dsp: firmware_update: Iterators for downstream device descriptors

Provide an ergonomic and safe means to iterate through downstream
devices and their descriptors while avoiding the need to allocate.

dsp: firmware_update: Iterators for downstream device descriptors

Provide an ergonomic and safe means to iterate through downstream
devices and their descriptors while avoiding the need to allocate. The
strategy leaves the library user to make their own choices about how the
data is handled.

The user-facing portion of the change takes the form of two new macros,
to be nested inside one another:

```
foreach_pldm_downstream_device(...) {
foreach_pldm_downstream_device_descriptor(...) {
// Do something with the device-specific descriptor
}
}
```

Examples uses are provided in the documentation and in changes to the
test suite.

Change-Id: I6e79454b94868da73f318635bcaae57cd51fbf97
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

tests: firmware_update: Clean up some use of reinterpret_cast<>()

I'm reworking the QueryDownstreamIdentifiers tests, so let's get them
into reasonable shape before further modifications.

The prima

tests: firmware_update: Clean up some use of reinterpret_cast<>()

I'm reworking the QueryDownstreamIdentifiers tests, so let's get them
into reasonable shape before further modifications.

The primary change is replacing open-coded buffer sizing, allocation,
and type-casting with use of PLDM_MSG_DEFINE_P(), which gives us a
pointer to an appropriately-aligned stack-allocated instance of `struct
pldm_msg` with appropriate space in the object for the payload flexible
array.

Change-Id: Ic01a84caa14df1300c48c0049ac3bf6318987ff3
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

tests: firmware_update: Fix 'complition' typo

Change-Id: I787f2d2a226761c78bac66b646d80380281f0be6
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

dsp: platform: Fix location of closing paren in overflow detection

I suspect this was the result of editor auto-parenthesis support and the
result got overlooked.

Add some tests while we're in the

dsp: platform: Fix location of closing paren in overflow detection

I suspect this was the result of editor auto-parenthesis support and the
result got overlooked.

Add some tests while we're in the area.

As seems to be the case when we expand the tests associated with
argument values, also update the ABI dump to reflect the change in
recorded register allocation.

gitlint-ignore: UC1
Fixes: #13
Fixes: ad33b99abcc4 ("dsp: platform: Bounds check encode_state_effecter_pdr()")
Reported-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Change-Id: Iab4c1c337400678ac424936151a38baf0e0d554d
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKe

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKeepAlive.

Rework the change in 8c43abb due to the issue found in
openbmc/pldm@35f25949fe4d ("Fix invalid read by adjusting request
size")

gitlint-ignore: B1, UC1
Fixes: 66c7723adbdc ("msgbuf: Enable pldm_msgbuf_extract() into packed members")
Fixes: 9667f5823930 ("platform: pldm_msgbuf for decode_set_event_receiver_req()")
Fixes: 6ef2aa90a793 ("platform: Test invalid heartbeat conditions after assignment")
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I7ca50e487b9f1e6c6ea2b34f73c363def8b2d295
Signed-off-by: Gilbert Chen <gilbertc@nvidia.com>

show more ...

dsp: firmware_update: Bounds check decode_downstream_device_parameter_table_entry_versions()

```
../src/dsp/firmware_update.c: In function ‘decode_downstream_device_parameter_table_entry_versions’:

dsp: firmware_update: Bounds check decode_downstream_device_parameter_table_entry_versions()

```
../src/dsp/firmware_update.c: In function ‘decode_downstream_device_parameter_table_entry_versions’:
../src/dsp/firmware_update.c:1248:48: error: use of attacker-controlled value ‘*entry.active_comp_ver_str_len’ as offset without upper-bounds checking [CWE-823] [-Werror=analyzer-tainted-offset]
1248 | active[entry->active_comp_ver_str_len] = '\0';
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
```

gitlint-ignore: T1, B1, UC1
Fixes: b6ef35b48065 ("fw_update: Add encode req & decode resp for get_downstream_fw_params")
Change-Id: I15571804f391dc97de6d80c90325ded006aee500
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: pdr: Bound check pldm_entity_association_pdr_extract()

