Since commit 7975f64222 ("Fix widespread incorrect use of strneq(),
replace with new strprefixeq()") simple-bus checks have been silently
skipped. The problem was 'end - str' is one more than the string length
and the strnlen in strprefixeq fails. This can't be fixed simply by
subtracting one as it is possible to have multiple '\0' at the end of
the property. Fix this by making the 'compatible' property string list
check a dependency, and then we can assume the property is null
terminated and we can just use streq() for comparisons.
Add some tests so the problem doesn't happen again.
Fixes: 7975f64222 ("Fix widespread incorrect use of strneq(), replace with new strprefixeq()")
Reported-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
When there is a label inside a sequence of ints at the end of a
property, an assertion is hit because write_propval() expects all the
labels to be at the very end of the property data. This is clearly wrong
behaviour.
To reproduce run: "dtc -O dts tests/label01.dts". dtc fails on property
/randomnode/blob.
Fix by reworking the write_propval() loop to remove the separate
iterating over label markers. Instead handle the label markers as part
of the main marker iteration loop. This guarantees that each label
marker is handled at the right location, even if all the data markers
have already been handled, and has the added advantage of making the
code simpler.
However, a side effect of this code is that a label at the very end of
an int sequence will be emitted outside the sequence delimiters. For
example:
Input: intprop = < 1 2 L1: >, L2: < 3 4 L3: > L4:;
Output: intprop = < 1 2 >, L1: L2: < 3 4 > L3: L4:;
The two representations are equivalent in the data model, but the
current test case was looking for the former, but needed to be modified
to look for the later. The alternative would be to render labels before
closing the sequence, but that makes less sense syntactically because
labels between sequences are normally to point at the next one, not the
former. For example:
Input: intprop = < 1 2 L1: >, L2: < 3 4 L3: > L4:;
Output: intprop = < 1 2 L1: L2: >, < 3 4 L3: L4: >;
DTC doesn't current have the information to know if the label should be
inside or outside the sequence, but in common usage, it is more likely
that L1 & L2 refer to the second sequence, not the end of the first.
Fixes: 32b9c61307 ("Preserve datatype markers when emitting dts
format")
Reported-by: Łukasz Dobrowolski <lukasz.dobrowolski@nokia.com>
Signed-off-by: Grant Likely <grant.likely@arm.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Commit 32b9c61307 ("Preserve datatype markers when emitting dts format")
add spaces between <> and [] and the encapsulated numbers. Fix this to
keep the prior formatting and not break some users needlessly.
Fixes: 32b9c61307 ("Preserve datatype markers when emitting dts format")
Reported-by: Stewart Smith <stewart@linux.ibm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
YAML encoded DT is useful for validation of DTs using binding schemas.
The YAML encoding is an intermediate format used for validation and
is therefore subject to change as needed. The YAML output is dependent
on DTS input with type information preserved.
Signed-off-by: Grant Likely <grant.likely@arm.com>
[robh: make YAML support optional, build fixes, Travis CI test,
preserve type information in paths and phandles]
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
These methods are needed to permit larger changes to the device tree blob.
Add two new methods and an associate test.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Some platforms don't have valgrind support, and sometimes you simply might
not want to use valgrind. But at present, dtc, or more specifically its
testsuite, won't compile without valgrind because we use the valgrind
client interface in some places to improve our testing and suppress false
positives.
This adds some Makefile detection to correctly handle the case where
valgrind is not available.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Greg Kurz added a trivial test of the -I fs mode recently, which was
previously basically untested. This is an oversight, since we
recently had a bug which completely broke it.
This replaces Greg's test with a more thorough test of -I fs mode. We
use a test helper to create the familiar test_tree1 in "fs" form, then use
dtc -I fs to process it, and check that the results match what they
should.
