pdr: Deprecate find_entity_ref_in_tree()

It's likely that this should have been marked as static. Deprecate it so
we can remove it from the public ABI.

Signed-off-by: Andrew Jeffery <andrew@aj.id.a

pdr: Deprecate find_entity_ref_in_tree()

It's likely that this should have been marked as static. Deprecate it so
we can remove it from the public ABI.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I8ba83df8194a3d556eda15009a175c84c4e609fa

show more ...

pdr: pldm_entity_association_pdr_add(): Exit early on bad arguments

It's not possible to perform the conversion if one or both of tree or
repo are NULL. Explicitly document this case.

Signed-off-by

pdr: pldm_entity_association_pdr_add(): Exit early on bad arguments

It's not possible to perform the conversion if one or both of tree or
repo are NULL. Explicitly document this case.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I3c77b0d99c5c0badc457a4117312105f22bf5a61

show more ...

pdr: Deprecate is_present()

It's likely the case that this was never meant to be part of the public
ABI and should have been marked static. Deprecate it so we can take such
a course of action.

Chan

pdr: Deprecate is_present()

It's likely the case that this was never meant to be part of the public
ABI and should have been marked static. Deprecate it so we can take such
a course of action.

Change-Id: Id9447159ad261a32842dd4bc80bb5ac8245afa42
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

pdr: pldm_is_current_parent_child(): Return false for invalid arguments

It can't be true that a node is a child of parent if either or both of
parent or node are NULL. Explicitly document this case.

pdr: pldm_is_current_parent_child(): Return false for invalid arguments

It can't be true that a node is a child of parent if either or both of
parent or node are NULL. Explicitly document this case.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ibabaff24e12f3b53f87ecbcb127d84ab1e7773ba

show more ...

pdr: pldm_entity_get_num_children(): Return zero for invalid arguments

It's not possible to return a sensible value if the arguments are
invalid. Return zero as there are no children to match if a N

pdr: pldm_entity_get_num_children(): Return zero for invalid arguments

It's not possible to return a sensible value if the arguments are
invalid. Return zero as there are no children to match if a NULL node is
passed, and similarly, no matching nodes if the assocation type doesn't
meet the requirements.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ia0edf397a01a1652992a258f80e9836a57209d2d

show more ...

pdr: pldm_entity_association_tree_destroy(): Exit early on bad argument

There's no need to rely on the violence of assert() in this instance.
Just bail out if tree is NULL.

Signed-off-by: Andrew Je

pdr: pldm_entity_association_tree_destroy(): Exit early on bad argument

There's no need to rely on the violence of assert() in this instance.
Just bail out if tree is NULL.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: If3d1d92015f37d56ab389bed7f20892db9b63e13

show more ...

pdr: pldm_entity_association_tree_visit(): Exit early on failure

Failure may take the form of invalid parameters or an allocation
failure. Avoid NULL dereferences where possible.

Signed-off-by: And

pdr: pldm_entity_association_tree_visit(): Exit early on failure

Failure may take the form of invalid parameters or an allocation
failure. Avoid NULL dereferences where possible.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Iebef851345fb61ab678cfd0e1c763162780c8091

show more ...

pdr: pldm_entity_association_tree_init(): Return NULL on failed alloc

The API is documented as returning NULL on error, so exploit that
constraint on the caller to actually implement that behaviour.

pdr: pldm_entity_association_tree_init(): Return NULL on failed alloc

The API is documented as returning NULL on error, so exploit that
constraint on the caller to actually implement that behaviour.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Iaee36079909bc4e2e59c6a1df50120c9be68cd0e

show more ...

pdr: pldm_pdr_fru_record_set_find_by_rsi(): Exit early on NULL arguments

Improve assert()-safety by exploiting the fact that it's already valid
for the function to return NULL.

Signed-off-by: Andre

pdr: pldm_pdr_fru_record_set_find_by_rsi(): Exit early on NULL arguments

Improve assert()-safety by exploiting the fact that it's already valid
for the function to return NULL.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I9d7d0a667801a87dbcfeadfa9a4fd084a87e48db

show more ...

pdr: pldm_entity_node_get_remote_container_id() is a trivial accessor

Align its prototype and behaviour with the other trivial accessors:
Assert that the precondition for invocation is that entity p

pdr: pldm_entity_node_get_remote_container_id() is a trivial accessor

Align its prototype and behaviour with the other trivial accessors:
Assert that the precondition for invocation is that entity points to a
valid object.

pldm_entity_node_get_remote_container_id() is marked as
LIBPLDM_ABI_TESTING so we are free to change it as necessary.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ic8a8c30df7e4245ce06d314e7a99f25890152c79

show more ...

pdr: Document preconditions for trivial accessor functions

Don't force the implementation to handle invalid pointers and convolute
what should be a simple API.