```
../src/dsp/pdr.c: In function ‘pldm_entity_association_pdr_extract’:
../src/dsp/pdr.c:1333:35: error: use of attacker-controlled value

dsp: pdr: Bound check pldm_entity_association_pdr_extract()

```
../src/dsp/pdr.c: In function ‘pldm_entity_association_pdr_extract’:
../src/dsp/pdr.c:1333:35: error: use of attacker-controlled value ‘(size_t)((int)*((char *)&*pdr + 10).num_children + 1) * 6’ as allocation size without upper-bounds checking [CWE-789] [-Werror=analyzer-tainted-allocation-size]
1333 | pldm_entity *l_entities = malloc(sizeof(pldm_entity) * l_num_entities);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I96582ae2b19d22413919ae0a6a9b94e2d3d40f39
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Bounds checks that satisfy GCC's analyzer

The intent is that there is no change in behavior, but that the code
patterns better match the analyzer's expectations.

Change-Id: I58544aaf6b15209

msgbuf: Bounds checks that satisfy GCC's analyzer

The intent is that there is no change in behavior, but that the code
patterns better match the analyzer's expectations.

Change-Id: I58544aaf6b15209e754059bf72a55dc9d63c9d61
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Externalise error value conversion

We need to simplify the code to satisfy clang's analyzer, which seems
to struggle with assumptions if the code exceeds some unknown complexity
limit.

Spec

msgbuf: Externalise error value conversion

We need to simplify the code to satisfy clang's analyzer, which seems
to struggle with assumptions if the code exceeds some unknown complexity
limit.

Specifically, this does away with pldm_msgbuf_init_cc() and all the
associated pldm_msgbuf_status() error translation machinery. All the
call-sites are fixed up, with some additional safety checks put in place
along the way.

I believe this change is viable because unless we're converting legacy
API implementations to use msgbuf there's no additional trickery, and
if we're converting existing implementations then care is required
regardless. The change of approach has no impact on implementation of
new APIs with msgbuf, as the current philosophy is that they should
return negative errnos anyway.

As seems to be the case with this kind of work, the parameter register
allocation seems to have been affected for a number of library APIs.
These are listed in the changelog, and the ABI dump has been updated.

Finally, for msgbuf use in the test cases, all instances have
been converted to use errnos in place of PLDM completion codes in the
expectations. Hopefully there's no more malarky with PLDM completion
code misuse in the future.

Change-Id: Id4a7366ee9f60fb991dfe84aa0bb5aadc9855fcc
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

Revert "dsp: platform: Fix decode_set_event_receiver_req()"

This reverts commit 8c43abb70aeadde39d99af2c1b6b5d4a1416fc47.

As found in openbmc/pldm@35f25949fe4d ("Fix invalid read by adjusting
reque

Revert "dsp: platform: Fix decode_set_event_receiver_req()"

This reverts commit 8c43abb70aeadde39d99af2c1b6b5d4a1416fc47.

As found in openbmc/pldm@35f25949fe4d ("Fix invalid read by adjusting
request size") the change in 8c43abb70aea ("dsp: platform: Fix
decode_set_event_receiver_req()") reduces the value of
PLDM_SET_EVENT_RECEIVER_REQ_BYTES and causes an out-of-bounds access.

A new macro should be introduced rather than changing the value of
PLDM_SET_EVENT_RECEIVER_REQ_BYTES.

Change-Id: I922c7eff86919f513e302bec393c0a516046e923
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKe

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKeepAlive.

gitlint-ignore: B1, UC1
Fixes: 66c7723adbdc ("msgbuf: Enable pldm_msgbuf_extract() into packed members")
Fixes: 9667f5823930 ("platform: pldm_msgbuf for decode_set_event_receiver_req()")
Fixes: 6ef2aa90a793 ("platform: Test invalid heartbeat conditions after assignment")
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ia2a0c71a1f37a0fd32670b9b66b051e18fb73dbe
Signed-off-by: Gilbert Chen <gilbertc@nvidia.com>

show more ...

platform: Fix checking `eventIDToAcknowledge`

As DSP0248 V1.3.0, `Figure 22 - Switching from asynchronous eventing to
poll for an event with large data` when the `tranferFlag` of
`PollForPlatformEve

platform: Fix checking `eventIDToAcknowledge`

As DSP0248 V1.3.0, `Figure 22 - Switching from asynchronous eventing to
poll for an event with large data` when the `tranferFlag` of
`PollForPlatformEventMessage` is `AcknowledgementOnly` the
`eventIDToAcknowledge` will be 0xffff.

But the contents in lines #1678 to #1681 of the same specs details
```
1678 0x0000 shall be returned to indicate the terminus event queue is empty. The PLDM Event Receiver shall
1679 acknowledge reception of the event by issuing the command again with the eventIDToAcknowledge set
1680 to the previously retrieved eventID (from the PLDM terminus). The PLDM terminus shall remove the
1681 acknowledged event message from its internal FIFO upon reception of the acknowledgment
```

When the `tranferFlag` is `AcknowledgementOnly` the
`eventIDToAcknowledge` should be `the previously retrieved eventID (from