We only check the content in -I fs -O dtb mode, since that's simplest,
but we do run -I fs -O dts mode as well to make sure it doesn't blow
up (the aforementioned bug caused just such a blow up, specific to -O
dts mode, for example).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
For some upcoming tests we want to be able to test if two trees are
equal, but we don't care about the memory reservation map. So, this
adds an option to the dtbs_equal_unordered test helper which tells it
to ignore the reserve map.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Some recent changes caused '-I fs -O dts' to crash instantly when
emitting the first property holding actual data, ie, coming from
a non-empty file. This got fixed already by another patch.
This simply adds a test for the original problem.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
vg_prepare_blob() assumes a valid return from fdt_num_mem_rsv() in order
to make sensible initialization of the valgrind mem checker. Usually
that's fine, but it breaks down on the (deliberately corrupted)
truncated_memrsv testcase.
That led to marking a negative-size (== enormously sized once cast to
size_t) as defined with VALGRIND_MAKE_MEM_DEFINED, which casued valgrind
to freeze up and consume ludicrous amounts of memory until OOMing.
This correction makes us robust in that case.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
You're not supposed to pass NULL to memcmp(), and some sanitizers complain
about it, even when the length is zero.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add internal fdt_cells() to avoid copy and paste. Test error cases and
default values. Fix typo in fdt_size_cells() documentation comment.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
It is useful to be able to create a device tree from scratch using
software. This is supported in libfdt but not currently available in the
Python bindings.
Add a new FdtSw class to handle this, with various methods corresponding
to the libfdt functions. When the tree is complete, calling AsFdt() will
return the completed device-tree object.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
We primarily test fdt_resize() in the sw_tree1 testcase, but it has
some deficiencies:
- It didn't check for errors actually originating in fdt_resize(),
just for errors before and after
- It only tested cases where the resized buffer was at the same
address as the original one, whereas fdt_resize() is also supposed
to work if the new buffer is entirely separate, or partly
overlapping
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
If datatype markers are present in the property value, use them to
output the data in the correct format instead of trying to guess the
datatype. This also will preserve data grouping, such as in an
interrupts list.
This is a step forward for preserving and using datatype information
when processing DTS/DTB files. Schema validation tools can use the
datatype information to make sure a DT is correctly formed and
intepreted.
Signed-off-by: Grant Likely <grant.likely@arm.com>
[robh: rework marker handling and fix label output]
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
'prop_name_chars' is not a valid check name, but the test was passing due
to a bug in dtc-checkfails.sh. Fix it to be the correct name,
'property_name_chars'.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
I noticed the error type passed in didn't matter for check tests to pass.
There's a couple of problems with the grep regex. The error/warning
messages begin with the output filename now, so "ERROR" or "Warning" is not
at the beginning of the line. Secondly, the parentheses seem to be wrong.
It's not clear to me what was intended.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
It is common to want to set a property to a nul-terminated string in a
device tree. Add python methods to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
At present pack() calls fdt_pack() which may well reduce the size of the
device-tree data. However this does not currently update the size of the
bytearray to take account of any reduction. This means that there may be
unused data at the end of the bytearray and any users of as_bytearray()
will see this extra data.
Fix this by resizing the bytearray after packing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Extend the Properties class with some functions to read a single integer
property. Add a new getprop_obj() function to return a Property object
instead of the raw data.
This suggested approach can be extended to handle other types, as well as
arrays.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
We can use the accessor now, so do so.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Allow updating and creating properties, including special methods for
integers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add support for fdt_open_into() and fdt_create_empty_tree() from the
Python library. The former is named resize() since it better fits with
what the Python binding actually does.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add a way to access this information from Python.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This function requires a bit of typemap effort to get the depth parameter
to work correctly. Add support for it, along with a test.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This new function implements a complete and thorough check of an fdt blob's
structure. Given a buffer containing an fdt, it should return 0 only if
the fdt within is structurally sound in all regards. It doesn't check
anything about the blob's contents (i.e. the actual values of the nodes and
properties), of course.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
libfdt is never supposed to access memory outside the the blob, or outside
the sub-blocks within it, even if the blob is badly corrupted.
