Apply GCC's tainted_args attribute to library entrypoints

The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.

In the process, quite

Apply GCC's tainted_args attribute to library entrypoints

The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.

In the process, quite a number of APIs were discovered to be unsafe in
ways that were not immediately fixable. Often this is because they lack
arguments that enable the appropriate bounds-checking to be applied.

Redesigning them is work beyond the scope of the immediate
effort. Instead, we also introduce a new annotation,
LIBPLDM_ABI_DEPRECATED_UNSAFE, that simply lacks
`__attribute__((tainted_args))` and therefore doesn't trigger the extra
analysis.

Change-Id: Ib8994eaa3907a5432d040426ad03687cbf4c2136
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()

```
../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’:
../src/oem/ibm/platform.c:49:9: error:

oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()

```
../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’:
../src/oem/ibm/platform.c:49:9: error: use of attacker-controlled value ‘(long unsigned int)num_handles * 2’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
49 | memcpy(request->bios_attribute_handles, list_of_handles,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
50 | num_handles * sizeof(uint16_t));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ie329d651207936b4a4762efa7631c9ecb525cf74
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

oem: meta: Stabilise decode/encode file IO API

Stabilise decode_oem_meta_file_io_write_req() API
Stabilise decode_oem_meta_file_io_read_req() API
Stabilise encode_oem_meta_file_io_read_resp() API

S

oem: meta: Stabilise decode/encode file IO API

Stabilise decode_oem_meta_file_io_write_req() API
Stabilise decode_oem_meta_file_io_read_req() API
Stabilise encode_oem_meta_file_io_read_resp() API

See usage example at:
[1] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#59
[2] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#89
[3] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#143

Change-Id: I8bc38e4fad7ad18dc7ab5062fab14cdd11fe9aef
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...

oem: meta: Add encode_oem_meta_file_io_read_resp()

Add encode_oem_meta_file_io_read_resp function

This function is used to encode the message of reading file IO.
Assemble responses to read file IO

oem: meta: Add encode_oem_meta_file_io_read_resp()

Add encode_oem_meta_file_io_read_resp function

This function is used to encode the message of reading file IO.
Assemble responses to read file IO messages, but the response
content other than the completion code needs to be additionally
appended.

Change-Id: Ib030ac9f37fe73b66fb762dcf8b8297bce79836a
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...

oem: meta: Add decode_oem_meta_file_io_read_req()

Add decode_oem_meta_file_io_read_req function.

This function is used to decode the message of reading file IO.
Need to include read_option (read fi

oem: meta: Add decode_oem_meta_file_io_read_req()

Add decode_oem_meta_file_io_read_req function.

This function is used to decode the message of reading file IO.
Need to include read_option (read file attributes or data), length
(the length of the read data) and read_info (The information
needed to read the file).
Take reading file data as an example:
read_info needs to contain transferFlag, offset to know the
starting position and transfer progress of the read file.

Change-Id: I425476d36e3cd69d2da45beceff1c4a2362640dc
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...

oem: meta: Add decode_oem_meta_file_io_write_req()

Add decode_oem_meta_file_io_write_req function.
Deprecate decode_oem_meta_file_io_req function.

The difference between functions decode_oem_meta_f

oem: meta: Add decode_oem_meta_file_io_write_req()

Add decode_oem_meta_file_io_write_req function.
Deprecate decode_oem_meta_file_io_req function.

The difference between functions decode_oem_meta_file_io_req and
decode_oem_meta_file_io_write_req:

- decode_oem_meta_file_io_write_req:
- return 0 on success and return a negative errno value on failure.
- input parameters is structure.
- add req_length parameter to check whether the total length of
the request is buffer overflow.
- decode_oem_meta_file_io_req:
- return PLDM_SUCCESS on success and return another PLDM completion
code on failure.
- input parameters is passing individual pointers.

Change-Id: Iae3c7f24128bc25c5af6951f34fdc6d8a7b90381
Signed-off-by: Delphine CC Chiu <Delphine_CC_Chiu@wiwynn.com>
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

meson: Format build files with `meson format`

Additionally, add the formatting command to `scripts/pre-submit` so it's
run by OpenBMC's CI (via `scripts/run-ci`).

Change-Id: Ifb8fc06106b8cfa9155e98

meson: Format build files with `meson format`

Additionally, add the formatting command to `scripts/pre-submit` so it's
run by OpenBMC's CI (via `scripts/run-ci`).

Change-Id: Ifb8fc06106b8cfa9155e986528b769a5ca450b4c
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Harden pldm_msgbuf_{insert,extract}_array()

Review of some proposed APIs suggested that correct use of the
pldm_msgbuf_{insert,extract}_array() helpers was more difficult that it
should be.

msgbuf: Harden pldm_msgbuf_{insert,extract}_array()

Review of some proposed APIs suggested that correct use of the
pldm_msgbuf_{insert,extract}_array() helpers was more difficult that it
should be. In the three-parameter form, it was too tempting to provide
the length to extract as parsed out of a PLDM message. The intended
use was that the length parameter represented the length of the
user-provided data buffer.

