36324f6b | 24-Sep-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
Apply GCC's tainted_args attribute to library entrypoints
The implementation applies `__attribute__((tainted_args))` by integrating it into the existing ABI macro annotations.
In the process, quite
Apply GCC's tainted_args attribute to library entrypoints
The implementation applies `__attribute__((tainted_args))` by integrating it into the existing ABI macro annotations.
In the process, quite a number of APIs were discovered to be unsafe in ways that were not immediately fixable. Often this is because they lack arguments that enable the appropriate bounds-checking to be applied.
Redesigning them is work beyond the scope of the immediate effort. Instead, we also introduce a new annotation, LIBPLDM_ABI_DEPRECATED_UNSAFE, that simply lacks `__attribute__((tainted_args))` and therefore doesn't trigger the extra analysis.
Change-Id: Ib8994eaa3907a5432d040426ad03687cbf4c2136 Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
57d9a2ef | 03-Oct-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()
``` ../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’: ../src/oem/ibm/platform.c:49:9: error:
oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()
``` ../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’: ../src/oem/ibm/platform.c:49:9: error: use of attacker-controlled value ‘(long unsigned int)num_handles * 2’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size] 49 | memcpy(request->bios_attribute_handles, list_of_handles, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 50 | num_handles * sizeof(uint16_t)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ```
gitlint-ignore: T1, B1 Fixes: 9c76679224cf ("libpldm: Migrate to subproject") Change-Id: Ie329d651207936b4a4762efa7631c9ecb525cf74 Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
ea0bf3a8 | 19-Sep-2024 |
Lora Lin <lora.lin.wiwynn@gmail.com> |
oem: meta: Stabilise decode/encode file IO API
Stabilise decode_oem_meta_file_io_write_req() API Stabilise decode_oem_meta_file_io_read_req() API Stabilise encode_oem_meta_file_io_read_resp() API
S
oem: meta: Stabilise decode/encode file IO API
Stabilise decode_oem_meta_file_io_write_req() API Stabilise decode_oem_meta_file_io_read_req() API Stabilise encode_oem_meta_file_io_read_resp() API
See usage example at: [1] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#59 [2] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#89 [3] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#143
Change-Id: I8bc38e4fad7ad18dc7ab5062fab14cdd11fe9aef Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>
show more ...
|
6476c968 | 26-Jul-2024 |
Lora Lin <lora.lin.wiwynn@gmail.com> |
oem: meta: Add encode_oem_meta_file_io_read_resp()
Add encode_oem_meta_file_io_read_resp function
This function is used to encode the message of reading file IO. Assemble responses to read file IO
oem: meta: Add encode_oem_meta_file_io_read_resp()
Add encode_oem_meta_file_io_read_resp function
This function is used to encode the message of reading file IO. Assemble responses to read file IO messages, but the response content other than the completion code needs to be additionally appended.
Change-Id: Ib030ac9f37fe73b66fb762dcf8b8297bce79836a Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>
show more ...
|
893a08f0 | 16-Jul-2024 |
Lora Lin <lora.lin.wiwynn@gmail.com> |
oem: meta: Add decode_oem_meta_file_io_read_req()
Add decode_oem_meta_file_io_read_req function.
This function is used to decode the message of reading file IO. Need to include read_option (read fi
oem: meta: Add decode_oem_meta_file_io_read_req()
Add decode_oem_meta_file_io_read_req function.
This function is used to decode the message of reading file IO. Need to include read_option (read file attributes or data), length (the length of the read data) and read_info (The information needed to read the file). Take reading file data as an example: read_info needs to contain transferFlag, offset to know the starting position and transfer progress of the read file.
Change-Id: I425476d36e3cd69d2da45beceff1c4a2362640dc Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>
show more ...
|
0f5be28f | 21-Jul-2024 |
Lora Lin <lora.lin.wiwynn@gmail.com> |
oem: meta: Add decode_oem_meta_file_io_write_req()
Add decode_oem_meta_file_io_write_req function. Deprecate decode_oem_meta_file_io_req function.
The difference between functions decode_oem_meta_f
oem: meta: Add decode_oem_meta_file_io_write_req()
Add decode_oem_meta_file_io_write_req function. Deprecate decode_oem_meta_file_io_req function.