We can leverage valgrind's client requests to do better testing of this.
This adds a vg_prepare_blob() function which marks just the valid parts of
an fdt blob as properly initialized, explicitly marking the rest as
uninitialized. This means valgrind should catch any bad accesses.
We add a call to vg_prepare_blob() to load_blob() so that lots of the
existing testcases will benefit from the extra checking.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Currently we have 3 valgrind suppression files in the tests, all of which
are to handle memcheck errors that originate from saving entire buffers
containing blobs where the gaps between sub-blocks might not be
initialized.
We can more simply suppress those errors by having the save_blob() helper
use valgrind's client interface to mark the data as initialized before we
write it out.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
This was leftover from an earlier implementation of load_blob().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
We have a couple of places within libfdt and its tests where we need to
find the size of the header, based on the version. Add a helper function
for it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
There are no less than _four_ variants on utilfdt_read() which is a bit
excessive. The _len() variants are particularly pointless, since we can
achieve the same thing with very little extra verbosity by using the usual
convention of ignoring return parameters if they're NULL. So, get rid of
them (we keep the shorter names without _len, but add now-optional len
parameters).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
fdt_num_mem_rsv() and fdt_get_mem_rsv() currently don't sanity check their
parameters, or the memory reserve section offset in the header. That means
that on a corrupted blob they could access outside of the range of memory
that they should.
This improves their safety checking, meaning they shouldn't access outside
the blob's bounds, even if its contents are badly corrupted.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
fdt_string() is used to retrieve strings from a DT blob's strings section.
It's rarely used directly, but is widely used internally.
However, it doesn't do any bounds checking, which means in the case of a
corrupted blob it could access bad memory, which libfdt is supposed to
avoid.
This write a safe alternative to fdt_string, fdt_get_string(). It checks
both that the given offset is within the string section and that the string
it points to is properly \0 terminated within the section. It also returns
the string's length as a convenience (since it needs to determine to do the
checks anyway).
fdt_string() is rewritten in terms of fdt_get_string() for compatibility.
Most of the diff here is actually testing infrastructure.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Currently fdt_check_header() performs only some rudimentary checks, which
is not really what the name suggests. This strengthens fdt_check_header()
to check as much about the blob as is possible from the header alone: as
well as checking the magic number and version, it checks that the total
size is sane, and that all the sub-blocks within the blob lie within the
total size.
* This broadens the meaning of FDT_ERR_TRUNCATED to cover all sorts of
improperly terminated blocks as well as just a structure block without
FDT_END.
* This makes fdt_check_header() only succeed on "complete" blobs, not
in-progress sequential write blobs. The only reason this didn't fail
before was that this function used to be called by many RO functions
which are supposed to also work on incomplete SW blobs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
When creating a tree with the sequential write functions, certain things
have to be done in a certain order. You must create the memory reserve map
and only then can you create the actual tree structure.
The -FDT_ERR_BADSTATE return code is for if you try to do things out of
order. However, we weren't checking that very thoroughly, so it was
possible to generate a corrupted blob if, for example, you started calling
fdt_begin_node() etc. before calling fdt_finish_reservemap().
This makes the state checking more thorough disallow that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is annoying to have to add .value when we want the value of a Property.
Make Property a subclass of bytearray so that it can be used directly when
the value is required.
Fix the Property class comment while we are here.
Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
When calling libfdt functions which are not supported by the Fdt class it
is necessary to get direct access to the device tree data. At present this
requries using the internal _fdt member. Add a new method to provide
public access to this, without allowing the data to be changed.
Note that a bytearray type is returned rather than str, since the swig
types are set up for bytearray to map correctly to const void *.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The newly introduced /omit-if-no-ref/ needs a few test cases, make
sure to test them.
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This test builds a tree in a previously uninitialized buffer, then writes
the whole buffer out to a file to be used by other tests. Because part of
the buffer may be uninitialized this causes a valgrind error.