Instead, move to a four-parameter form, provide reasonable documentation
for how these APIs should be used, fix all the call-sites, and deprecate
some existing unsafe APIs.

Change-Id: If58e5574600e80b354f383554283c4eda5d7234c
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Add error code personalities

libpldm is in a bit of a transitional period with respect to returned
error codes. A historical choice was to return PLDM completion codes
from the library API t

msgbuf: Add error code personalities

libpldm is in a bit of a transitional period with respect to returned
error codes. A historical choice was to return PLDM completion codes
from the library API to indicate errors. This is unfortunate because
we're now constrained to errors that are specified by the PLDM protocol,
which is much less expressive than the set of errors that might be
produced by a run-time environment for the library.

The choice going forward is to return C's errno codes. However at this
point we step on another rake in the libpldm design, which is that some
internal data structures are very much the wire format of corresponding
PLDM messages (such as the PDR repository implementation). Working with
wire-format buffers is most safely done via the msgbuf APIs, however we
then hit the conflict of different error code styles in various parts of
the API surface.

Do a bit of surgery to provide different error code personalities for
msgbuf, such that the caller can pick the style of error code they need
it to return to maintain consistency.

Note that like the previous patch marking all msgbuf APIs as
__attribute__((always_inline)), the rework here makes another small
impact on the argument register allocation of several stable APIs. The
ABI dump is updated accordingly.

Change-Id: Id59c39c5c822f514f546dab88575317071a97c96
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Enable pldm_msgbuf_extract() into packed members

`pldm_msgbuf_extract()` should work correctly regardless of whether the
`dst` argument is a member of a packed or padded struct.

To get ther

msgbuf: Enable pldm_msgbuf_extract() into packed members

`pldm_msgbuf_extract()` should work correctly regardless of whether the
`dst` argument is a member of a packed or padded struct.

To get there while still achieving type safety we have to jump through
some hoops. Commentary in the patch hopefully captures many of them, but
a side-effect of the hoop-jumping is a couple of changes to ergonomics
of the msgbuf API:

1. `pldm_msgbuf_extract()` no-longer requires that the `dst`
argument be a pointer. Instead, it must be an lvalue, removing all
the `&<lvalue>` noise from the call-sites.

2. However, unfortunately the generic extraction macro has been split in
two. We now have:

2.1 `pldm_msgbuf_extract()`, and
2.2 `pldm_msgbuf_extract_p()`, for when the reference we already have
for the `dst` object is a pointer and not an lvalue.

The split was necessary because I couldn't get GCC and Clang to play
nice with differences required in the assignment expression for lvalue
and pointer type-names in the one macro. Whilst it causes a bunch of
churn it isn't a great concern as the APIs are purely internal to the
library implementation.

Change-Id: Ifc5440a5b838a48bb84c881ec334d9e145365edb
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Thu Nguyen <thu@os.amperecomputing.com>

show more ...

oem: meta: stabilise decode_oem_meta_file_io_req()

Use of decode_oem_meta_file_io_req() is demonstrated in:

67050: Support OEM-META write file request for post code history
https://gerrit.openbmc.o

oem: meta: stabilise decode_oem_meta_file_io_req()

Use of decode_oem_meta_file_io_req() is demonstrated in:

67050: Support OEM-META write file request for post code history
https://gerrit.openbmc.org/c/openbmc/pldm/+/67050

Change-Id: I03cfd68f279f9bfdf515ca4302561ca0464c75cc
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

oem: meta: Add decode_oem_meta_file_io_req()

Support decode_oem_meta_file_io_req() cmd to decode the incoming post
code.

PLDM OEM Meta Write File IO cmd:
Example:
Request:
Byte 0: 0x3F (OEM c

oem: meta: Add decode_oem_meta_file_io_req()

Support decode_oem_meta_file_io_req() cmd to decode the incoming post
code.

PLDM OEM Meta Write File IO cmd:
Example:
Request:
Byte 0: 0x3F (OEM cmd)
Byte 1: 0x02 (FILE IO)
Byte 2: 0x00 (File io type : POST CODE)
Byte 3-6: 0x04 (Data length)
Byte 7-10: 0x93 0xE0 0x00 0xEA (post code)

Response:
Byte 0: 0x00 (success)

Tested:
- Unit Tests passed.

Change-Id: I85437698642dd3cbe6084acf1feada842d206eac
Signed-off-by: Delphine CC Chiu <Delphine_CC_Chiu@wiwynn.com>

show more ...

meson: Fix for OEM header collision issue

It needs to be possible to build libpldm with any number of oem features
enabled simultaneously. If the header files are same then the earlier
implementatio

meson: Fix for OEM header collision issue

It needs to be possible to build libpldm with any number of oem features
enabled simultaneously. If the header files are same then the earlier
implementation will not work.

