dsp: fru: Bounds check encode_fru_record()

```
../src/dsp/fru.c:200:17: error: use of attacker-controlled value ‘tlvs_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-

dsp: fru: Bounds check encode_fru_record()

```
../src/dsp/fru.c:200:17: error: use of attacker-controlled value ‘tlvs_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
200 | memcpy(fru_table + *curr_size, tlvs, tlvs_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ibc2831c5fd9665bb2645d49c856fc1a77c6e1feb
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: fru: Bounds check encode_get_fru_record_by_option_resp()

```
../src/dsp/fru.c: In function ‘encode_get_fru_record_by_option_resp’:
../src/dsp/fru.c:388:17: error: use of attacker-controlled val

dsp: fru: Bounds check encode_get_fru_record_by_option_resp()

```
../src/dsp/fru.c: In function ‘encode_get_fru_record_by_option_resp’:
../src/dsp/fru.c:388:17: error: use of attacker-controlled value ‘data_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
388 | memcpy(resp->fru_structure_data, fru_structure_data, data_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I01b43823e3a24c7e7ed229d09643b15fcff4d43b
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()

```
../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’:
../src/oem/ibm/platform.c:49:9: error:

oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()

```
../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’:
../src/oem/ibm/platform.c:49:9: error: use of attacker-controlled value ‘(long unsigned int)num_handles * 2’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
49 | memcpy(request->bios_attribute_handles, list_of_handles,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
50 | num_handles * sizeof(uint16_t));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ie329d651207936b4a4762efa7631c9ecb525cf74
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: firmware_update: Bounds check decode_downstream_device_parameter_table_entry_versions()

```
../src/dsp/firmware_update.c: In function ‘decode_downstream_device_parameter_table_entry_versions’:

dsp: firmware_update: Bounds check decode_downstream_device_parameter_table_entry_versions()

```
../src/dsp/firmware_update.c: In function ‘decode_downstream_device_parameter_table_entry_versions’:
../src/dsp/firmware_update.c:1248:48: error: use of attacker-controlled value ‘*entry.active_comp_ver_str_len’ as offset without upper-bounds checking [CWE-823] [-Werror=analyzer-tainted-offset]
1248 | active[entry->active_comp_ver_str_len] = '\0';
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
```

gitlint-ignore: T1, B1, UC1
Fixes: b6ef35b48065 ("fw_update: Add encode req & decode resp for get_downstream_fw_params")
Change-Id: I15571804f391dc97de6d80c90325ded006aee500
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_enum()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_enum’:
../src/dsp/bios_table.c:711:17:

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_enum()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_enum’:
../src/dsp/bios_table.c:711:17: error: use of attacker-controlled value ‘count’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
711 | memcpy(&table_entry->value[1], handles, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Change-Id: Ie8073f6d19ad3c249160c675f36d73dc83afb198
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_string()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_string’:
../src/dsp/bios_table.c:773:

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_string()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_string’:
../src/dsp/bios_table.c:773:17: error: use of attacker-controlled value ‘str_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
773 | memcpy(table_entry->value + sizeof(str_length), str,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
774 | str_length);
| ~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Change-Id: I836566b6148443d4653b44adb25cc1c277f9028e
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_append_pad_checksum()

```
../src/dsp/bios_table.c: In function ‘checksum_append’:
../src/dsp/bios_table.c:905:9: error: use of attacker-controlled value

dsp: bios_table: Bounds check pldm_bios_table_append_pad_checksum()

```
../src/dsp/bios_table.c: In function ‘checksum_append’:
../src/dsp/bios_table.c:905:9: error: use of attacker-controlled value ‘*size’ as offset without upper-bounds checking [CWE-823] [-Werror=analyzer-tainted-offset]
905 | memcpy(table_end, &checksum, sizeof(checksum));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I786f628cad0b0625feda2c8f486d2fbcd603104c
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: pdr: Bound check pldm_entity_association_pdr_extract()

```
../src/dsp/pdr.c: In function ‘pldm_entity_association_pdr_extract’:
../src/dsp/pdr.c:1333:35: error: use of attacker-controlled value

dsp: pdr: Bound check pldm_entity_association_pdr_extract()

```
../src/dsp/pdr.c: In function ‘pldm_entity_association_pdr_extract’:
../src/dsp/pdr.c:1333:35: error: use of attacker-controlled value ‘(size_t)((int)*((char *)&*pdr + 10).num_children + 1) * 6’ as allocation size without upper-bounds checking [CWE-789] [-Werror=analyzer-tainted-allocation-size]
1333 | pldm_entity *l_entities = malloc(sizeof(pldm_entity) * l_num_entities);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I96582ae2b19d22413919ae0a6a9b94e2d3d40f39
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Bounds check encode_state_effecter_pdr()

