BEGIN_NODE, since otherwise
the fdt_subnode_offset_namelen() above would have returned BADOFFSET or

Still, add a check to shut Coverity up, gated by a can_assume() to avoid
bloat in small builds.

Reported-by: Ryan Long <ryan.long@oarcorp.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agochecks: Warn on node-name and property name being the same
Kumar Gala [Wed, 10 Feb 2021 19:39:12 +0000 (13:39 -0600)] 
checks: Warn on node-name and property name being the same

Treat a node-name and property name at the same level of tree as
a warning

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Message-Id: <20210210193912.799544-1-kumar.gala@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agochecks: Change node-name check to match devicetree spec
Kumar Gala [Tue, 9 Feb 2021 18:46:41 +0000 (12:46 -0600)] 
checks: Change node-name check to match devicetree spec

The devicetree spec limits the valid character set to:

while property can additionally have '?#'.  Change the check to match
the spec.

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Message-Id: <20210209184641.63052-1-kumar.gala@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agoutil: limit gnu_printf format attribute to gcc >= 4.4.0
Jonathan Gray [Sat, 6 Feb 2021 10:01:10 +0000 (21:01 +1100)] 
util: limit gnu_printf format attribute to gcc >= 4.4.0

The gnu_printf format attribute was introduced in gcc 4.4.0

Use the printf format attribute on earlier versions of gcc and clang
(which claims to be gcc 4.2.1 in builtin defines) to fix the build with
gcc 4.2.1.

Fixes: 588a29f ("util: use gnu_printf format attribute")
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
Message-Id: <20210206100110.75228-1-jsg@jsg.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agogitignore: Ignore the swp files
Viresh Kumar [Wed, 3 Feb 2021 09:56:36 +0000 (15:26 +0530)] 
gitignore: Ignore the swp files

Ignore the temporary .*.swp files.

Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Message-Id: <15496f8669ac2bb3b4b61a1a7c978947623cb7c3.1612346186.git.viresh.kumar@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agogitignore: Add cscope files
Viresh Kumar [Wed, 3 Feb 2021 07:44:22 +0000 (13:14 +0530)] 
gitignore: Add cscope files

Add cscope files in gitignore.

Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Message-Id: <3c39a6324ef2be64f839e6e6205f4afc63486216.1612338199.git.viresh.kumar@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agoUpdate Jon Loeliger's email
David Gibson [Thu, 28 Jan 2021 00:24:20 +0000 (11:24 +1100)] 
Update Jon Loeliger's email

At Jon's request update to a more current address.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agofdtdump: Fix gcc11 warning
David Gibson [Wed, 6 Jan 2021 03:52:26 +0000 (14:52 +1100)] 
fdtdump: Fix gcc11 warning

In one place, fdtdump abuses fdt_set_magic(), passing it just a small char
array instead of the full fdt header it expects.  That's relying on the
fact that in fact fdt_set_magic() will only actually access the first 4
bytes of the buffer.

This trips a new warning in GCC 11 - and it's entirely possible it was
always UB.  So, don't do that.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agosrcpos: increase MAX_SRCFILE_DEPTH
Ignacy Kuchciński [Tue, 12 Jan 2021 23:13:23 +0000 (00:13 +0100)] 
srcpos: increase MAX_SRCFILE_DEPTH

Some kernels require the MAX_SRCFILE_DEPTH to be bigger than 100, and
since it's just a sanity check to detect infinite recursion it shouldn't
hurt increasing it to 200.

Signed-off-by: Ignacy Kuchciński <ignacykuchcinski@gmail.com>
Message-Id: <CAJq_QG0BHBQYT4RnVi0QSxM_vFK2K-5k1eTpJnwZQtWbKnCBJA@mail.gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agodtc: Allow overlays to have .dtbo extension
Viresh Kumar [Wed, 6 Jan 2021 09:56:08 +0000 (15:26 +0530)] 
dtc: Allow overlays to have .dtbo extension

Allow the overlays to have .dtbo extension instead of just .dtb. This
allows them to be identified easily by tools as well as humans.

Allow the dtbo outform in dtc.c for the same.

Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Message-Id: <30fd0e5f2156665c713cf191c5fea9a5548360c0.1609926856.git.viresh.kumar@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agoSet last_comp_version correctly in new dtb and fix potential version issues in fdt_op...
Justin Covell [Tue, 29 Dec 2020 04:17:49 +0000 (20:17 -0800)] 
Set last_comp_version correctly in new dtb and fix potential version issues in fdt_open_into

Changes in v3:
- Remove noop version sets
- Set version correctly on loaded fdt in fdt_open_into

Fixes: f1879e1a50eb ("Add limited read-only support for older (V2 and V3) device tree to libfdt.")