Callers must already be validating th

pdr: Document preconditions for trivial accessor functions

Don't force the implementation to handle invalid pointers and convolute
what should be a simple API.

Callers must already be validating this precondition to avoid the
assert() in the implementations. The change just explicitly defines the
requirement.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I8285c998ed5cd69489f00b3873dadf7901938ace

show more ...

pdr: pldm_pdr_find_record_by_type(): Exit early if repo is NULL

Finding a record may already fail and result in a NULL return value.
Improve assert() safety by returning NULL if the provided repo po

pdr: pldm_pdr_find_record_by_type(): Exit early if repo is NULL

Finding a record may already fail and result in a NULL return value.
Improve assert() safety by returning NULL if the provided repo pointer
is NULL.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I0df1e329b8e0e546103358d4ef32e2074670879b

show more ...

pdr: pldm_pdr_destroy(): Exit early if repo is NULL

There's no reason to invoke the violence of assert() if the repo is
NULL, just bail out.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-I

pdr: pldm_pdr_destroy(): Exit early if repo is NULL

There's no reason to invoke the violence of assert() if the repo is
NULL, just bail out.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ib887a98d4f57932299144c5fa0f09ff53fb8984b

show more ...

pdr: pldm_pdr_init(): Return NULL on allocation failure

Previously initialisation of the structure was protected from a failed
allocation using assert(). Instead, do what the API specification allow

pdr: pldm_pdr_init(): Return NULL on allocation failure

Previously initialisation of the structure was protected from a failed
allocation using assert(). Instead, do what the API specification allows
us to do and perform an early exit by returning NULL.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: If6510014d383d815d42f48a2b607b12015e20bb2

show more ...

pdr: Always uphold expectations of get_next_record_handle()

pldm_pdr_get_next_record() uses assert() to validate its arguments.
While this is usually a concern, get_next_record_handle() is internal

pdr: Always uphold expectations of get_next_record_handle()

pldm_pdr_get_next_record() uses assert() to validate its arguments.
While this is usually a concern, get_next_record_handle() is internal
and can instead be protected at the public API boundary.

Add tests for the validity of parameters to pldm_pdr_find_record() and
pldm_pdr_get_next_record(), the callers of get_next_record_handle().
Both functions return pointers, and already return NULL on error.
Correct invocation must therefore already validate the returned pointer,
thus it is valid to also return NULL in the case of invalid arguments.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I07596acc9da7427d785b8b9db11eb84219fb8a5d

show more ...

fru: Introduce get_fru_record_by_option_check()

get_fru_record_by_option() protected the injection of record data into
the record buffer only using assert(). get_fru_record_by_option_check()
instead

fru: Introduce get_fru_record_by_option_check()

get_fru_record_by_option() protected the injection of record data into
the record buffer only using assert(). get_fru_record_by_option_check()
instead returns an error if the record data would overflow the record
buffer.

Callers should prefer get_fru_record_by_option_check(), and testing its
result, over get_fru_record_by_option().

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ifc1459863cd9f3f7289badb9f1842386d31cbd87

show more ...

bios_table: pldm_bios_table_iter_next(): Invalid entry halts iteration

The attribute iterator machinary prevented misbehaviour through use of
assert(). The attribute list is maintained as a linear s

bios_table: pldm_bios_table_iter_next(): Invalid entry halts iteration

The attribute iterator machinary prevented misbehaviour through use of
assert(). The attribute list is maintained as a linear sequence of
variably sized data structures that are packed against each other in the
address space. The iterator is implemented by assigning a callback that
can determine the length of each entry as appropriate for the entry's
type, and then moving the iterator's cursor between elements.

The length derivation for some elements was protected by assert(). To
avoid the asserts we rework the length callback prototype to return
a signed size value and indicate an error state with a negative size.

pldm_bios_table_iter_next() is reworked to detect the error case on
deriving the element size (negative size) and behave as if the iterator
has terminated.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I80db3fe179201b169acc68c68633d8dd3f3a6334

show more ...

bios_table: pldm_bios_table_iter_create(): Return NULL on failed alloc

Given we're already returning the pointer, take the opportunity to
return a NULL pointer if the allocation fails. This provides

bios_table: pldm_bios_table_iter_create(): Return NULL on failed alloc

Given we're already returning the pointer, take the opportunity to
return a NULL pointer if the allocation fails. This provides a signal to
the caller that an error has occurred and allows us to escape from
relying on assert() as the signal.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I58a82a240e64f981c28ad69e317ac8e3d1e41d40

show more ...

bios_table: Introduce pldm_bios_table_append_pad_checksum_check()

pldm_bios_table_append_pad_checksum() was unable to indicate an error to
the caller and so resorted to using assert(). Introduce
pld

bios_table: Introduce pldm_bios_table_append_pad_checksum_check()

pldm_bios_table_append_pad_checksum() was unable to indicate an error to
the caller and so resorted to using assert(). Introduce
pldm_bios_table_append_pad_checksum_check() which returns an error code
instead handling errors with assert(). From there, implement
pldm_bios_table_append_pad_checksum() in terms of
pldm_bios_table_append_pad_checksum_check().