```
../src/dsp/platform.c:84:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129]

dsp: platform: Bounds check encode_state_effecter_pdr()

```
../src/dsp/platform.c:84:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
84 | memcpy(effecter->possible_states, possible_states,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
85 | possible_states_size);
| ~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I7a53144c4c02639a0f7b7291277d8903d8f2717e
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Bounds check encode_sensor_state_pdr()

```
../src/dsp/platform.c: In function ‘encode_state_sensor_pdr’:
../src/dsp/platform.c:152:9: error: use of attacker-controlled value ‘possible

dsp: platform: Bounds check encode_sensor_state_pdr()

```
../src/dsp/platform.c: In function ‘encode_state_sensor_pdr’:
../src/dsp/platform.c:152:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
152 | memcpy(sensor->possible_states, possible_states, possible_states_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I682beae26d346e474825a393da7b5248d3166fbf
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Prevent overflow of arithmetic on event_data_length

Resolves the following warning from GCC's static analyzer:

```
../src/dsp/platform.c: In function ‘encode_platform_event_message_r

dsp: platform: Prevent overflow of arithmetic on event_data_length

Resolves the following warning from GCC's static analyzer:

```
../src/dsp/platform.c: In function ‘encode_platform_event_message_req’:
../src/dsp/platform.c:1246:9: error: use of attacker-controlled value ‘event_data_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
1246 | memcpy(request->event_data, event_data, event_data_length);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Id889a5b56d8403dea41f6acd43f21b44bf8d503d
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Bounds checks that satisfy GCC's analyzer

The intent is that there is no change in behavior, but that the code
patterns better match the analyzer's expectations.

Change-Id: I58544aaf6b15209

msgbuf: Bounds checks that satisfy GCC's analyzer

The intent is that there is no change in behavior, but that the code
patterns better match the analyzer's expectations.

Change-Id: I58544aaf6b15209e754059bf72a55dc9d63c9d61
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Externalise error value conversion

We need to simplify the code to satisfy clang's analyzer, which seems
to struggle with assumptions if the code exceeds some unknown complexity
limit.

Spec

msgbuf: Externalise error value conversion

We need to simplify the code to satisfy clang's analyzer, which seems
to struggle with assumptions if the code exceeds some unknown complexity
limit.

Specifically, this does away with pldm_msgbuf_init_cc() and all the
associated pldm_msgbuf_status() error translation machinery. All the
call-sites are fixed up, with some additional safety checks put in place
along the way.

I believe this change is viable because unless we're converting legacy
API implementations to use msgbuf there's no additional trickery, and
if we're converting existing implementations then care is required
regardless. The change of approach has no impact on implementation of
new APIs with msgbuf, as the current philosophy is that they should
return negative errnos anyway.

As seems to be the case with this kind of work, the parameter register
allocation seems to have been affected for a number of library APIs.
These are listed in the changelog, and the ABI dump has been updated.

Finally, for msgbuf use in the test cases, all instances have
been converted to use errnos in place of PLDM completion codes in the
expectations. Hopefully there's no more malarky with PLDM completion
code misuse in the future.

Change-Id: Id4a7366ee9f60fb991dfe84aa0bb5aadc9855fcc
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

Revert "dsp: platform: Fix decode_set_event_receiver_req()"

This reverts commit 8c43abb70aeadde39d99af2c1b6b5d4a1416fc47.

As found in openbmc/pldm@35f25949fe4d ("Fix invalid read by adjusting
reque

Revert "dsp: platform: Fix decode_set_event_receiver_req()"

This reverts commit 8c43abb70aeadde39d99af2c1b6b5d4a1416fc47.

As found in openbmc/pldm@35f25949fe4d ("Fix invalid read by adjusting
request size") the change in 8c43abb70aea ("dsp: platform: Fix