Install the header file in a way that doesn't break any oem portions.
Also the symlinks are generated to the older location until we migrate
the applications using the files to new location.

Tested: The headers are installed in the new location
and symlinks are generated.

Change-Id: I1455d52ff4b0c7f74b49d136bf582182537592d1
Signed-off-by: Pavithra Barithaya <pavithra.b@ibm.com>
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

libpldm: Fix header use

The headers need to work whether we're building libpldm in the repo or
we're building another project depending on the headers in the system
include directory.

Tidy up the p

libpldm: Fix header use

The headers need to work whether we're building libpldm in the repo or
we're building another project depending on the headers in the system
include directory.

Tidy up the paths involved and switch to defining the public headers as
system headers for the purpose of the build.

Change-Id: I49413988c94d393ea5761bc4684edcd2c2482a98
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

license: add spdx identifier to all files

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ifddd07cc0eb5edeb2dcb410747073d68c6631cb1

meson: Force inclusion of config.h via `-include`

Make sure there's no ambiguity about which config.h is used for includes
in the event that libpldm acquires subprojects, or is used as a
subproject

meson: Force inclusion of config.h via `-include`

Make sure there's no ambiguity about which config.h is used for includes
in the event that libpldm acquires subprojects, or is used as a
subproject itself.

Tested: `meson compile -C build` succeeds

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I08c3bdc807cc268d2401e06f0bfaee07f89ba534

show more ...

libpldm: Explicit deprecated, stable and testing ABI classes

Experimenting with new APIs is important, but ABI stability of the
library is also important. We wish to have the freedom to add APIs
wit

libpldm: Explicit deprecated, stable and testing ABI classes

Experimenting with new APIs is important, but ABI stability of the
library is also important. We wish to have the freedom to add APIs
without being burdened by them being immediately set in stone.

We implement this wish by introducing three classes of ABI:

1. deprecated
2. stable
3. testing

These are enforced by corresponding function attributes:

1. LIBPLDM_ABI_DEPRECATED
2. LIBPLDM_ABI_STABLE
3. LIBPLDM_ABI_TESTING

Symbol visibility in the library is flipped to 'hidden' by default, so
one of these annotations must be used for the symbol to be exposed.

With these classes in place there are now clear points in time at which
we update the ABI dumps captured under the abi/ directory: When an API
is migrated from the 'testing' class to the 'stable' class, or when
removed from the 'deprecated' class.

Which classes of functions are exposed by the build is controlled by the
new 'abi' meson option. The option is of array type which contains the
list of ABI classes the build should consider. It defaults to enabling
all classes to provide test coverage in CI. The classes used should be
constrained to deprecated and stable (and not test) in any dependent
projects.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I25402e20c7be9c9f264f9ccd7ac36b384823734c

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository[1] and reformat
the repository.

[1] https://gerrit.openbmc.org/c/openbmc/docs/+/63441

Further, shift the fixup for C's `_Static_assert` into src/msgbuf.h to
prevent a clang-tidy-16 error:

```
/data0/jenkins/workspace/ci-repository/openbmc/libpldm/src/msgbuf.h:315:2: error: '_Static_assert' is a C11 extension [clang-diagnostic-c11-extensions,-warnings-as-errors]
_Static_assert(sizeof(*dst) == sizeof(ldst),
^
```

And fix up the function prototype in the definition of `pldm_open()`:

```
../src/requester/pldm.c:128:16: error: a function declaration without a prototype is deprecated in all versions of C [clang-diagnostic-strict-prototypes,-warnings-as-errors]
void pldm_close()
^
void
```

Change-Id: I57b53f51914e39237e733d024e62ab41b3d306c1
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

Fix includes using iwyu tool

These changes are done by running iwyu manually under clang14.

IWYU can increase readability, make maintenance easier, and avoid errors
in some cases. See details in
``

Fix includes using iwyu tool

These changes are done by running iwyu manually under clang14.

IWYU can increase readability, make maintenance easier, and avoid errors
in some cases. See details in
```
https: //github.com/include-what-you-use/include-what-you-use/blob/master/docs/WhyIWYU.md.
```
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Idaaeffd78c9ad7db2b41a057d40f889ade297c55

show more ...

libpldm: Migrate to subproject

Organize files in libpldm to make it a subproject

In the current state, libpldm is not readily consumable
as a subproject.This commit does all the necessary re-organi

libpldm: Migrate to subproject

Organize files in libpldm to make it a subproject

In the current state, libpldm is not readily consumable
as a subproject.This commit does all the necessary re-organisation
of the source code to make it work as a subproject.

There are no .c/.h files changes in this commit, only meson
changes and re-organising the code structure.

Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I20a71c0c972b1fd81fb359d604433618799102c6

show more ...