Pre-initializing the buffer would remove the error, however it would make
valgrind not notice any accesses to the uninitialized portion *before* the
write out, and those would be genuine errors.
So, instead we use a valgrind suppressions file - however it has a couple
of problems. First it unnecessarily lists the same call path twice.
Second, the call path is only right for some C library versions. Change
the second copy to cover possible path that occurs with a different glibc
version.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
In the case where fdt_get_path() returns an error, a debug print will
attempt to display a poisoned buffer, running over the end and accessing
uninitialized memory.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add checks for DT graph bindings. These checks check node names,
unit-addresses and link connections on ports, port, and endpoint nodes.
The graph nodes are matched by finding nodes named 'endpoint' or with a
'remote-endpoint' property. We can't match on 'ports' or 'port' nodes
because those names are used for non-graph nodes. While the graph nodes
aren't really buses, using the bus pointer to tag matched nodes is
convenient.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Child nodes with the same unit-address (and different node names) are
either an error or just bad DT design. Typical errors are the unit-address
is just wrong (i.e. doesn't match reg value) or multiple children using the
same overlapping area. Overlapping regions are considered an error in new
bindings, but do exist in some existing trees. This check should flag
most but not all of those errors. Finding all cases would require doing
address translations and creating a full map of address spaces.
Mixing more than one address/number space at a level is bad design. It only
works if both spaces can use the same #address-cells and #size-cells sizes.
It also complicates parsing have a mixture of types of child nodes. The
best practice in this case is adding child container nodes for each
address/number space or using additional address bits/cells to encode
different address spaces.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
We've recently added "syntactic sugar" support to generate runtime dtb
overlays using similar syntax to the compile time overlays we've had for
a while. This worked with the &label { ... } syntax, adjusting an existing
labelled node, but would fail with the &{/path} { ... } syntax attempting
to adjust an existing node referenced by its path.
The previous code would always try to use the "target" property in the
output overlay, which needs to be fixed up, and __fixups__ can only encode
symbols, not paths, so the result could never work properly.
This adds support for the &{/path} syntax for overlays, translating it into
the "target-path" encoding in the output. It also changes existing
behaviour a little because we now unconditionally one fragment for each
overlay section in the source. Previously we would only create a fragment
if we couldn't locally resolve the node referenced. We need this for
path references, because the path is supposed to be referencing something
in the (not yet known) base tree, rather than the overlay tree we are
working with now. In particular one useful case for path based overlays
is using &{/} - but the constructed overlay tree will always have a root
node, meaning that without the change that would attempt to resolve the
fragment locally, which is not what we want.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
So far, the tests for generating runtime overlays with dtc weren't checking
the syntactic sugar. This adds such a test.
Furthermore the existing tests were only minimally testing dtc's output
for the overlay. This adds a test comparing the dtc output with the
more or less manually constructed overlays we already have for testing
libfdt's overlay application code. This does require some minor changes
to that manually constructed overlay which don't change the sematics but
re-order / rename things to match the way dtc does it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Some platforms (many, if not all, of the *BSD projects) do not provide a libdl,
and instead provide the same functionality in libc. Instead of forcing these
platforms to patch out the link against libdl, add a LIBDL make(1) variable to
allow the -ldl argument to be excluded easily via make(1) arguments.
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
GNU stat(1) uses '-c "%s"' as the proper invocation to print filesize of the
file in question, while BSD stat(1) uses '-f "%Uz"'. Do some trivial
autodetection to check if we're using GNU stat(1) and assume we're using BSD
stat(1) if we don't detect otherwise.
This should allow the test suite to run properly out-of-the-box on *BSDs and
MacOS in addition to the current Linux support.
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
stat -c %s's equivalent on FreeBSD is stat -f %Uz; these differ enough, allow
STATSZ in the environment to specify local replacement for a stat that outputs
size in bytes of an argument.
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add some checks for /chosen node. These check that chosen is located at
the root level and that bootargs and stdout-path properties are strings.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Rob Herring