The difference between functions decode_oem_meta_file_io_req and decode_oem_meta_file_io_write_req:
- decode_oem_meta_file_io_write_req: - return 0 on success and return a negative errno value on failure. - input parameters is structure. - add req_length parameter to check whether the total length of the request is buffer overflow. - decode_oem_meta_file_io_req: - return PLDM_SUCCESS on success and return another PLDM completion code on failure. - input parameters is passing individual pointers.
Change-Id: Iae3c7f24128bc25c5af6951f34fdc6d8a7b90381 Signed-off-by: Delphine CC Chiu <Delphine_CC_Chiu@wiwynn.com> Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com> Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
e984a461 | 07-Sep-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
meson: Format build files with `meson format`
Additionally, add the formatting command to `scripts/pre-submit` so it's run by OpenBMC's CI (via `scripts/run-ci`).
Change-Id: Ifb8fc06106b8cfa9155e98
meson: Format build files with `meson format`
Additionally, add the formatting command to `scripts/pre-submit` so it's run by OpenBMC's CI (via `scripts/run-ci`).
Change-Id: Ifb8fc06106b8cfa9155e986528b769a5ca450b4c Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
0a1be3cb | 11-Aug-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
msgbuf: Harden pldm_msgbuf_{insert,extract}_array()
Review of some proposed APIs suggested that correct use of the pldm_msgbuf_{insert,extract}_array() helpers was more difficult that it should be.
msgbuf: Harden pldm_msgbuf_{insert,extract}_array()
Review of some proposed APIs suggested that correct use of the pldm_msgbuf_{insert,extract}_array() helpers was more difficult that it should be. In the three-parameter form, it was too tempting to provide the length to extract as parsed out of a PLDM message. The intended use was that the length parameter represented the length of the user-provided data buffer.
Instead, move to a four-parameter form, provide reasonable documentation for how these APIs should be used, fix all the call-sites, and deprecate some existing unsafe APIs.
Change-Id: If58e5574600e80b354f383554283c4eda5d7234c Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
c8df31c1 | 21-May-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
msgbuf: Add error code personalities
libpldm is in a bit of a transitional period with respect to returned error codes. A historical choice was to return PLDM completion codes from the library API t
msgbuf: Add error code personalities
libpldm is in a bit of a transitional period with respect to returned error codes. A historical choice was to return PLDM completion codes from the library API to indicate errors. This is unfortunate because we're now constrained to errors that are specified by the PLDM protocol, which is much less expressive than the set of errors that might be produced by a run-time environment for the library.
The choice going forward is to return C's errno codes. However at this point we step on another rake in the libpldm design, which is that some internal data structures are very much the wire format of corresponding PLDM messages (such as the PDR repository implementation). Working with wire-format buffers is most safely done via the msgbuf APIs, however we then hit the conflict of different error code styles in various parts of the API surface.
Do a bit of surgery to provide different error code personalities for msgbuf, such that the caller can pick the style of error code they need it to return to maintain consistency.
Note that like the previous patch marking all msgbuf APIs as __attribute__((always_inline)), the rework here makes another small impact on the argument register allocation of several stable APIs. The ABI dump is updated accordingly.
Change-Id: Id59c39c5c822f514f546dab88575317071a97c96 Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
66c7723a | 23-Apr-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
msgbuf: Enable pldm_msgbuf_extract() into packed members
`pldm_msgbuf_extract()` should work correctly regardless of whether the `dst` argument is a member of a packed or padded struct.
To get ther
msgbuf: Enable pldm_msgbuf_extract() into packed members
`pldm_msgbuf_extract()` should work correctly regardless of whether the `dst` argument is a member of a packed or padded struct.
To get there while still achieving type safety we have to jump through some hoops. Commentary in the patch hopefully captures many of them, but a side-effect of the hoop-jumping is a couple of changes to ergonomics of the msgbuf API:
1. `pldm_msgbuf_extract()` no-longer requires that the `dst` argument be a pointer. Instead, it must be an lvalue, removing all the `&<lvalue>` noise from the call-sites.