decode_set_event_receiver_req()") reduces the value of
PLDM_SET_EVENT_RECEIVER_REQ_BYTES and causes an out-of-bounds access.

A new macro should be introduced rather than changing the value of
PLDM_SET_EVENT_RECEIVER_REQ_BYTES.

Change-Id: I922c7eff86919f513e302bec393c0a516046e923
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKe

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKeepAlive.

gitlint-ignore: B1, UC1
Fixes: 66c7723adbdc ("msgbuf: Enable pldm_msgbuf_extract() into packed members")
Fixes: 9667f5823930 ("platform: pldm_msgbuf for decode_set_event_receiver_req()")
Fixes: 6ef2aa90a793 ("platform: Test invalid heartbeat conditions after assignment")
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ia2a0c71a1f37a0fd32670b9b66b051e18fb73dbe
Signed-off-by: Gilbert Chen <gilbertc@nvidia.com>

show more ...

platform: Fix checking `eventIDToAcknowledge`

As DSP0248 V1.3.0, `Figure 22 - Switching from asynchronous eventing to
poll for an event with large data` when the `tranferFlag` of
`PollForPlatformEve

platform: Fix checking `eventIDToAcknowledge`

As DSP0248 V1.3.0, `Figure 22 - Switching from asynchronous eventing to
poll for an event with large data` when the `tranferFlag` of
`PollForPlatformEventMessage` is `AcknowledgementOnly` the
`eventIDToAcknowledge` will be 0xffff.

But the contents in lines #1678 to #1681 of the same specs details
```
1678 0x0000 shall be returned to indicate the terminus event queue is empty. The PLDM Event Receiver shall
1679 acknowledge reception of the event by issuing the command again with the eventIDToAcknowledge set
1680 to the previously retrieved eventID (from the PLDM terminus). The PLDM terminus shall remove the
1681 acknowledged event message from its internal FIFO upon reception of the acknowledgment
```

When the `tranferFlag` is `AcknowledgementOnly` the
`eventIDToAcknowledge` should be `the previously retrieved eventID (from
the PLDM terminus)` which is not 0x0000 and 0xffff. Because `The PLDM
terminus shall remove the acknowledged event message` so the contents in
lines #1678 to #1681 are correct.

Update the failure condition in
`pldm_platform_poll_for_platform_event_message_validate` helper function
to follow the contents in lines #1678 to #1681. The helper will return
error when `tranferFlag` is `AcknowledgementOnly` and
`eventIDToAcknowledge` is 0xffff or 0x0000 (which can't be a real
previous event ID from terminus).

gitlint-ignore: B1, UC1
Fixes: 387b10f6cd37 ("platform: fix encode/decode_poll_for_platform_event_message_req")
Change-Id: Icf84494dbe2c43fba8ae2ec72e7197e8dd4abf3e
Signed-off-by: Thu Nguyen <thu@os.amperecomputing.com>

show more ...

platform: Support PLDM_CPER_EVENT in encode_platform_event_message_req()

DSP0248 v1.3.0 add CPEREvent for PLDM Event Types as Table 11 and add
it in `encode_platform_event_message_req` func.

Change

platform: Support PLDM_CPER_EVENT in encode_platform_event_message_req()

DSP0248 v1.3.0 add CPEREvent for PLDM Event Types as Table 11 and add
it in `encode_platform_event_message_req` func.

Change-Id: I94e73938694ce8367489244b75c7e8e0a6d1d8ee
Signed-off-by: John Chung <john.chung@arm.com>
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

platform: fix encode/decode_poll_for_platform_event_message_req

The checking `TransferOperationFlag` and `eventIDToAcknowledge` in
`encode/decode_poll_for_platform_event_message_req` APIs is not
cor

platform: fix encode/decode_poll_for_platform_event_message_req

The checking `TransferOperationFlag` and `eventIDToAcknowledge` in
`encode/decode_poll_for_platform_event_message_req` APIs is not
corrected. Update the conditions to follow the section `16.7
PollForPlatformEventMessage command` in DSP0248 V1.3.0.

Change-Id: Ie799d38f4a492b7719c2ff7c14fe83a1f81dc0b1
Signed-off-by: Thu Nguyen <thu@os.amperecomputing.com>

show more ...

oem: ibm: Add PCIe Topology Actions StateSetId and Enums

PCIe Topology involves certain actions that can be done in order
to either get the topology info or save the topology info etc.
This commit a

oem: ibm: Add PCIe Topology Actions StateSetId and Enums

PCIe Topology involves certain actions that can be done in order
to either get the topology info or save the topology info etc.
This commit adds the necessary enumerations for the topology