Users of pldm_bios_table_append_pad_checksum() should prefer
pldm_bios_table_append_pad_checksum_check().

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I24e05c09023a9fcf7eee9e79668c552f08b4b6dd

show more ...

bios_table: Deprecate pldm_bios_table_attr_value_entry_encode_integer()

Users should prefer
pldm_bios_table_attr_value_entry_encode_integer_check() which returns an
error code rather than preventing

bios_table: Deprecate pldm_bios_table_attr_value_entry_encode_integer()

Users should prefer
pldm_bios_table_attr_value_entry_encode_integer_check() which returns an
error code rather than preventing misbehaviour using assert().

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: If7b0290d93d96c893fe3e790ba7738ececc3d4df

show more ...

bios_table: Deprecate pldm_bios_table_attr_value_entry_encode_string()

Users should prefer
pldm_bios_table_attr_value_entry_encode_string_check() which returns an
error code rather than preventing m

bios_table: Deprecate pldm_bios_table_attr_value_entry_encode_string()

Users should prefer
pldm_bios_table_attr_value_entry_encode_string_check() which returns an
error code rather than preventing misbehaviour via assert().

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Id1aea49a07ac52858c1a5977e4f96b987f705064

show more ...

bios_table: Deprecate pldm_bios_table_attr_value_entry_encode_enum()

Users should prefer pldm_bios_table_attr_value_entry_encode_enum_check()
which returns an error code instead of preventing misbeh

bios_table: Deprecate pldm_bios_table_attr_value_entry_encode_enum()

Users should prefer pldm_bios_table_attr_value_entry_encode_enum_check()
which returns an error code instead of preventing misbehaviour via
assert().

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I9442fd35a0d2240572d600189387215664bef60d

show more ...

bios_table: Transitive error handling for get_bios_attr_handle()

Most transitive callers of get_bios_attr_handle() exposed in the public
API surface already had the ability to return an error code.

bios_table: Transitive error handling for get_bios_attr_handle()

Most transitive callers of get_bios_attr_handle() exposed in the public
API surface already had the ability to return an error code.
pldm_bios_table_attr_entry_integer_encode() was the one case where there
wasn't the case, but the equivalent
pldm_bios_table_attr_entry_integer_encode_check() API did already exist.

We reimplement pldm_bios_table_attr_entry_integer_encode() in terms of
pldm_bios_table_attr_entry_integer_encode_check() and then deprecate
pldm_bios_table_attr_entry_integer_encode() to continue working towards
making the library assert()-safe.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ia97e51b25174d0536ebd53182e7006a553b35f94

show more ...

bios_table: pldm_bios_table_string_entry_encode_check(): Handle overflow

Allow assertions to be disabled in get_bios_string_handle() by returning
PLDM_ERROR_INVALID_DATA if the next handle will will

bios_table: pldm_bios_table_string_entry_encode_check(): Handle overflow

Allow assertions to be disabled in get_bios_string_handle() by returning
PLDM_ERROR_INVALID_DATA if the next handle will will cause the allocator
state to overflow.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Id36c2f48d9fe62cd6dc10a530d4fc5174ed349b4

show more ...

requester: Return PLDM_REQUESTER_OPEN_FAIL from pldm_open() on error

As it stood the reimplementation of pldm_open() passed back the return
value of the pldm_transport_mctp_demux_*() APIs, which don

requester: Return PLDM_REQUESTER_OPEN_FAIL from pldm_open() on error

As it stood the reimplementation of pldm_open() passed back the return
value of the pldm_transport_mctp_demux_*() APIs, which don't align with
the specified behaviour of pldm_open()'s return values.

Rework the return values such that PLDM_REQUESTER_OPEN_FAIL is always
returned on error. This fixes error handling in at least
openpower-occ-control, which only tested for that value and considered
all other values as success.

Further, handle any external close(2) of the returned file descriptor.
This again caters to openpower-occ-control which issues close() in its
response handler.

Fixes: 39f883259956 ("requester: Make pldm_open() return existing fd")
Fixes: c1b66f420912 ("requester: Add new APIs to support multiple transports")
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I7144f6ecf0fdfbbc3a2a418a651207c012e0db54

show more ...