2. However, unfortunately the generic extraction macro has been split in two. We now have:
2.1 `pldm_msgbuf_extract()`, and 2.2 `pldm_msgbuf_extract_p()`, for when the reference we already have for the `dst` object is a pointer and not an lvalue.
The split was necessary because I couldn't get GCC and Clang to play nice with differences required in the assignment expression for lvalue and pointer type-names in the one macro. Whilst it causes a bunch of churn it isn't a great concern as the APIs are purely internal to the library implementation.
Change-Id: Ifc5440a5b838a48bb84c881ec334d9e145365edb Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Thu Nguyen <thu@os.amperecomputing.com>
show more ...
|
a98814fc | 29-Nov-2023 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
oem: meta: stabilise decode_oem_meta_file_io_req()
Use of decode_oem_meta_file_io_req() is demonstrated in:
67050: Support OEM-META write file request for post code history https://gerrit.openbmc.o
oem: meta: stabilise decode_oem_meta_file_io_req()
Use of decode_oem_meta_file_io_req() is demonstrated in:
67050: Support OEM-META write file request for post code history https://gerrit.openbmc.org/c/openbmc/pldm/+/67050
Change-Id: I03cfd68f279f9bfdf515ca4302561ca0464c75cc Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
22fad395 | 26-Oct-2023 |
Delphine CC Chiu <Delphine_CC_Chiu@wiwynn.com> |
oem: meta: Add decode_oem_meta_file_io_req()
Support decode_oem_meta_file_io_req() cmd to decode the incoming post code.
PLDM OEM Meta Write File IO cmd: Example: Request: Byte 0: 0x3F (OEM c
oem: meta: Add decode_oem_meta_file_io_req()
Support decode_oem_meta_file_io_req() cmd to decode the incoming post code.
PLDM OEM Meta Write File IO cmd: Example: Request: Byte 0: 0x3F (OEM cmd) Byte 1: 0x02 (FILE IO) Byte 2: 0x00 (File io type : POST CODE) Byte 3-6: 0x04 (Data length) Byte 7-10: 0x93 0xE0 0x00 0xEA (post code)
Response: Byte 0: 0x00 (success)
Tested: - Unit Tests passed.
Change-Id: I85437698642dd3cbe6084acf1feada842d206eac Signed-off-by: Delphine CC Chiu <Delphine_CC_Chiu@wiwynn.com>
show more ...
|
a7989cd6 | 30-Oct-2023 |
Pavithra Barithaya <pavithra.b@ibm.com> |
meson: Fix for OEM header collision issue
It needs to be possible to build libpldm with any number of oem features enabled simultaneously. If the header files are same then the earlier implementatio
meson: Fix for OEM header collision issue
It needs to be possible to build libpldm with any number of oem features enabled simultaneously. If the header files are same then the earlier implementation will not work.
Install the header file in a way that doesn't break any oem portions. Also the symlinks are generated to the older location until we migrate the applications using the files to new location.
Tested: The headers are installed in the new location and symlinks are generated.
Change-Id: I1455d52ff4b0c7f74b49d136bf582182537592d1 Signed-off-by: Pavithra Barithaya <pavithra.b@ibm.com> Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
b0c1d20a | 07-Nov-2023 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
libpldm: Fix header use
The headers need to work whether we're building libpldm in the repo or we're building another project depending on the headers in the system include directory.
Tidy up the p
libpldm: Fix header use
The headers need to work whether we're building libpldm in the repo or we're building another project depending on the headers in the system include directory.
Tidy up the paths involved and switch to defining the public headers as system headers for the purpose of the build.
Change-Id: I49413988c94d393ea5761bc4684edcd2c2482a98 Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
691668fe | 01-Nov-2023 |
Patrick Williams <patrick@stwcx.xyz> |
license: add spdx identifier to all files
Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Ifddd07cc0eb5edeb2dcb410747073d68c6631cb1 |
f89befe3 | 15-Jun-2023 |
Andrew Jeffery <andrew@aj.id.au> |
meson: Force inclusion of config.h via `-include`
Make sure there's no ambiguity about which config.h is used for includes in the event that libpldm acquires subprojects, or is used as a subproject
meson: Force inclusion of config.h via `-include`
Make sure there's no ambiguity about which config.h is used for includes in the event that libpldm acquires subprojects, or is used as a subproject itself.