the PLDM terminus)` which is not 0x0000 and 0xffff. Because `The PLDM
terminus shall remove the acknowledged event message` so the contents in
lines #1678 to #1681 are correct.

Update the failure condition in
`pldm_platform_poll_for_platform_event_message_validate` helper function
to follow the contents in lines #1678 to #1681. The helper will return
error when `tranferFlag` is `AcknowledgementOnly` and
`eventIDToAcknowledge` is 0xffff or 0x0000 (which can't be a real
previous event ID from terminus).

gitlint-ignore: B1, UC1
Fixes: 387b10f6cd37 ("platform: fix encode/decode_poll_for_platform_event_message_req")
Change-Id: Icf84494dbe2c43fba8ae2ec72e7197e8dd4abf3e
Signed-off-by: Thu Nguyen <thu@os.amperecomputing.com>

show more ...

platform: Support PLDM_CPER_EVENT in encode_platform_event_message_req()

DSP0248 v1.3.0 add CPEREvent for PLDM Event Types as Table 11 and add
it in `encode_platform_event_message_req` func.

Change

platform: Support PLDM_CPER_EVENT in encode_platform_event_message_req()

DSP0248 v1.3.0 add CPEREvent for PLDM Event Types as Table 11 and add
it in `encode_platform_event_message_req` func.

Change-Id: I94e73938694ce8367489244b75c7e8e0a6d1d8ee
Signed-off-by: John Chung <john.chung@arm.com>
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Improve type-specific ergonomics to match generic macros

Don't require that a pointer be passed. Rather, take the pointer inside
the type-safe macro definition, and perform the void cast to

msgbuf: Improve type-specific ergonomics to match generic macros

Don't require that a pointer be passed. Rather, take the pointer inside
the type-safe macro definition, and perform the void cast to avoid the
alignment warning.

Change-Id: I5fbfc4a95591d2640595107e6f5fcae44a95950f
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

platform: fix encode/decode_poll_for_platform_event_message_req

The checking `TransferOperationFlag` and `eventIDToAcknowledge` in
`encode/decode_poll_for_platform_event_message_req` APIs is not
cor

platform: fix encode/decode_poll_for_platform_event_message_req

The checking `TransferOperationFlag` and `eventIDToAcknowledge` in
`encode/decode_poll_for_platform_event_message_req` APIs is not
corrected. Update the conditions to follow the section `16.7
PollForPlatformEventMessage command` in DSP0248 V1.3.0.

Change-Id: Ie799d38f4a492b7719c2ff7c14fe83a1f81dc0b1
Signed-off-by: Thu Nguyen <thu@os.amperecomputing.com>

show more ...

clang-tidy: Enable cppcoreguidelines-pro-type-reinterpret-cast

There are ways to avoid reinterpret_cast<>() in many circumstances.
For libpldm, often its use can be replaced with placement-new.
Enab

clang-tidy: Enable cppcoreguidelines-pro-type-reinterpret-cast

There are ways to avoid reinterpret_cast<>() in many circumstances.
For libpldm, often its use can be replaced with placement-new.
Enable the lint for reinterpret_cast<>() to prevent its use in future
changes. This way we can stay inside the language rather than rely on
implementation-defined behavior.

Existing uses of reinterpret_cast<>() are marked NOLINT for now, with
the intent that we clean them up over time. The insertion of the NOLINTs
was automated with sed.

Change-Id: If6654f774e438de9262fe9f9012c6b574764c326
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

base: Add size and buffer macros for struct pldm_msg

Give library users a supported way to allocate pldm_msg buffers on the
stack.

A demonstration conversion is done in tests/oem/ibm/host.cpp.

Cha

base: Add size and buffer macros for struct pldm_msg

Give library users a supported way to allocate pldm_msg buffers on the
stack.

A demonstration conversion is done in tests/oem/ibm/host.cpp.

Change-Id: I71158bd6b062c6e6522dc4a4cdcb089a139cd841
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

oem: meta: Stabilise decode/encode file IO API

Stabilise decode_oem_meta_file_io_write_req() API
Stabilise decode_oem_meta_file_io_read_req() API
Stabilise encode_oem_meta_file_io_read_resp() API

S

oem: meta: Stabilise decode/encode file IO API

Stabilise decode_oem_meta_file_io_write_req() API
Stabilise decode_oem_meta_file_io_read_req() API
Stabilise encode_oem_meta_file_io_read_resp() API

See usage example at:
[1] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#59
[2] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#89
[3] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#143

Change-Id: I8bc38e4fad7ad18dc7ab5062fab14cdd11fe9aef
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...

dsp: pdr: Add pldm_entity_association_tree_copy_root_check()

Allocations cannot be treated as infallible. Ensure that copying
the entity association tree signals failure to the caller along with
cle

dsp: pdr: Add pldm_entity_association_tree_copy_root_check()

Allocations cannot be treated as infallible. Ensure that copying
the entity association tree signals failure to the caller along with
cleaning up after itself to avoid leaking memory.

Change-Id: Icfd255b45530e42a6a3a0a3205e665eed53708d1
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Null check for pldm_bios_table_iter_is_end()

GCC's -fanalyzer identified the following:

```
In file included from ../tests/dsp/bios_table_iter.c:15:
../src/dsp/bios_table.c: In fun

dsp: bios_table: Null check for pldm_bios_table_iter_is_end()

GCC's -fanalyzer identified the following:

```
In file included from ../tests/dsp/bios_table_iter.c:15:
../src/dsp/bios_table.c: In function ‘pldm_bios_table_iter_is_end’:
../src/dsp/bios_table.c:991:17: error: dereference of NULL ‘iter’ [CWE-476] [-Werror=analyzer-null-dereference]
991 | if (iter->table_len - iter->current_pos <= pad_and_check_max) {
| ~~~~^~~~~~~~~~~
```

As a safety measure, return true to indicate the end of the iterator if
the iterator is null.

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I18eec144120054de33eb351f9a80dee936118126
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

pdr: Remove PDR record by record set identifier

API to remove a record from a PLDM PDR repository if it is
of type FRU record set identifier and if it matches given
record set identifier. Record han

pdr: Remove PDR record by record set identifier

API to remove a record from a PLDM PDR repository if it is
of type FRU record set identifier and if it matches given
record set identifier. Record handle of the PDR where this
entity is found is saved and will be required to update PDR
repo by removing the entry corresponding to this entity
in the PDR table. Also the Node associated with this pldm
entity is deleted from PDR tree.

Change-Id: I24606c4d75ff64864f4aa95d8b2341b8911a7ff8
Signed-off-by: Varsha Kaverappa <vkaverap@in.ibm.com>

show more ...

pdr: Remove contained entity from PDR repo

API to remove a contained entity from an entity association PDR. This
API saves record handle of the PLDM PDR record where the contained
entity is found. T

pdr: Remove contained entity from PDR repo

API to remove a contained entity from an entity association PDR. This
API saves record handle of the PLDM PDR record where the contained
entity is found. The record handle we get from this API will be
required to update PDR repo by removing the entry corresponding to
this entity in the PDR table. Also the Node associated with this pldm
entity is deleted from PDR tree. The PLDM PDR record which holds the
contained entity to be removed is found with the parent entity
properties sent to this API as input.

Tested By: Unit tested by removing entities from PDR repo

Change-Id: I55fb898a0e67d8c9cd95594b4ec6a6a4866c9531
Signed-off-by: Varsha Kaverappa <vkaverap@in.ibm.com>

show more ...

msgbuf: Allow pldm_msgbuf_span_required to accept NULL

Allow pldm_msgbuf_span_required to accept NULL as an argument
so we can use this API to skip past data in the msg buffer which
is not required

msgbuf: Allow pldm_msgbuf_span_required to accept NULL

Allow pldm_msgbuf_span_required to accept NULL as an argument
so we can use this API to skip past data in the msg buffer which
is not required and extract only the relevant data.

Change-Id: I08d233b8efe415732fb7c01c00a9925f04666fe2
Signed-off-by: Varsha Kaverappa <vkaverap@in.ibm.com>

show more ...

oem: meta: Add encode_oem_meta_file_io_read_resp()

Add encode_oem_meta_file_io_read_resp function

This function is used to encode the message of reading file IO.
Assemble responses to read file IO

oem: meta: Add encode_oem_meta_file_io_read_resp()

Add encode_oem_meta_file_io_read_resp function

This function is used to encode the message of reading file IO.
Assemble responses to read file IO messages, but the response
content other than the completion code needs to be additionally
appended.

Change-Id: Ib030ac9f37fe73b66fb762dcf8b8297bce79836a
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...

oem: meta: Add decode_oem_meta_file_io_read_req()

Add decode_oem_meta_file_io_read_req function.

This function is used to decode the message of reading file IO.
Need to include read_option (read fi

oem: meta: Add decode_oem_meta_file_io_read_req()

Add decode_oem_meta_file_io_read_req function.

This function is used to decode the message of reading file IO.
Need to include read_option (read file attributes or data), length
(the length of the read data) and read_info (The information
needed to read the file).
Take reading file data as an example:
read_info needs to contain transferFlag, offset to know the
starting position and transfer progress of the read file.

Change-Id: I425476d36e3cd69d2da45beceff1c4a2362640dc
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...