Signed-off-by: Justin Covell <jujugoboom@gmail.com>
Message-Id: <20201229041749.2187-1-jujugoboom@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agotests: Fix overlay_overlay_nosugar test case
Paul Barker [Sat, 19 Dec 2020 14:35:21 +0000 (14:35 +0000)] 
tests: Fix overlay_overlay_nosugar test case

This test was accidentally skipped as the wrong test dts file was built.
The fragment numbering in this sugar-free test case needed adjusting to
match the numbering generated by dtc for overlay_overlay.dts.

Signed-off-by: Paul Barker <pbarker@konsulko.com>
Message-Id: <20201219143521.2118-1-pbarker@konsulko.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agolibfdt: Tweak description of assume-aligned load helpers
David Gibson [Wed, 16 Dec 2020 05:51:38 +0000 (16:51 +1100)] 
libfdt: Tweak description of assume-aligned load helpers

There's a small inaccuracy in the comment describing these new helpers.
This corrects it, and reformats while we're there.

Fixes: f98f28ab ("libfdt: Internally perform potentially unaligned loads")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agolibfdt: Internally perform potentially unaligned loads
Tom Rini [Fri, 11 Dec 2020 02:27:36 +0000 (21:27 -0500)] 
libfdt: Internally perform potentially unaligned loads

Commits 6dcb8ba4 "libfdt: Add helpers for accessing unaligned words"
introduced changes to support unaligned reads for ARM platforms and
11738cf01f15 "libfdt: Don't use memcpy to handle unaligned reads on ARM"
improved the performance of these helpers.

On further discussion, while there are potential cases where we could be
used on platforms that do not fixup unaligned reads for us, making this
choice the default is very expensive in terms of binary size and access
time.  To address this, introduce and use new fdt{32,64}_ld_ functions
that call fdt{32,64}_to_cpu() as was done prior to the above mentioned
commits.  Leave the existing load functions as unaligned-safe and
include comments in both cases.

Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Message-Id: <20201211022736.31657-1-trini@konsulko.com>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agomeson: increase default timeout for tests
Marc-André Lureau [Mon, 7 Dec 2020 13:00:53 +0000 (17:00 +0400)] 
meson: increase default timeout for tests

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201207130055.462734-4-marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agomeson: do not assume python is installed, skip tests
Marc-André Lureau [Mon, 7 Dec 2020 13:00:52 +0000 (17:00 +0400)] 
meson: do not assume python is installed, skip tests

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201207130055.462734-3-marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agomeson: fix -Wall warning
Marc-André Lureau [Mon, 7 Dec 2020 13:00:51 +0000 (17:00 +0400)] 
meson: fix -Wall warning

Meson already handles Wall via the built-in warning_level option.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201207130055.462734-2-marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agolibfdt: Check for 8-byte address alignment in fdt_ro_probe_()
Tom Rini [Wed, 4 Nov 2020 13:06:05 +0000 (08:06 -0500)] 
libfdt: Check for 8-byte address alignment in fdt_ro_probe_()

The device tree must be loaded in to memory at an 8-byte aligned
address.  Add a check for this condition in fdt_ro_probe_() and a new
error code to return if we are not.

Signed-off-by: Tom Rini <trini@konsulko.com>
Message-Id: <20201104130605.28874-1-trini@konsulko.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2 years agobuild-sys: add meson build
Marc-André Lureau [Mon, 12 Oct 2020 07:34:04 +0000 (11:34 +0400)] 
build-sys: add meson build

The meson build system allows projects to "vendor" dtc easily, thanks to
subproject(). QEMU has recently switched to meson, and adding meson
support to dtc will help to handle the QEMU submodule.

meson rules are arguably simpler to write and maintain than
the hand-crafted/custom Makefile. meson support various backends, and
default build options (including coverage, sanitizer, debug/release
etc, see: https://mesonbuild.com/Builtin-options.html)

Compare to the Makefiles, the same build targets should be built and
installed and the same tests should be run ("meson test" can be provided
extra test arguments for running the equivalent of checkm/checkv).

instead the version is simply set with project(), and vcs_tag() is
used for git/dirty version reporting (This is most common and is
hopefully enough. If necessary, configure-time options could be added
for extra versioning.).

libfdt shared library is build following regular naming conventions:
instead of libfdt.so.1 -> libfdt-1.6.0.so (with current build-sys),
libfdt.so.1 -> libfdt.so.1.6.0. I am not sure why the current build
system use an uncommon naming pattern. I also included a libfdt.pc
pkg-config file, as convenience.

Both Linux native build and mingw cross-build pass. CI pass. Tests are
only run on native build.

The current Makefiles are left in-tree, and make/check still work.
Eventually, the Makefiles could be marked as deprecated, to start a
transition period and avoid having to maintain 2 build systems in the
near future.

(run_tests.sh could eventually be replaced by the meson test runner,
which would have several advantages in term of flexibility/features,
but this is left for another day)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201012073405.1682782-3-marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>