Tested: `meson compile -C build` succeeds
Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Change-Id: I08c3bdc807cc268d2401e06f0bfaee07f89ba534
show more ...
|
9d2a1c6a | 04-Jun-2023 |
Andrew Jeffery <andrew@aj.id.au> |
libpldm: Explicit deprecated, stable and testing ABI classes
Experimenting with new APIs is important, but ABI stability of the library is also important. We wish to have the freedom to add APIs wit
libpldm: Explicit deprecated, stable and testing ABI classes
Experimenting with new APIs is important, but ABI stability of the library is also important. We wish to have the freedom to add APIs without being burdened by them being immediately set in stone.
We implement this wish by introducing three classes of ABI:
1. deprecated 2. stable 3. testing
These are enforced by corresponding function attributes:
1. LIBPLDM_ABI_DEPRECATED 2. LIBPLDM_ABI_STABLE 3. LIBPLDM_ABI_TESTING
Symbol visibility in the library is flipped to 'hidden' by default, so one of these annotations must be used for the symbol to be exposed.
With these classes in place there are now clear points in time at which we update the ABI dumps captured under the abi/ directory: When an API is migrated from the 'testing' class to the 'stable' class, or when removed from the 'deprecated' class.
Which classes of functions are exposed by the build is controlled by the new 'abi' meson option. The option is of array type which contains the list of ABI classes the build should consider. It defaults to enabling all classes to provide test coverage in CI. The classes used should be constrained to deprecated and stable (and not test) in any dependent projects.
Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Change-Id: I25402e20c7be9c9f264f9ccd7ac36b384823734c
show more ...
|
37dd6a3d | 12-May-2023 |
Andrew Jeffery <andrew@aj.id.au> |
clang-format: copy latest and re-format
clang-format-16 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest
clang-format: copy latest and re-format
clang-format-16 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest .clang-format from the docs repository[1] and reformat the repository.
[1] https://gerrit.openbmc.org/c/openbmc/docs/+/63441
Further, shift the fixup for C's `_Static_assert` into src/msgbuf.h to prevent a clang-tidy-16 error:
``` /data0/jenkins/workspace/ci-repository/openbmc/libpldm/src/msgbuf.h:315:2: error: '_Static_assert' is a C11 extension [clang-diagnostic-c11-extensions,-warnings-as-errors] _Static_assert(sizeof(*dst) == sizeof(ldst), ^ ```
And fix up the function prototype in the definition of `pldm_open()`:
``` ../src/requester/pldm.c:128:16: error: a function declaration without a prototype is deprecated in all versions of C [clang-diagnostic-strict-prototypes,-warnings-as-errors] void pldm_close() ^ void ```
Change-Id: I57b53f51914e39237e733d024e62ab41b3d306c1 Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
show more ...
|
9a8e4975 | 28-Nov-2022 |
Manojkiran Eda <manojkiran.eda@gmail.com> |
Fix includes using iwyu tool
These changes are done by running iwyu manually under clang14.
IWYU can increase readability, make maintenance easier, and avoid errors in some cases. See details in ``
Fix includes using iwyu tool
These changes are done by running iwyu manually under clang14.
IWYU can increase readability, make maintenance easier, and avoid errors in some cases. See details in ``` https: //github.com/include-what-you-use/include-what-you-use/blob/master/docs/WhyIWYU.md. ``` Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com> Change-Id: Idaaeffd78c9ad7db2b41a057d40f889ade297c55
show more ...
|
9c766792 | 10-Aug-2022 |
Andrew Jeffery <andrew@aj.id.au> |
libpldm: Migrate to subproject
Organize files in libpldm to make it a subproject
In the current state, libpldm is not readily consumable as a subproject.This commit does all the necessary re-organi
libpldm: Migrate to subproject
Organize files in libpldm to make it a subproject
In the current state, libpldm is not readily consumable as a subproject.This commit does all the necessary re-organisation of the source code to make it work as a subproject.
There are no .c/.h files changes in this commit, only meson changes and re-organising the code structure.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com> Change-Id: I20a71c0c972b1fd81fb359d604433618799102c6
show more ...
|