action and the corresponding state set ID.

Change-Id: I6fa7d25327a8ce94b3538de3e46e25e944088997
Signed-off-by: Pavithra Barithaya <pavithrabarithaya07@gmail.com>

show more ...

base: Add size and buffer macros for struct pldm_msg

Give library users a supported way to allocate pldm_msg buffers on the
stack.

A demonstration conversion is done in tests/oem/ibm/host.cpp.

Cha

base: Add size and buffer macros for struct pldm_msg

Give library users a supported way to allocate pldm_msg buffers on the
stack.

A demonstration conversion is done in tests/oem/ibm/host.cpp.

Change-Id: I71158bd6b062c6e6522dc4a4cdcb089a139cd841
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

pdr: Improve error propagation

Enhance error propagation in
pldm_entity_association_pdr_add_from_node_with_record_handle(). Instead
of always returning 0, the function now returns the result from
en

pdr: Improve error propagation

Enhance error propagation in
pldm_entity_association_pdr_add_from_node_with_record_handle(). Instead
of always returning 0, the function now returns the result from
entity_association_pdr_add to accurately reflect success/failure.

gitlint-ignore: B1, UC1
Fixes: [25ddbccfae0e ("pdr: Add pldm_entity_association_pdr_add_from_node_with_record_handle()")
Change-Id: I4d3711e096b2a90c62a600be89a16b47e6b20f79
Signed-off-by: Archana Kakani <archana.kakani@ibm.com>

show more ...

oem: meta: Stabilise decode/encode file IO API

Stabilise decode_oem_meta_file_io_write_req() API
Stabilise decode_oem_meta_file_io_read_req() API
Stabilise encode_oem_meta_file_io_read_resp() API

S

oem: meta: Stabilise decode/encode file IO API

Stabilise decode_oem_meta_file_io_write_req() API
Stabilise decode_oem_meta_file_io_read_req() API
Stabilise encode_oem_meta_file_io_read_resp() API

See usage example at:
[1] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#59
[2] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#89
[3] https://gerrit.openbmc.org/c/openbmc/pldm/+/71889/10/oem/meta/libpldmresponder/oem_meta_file_io.cpp#143

Change-Id: I8bc38e4fad7ad18dc7ab5062fab14cdd11fe9aef
Signed-off-by: Lora Lin <lora.lin.wiwynn@gmail.com>

show more ...

dsp: pdr: Add pldm_entity_association_tree_copy_root_check()

Allocations cannot be treated as infallible. Ensure that copying
the entity association tree signals failure to the caller along with
cle

dsp: pdr: Add pldm_entity_association_tree_copy_root_check()

Allocations cannot be treated as infallible. Ensure that copying
the entity association tree signals failure to the caller along with
cleaning up after itself to avoid leaking memory.

Change-Id: Icfd255b45530e42a6a3a0a3205e665eed53708d1
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: pdr: Apply LIBPLDM_CC_NONNULL to reduce assert()s

The PDR API implementations are in a bit of a state. Reduce the use of
asserts to highlight the more egregious ones.

Again adjusting some asse

dsp: pdr: Apply LIBPLDM_CC_NONNULL to reduce assert()s

The PDR API implementations are in a bit of a state. Reduce the use of
asserts to highlight the more egregious ones.

Again adjusting some assert behavior has impacted the ABI as
measured by abi-compliance-checker. pldm_pdr_find_record() and
pldm_pdr_get_next_record() are both affected, with changes to the
registers assigned for parameter-passing.

Change-Id: I7797217dac76afcf7a9df7519d9d2aa394d3b5dd
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Null check for pldm_bios_table_iter_is_end()

GCC's -fanalyzer identified the following:

```
In file included from ../tests/dsp/bios_table_iter.c:15:
../src/dsp/bios_table.c: In fun

dsp: bios_table: Null check for pldm_bios_table_iter_is_end()

GCC's -fanalyzer identified the following:

```
In file included from ../tests/dsp/bios_table_iter.c:15:
../src/dsp/bios_table.c: In function ‘pldm_bios_table_iter_is_end’:
../src/dsp/bios_table.c:991:17: error: dereference of NULL ‘iter’ [CWE-476] [-Werror=analyzer-null-dereference]
991 | if (iter->table_len - iter->current_pos <= pad_and_check_max) {
| ~~~~^~~~~~~~~~~
```

As a safety measure, return true to indicate the end of the iterator if
the iterator is null.

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I18eec144120054de33eb351f9a80dee936118126
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...