From d9f554b62440de542c482fecf9374e8da3ea3602 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
Date: Sun, 3 Jul 2022 12:48:06 +0200
Subject: [PATCH 1/4] pci: Add checks to prevent config space overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PCIe config space has address range 0-4095. So do not allow reading from
addresses outside of this range. Lot of U-Boot drivers do not expect that
passed value is not in this range. PCI DM read function is extended to
fill read value to all ones or zeros when it fails as U-Boot callers
ignores return value.

Calling U-Boot command 'pci display.b 0.0.0 0 0x2000' now stops printing
config space at the end (before 0x1000 address).

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---
 cmd/pci.c                | 16 ++++++++++++++--
 drivers/pci/pci-uclass.c | 10 +++++++++-
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/cmd/pci.c b/cmd/pci.c
index a99e8f8ad6e..6258699fec8 100644
--- a/cmd/pci.c
+++ b/cmd/pci.c
@@ -358,6 +358,9 @@ static int pci_cfg_display(struct udevice *dev, ulong addr,
 	if (length == 0)
 		length = 0x40 / byte_size; /* Standard PCI config space */
 
+	if (addr >= 4096)
+		return 1;
+
 	/* Print the lines.
 	 * once, and all accesses are with the specified bus width.
 	 */
@@ -378,7 +381,10 @@ static int pci_cfg_display(struct udevice *dev, ulong addr,
 			rc = 1;
 			break;
 		}
-	} while (nbytes > 0);
+	} while (nbytes > 0 && addr < 4096);
+
+	if (rc == 0 && nbytes > 0)
+		return 1;
 
 	return (rc);
 }
@@ -390,6 +396,9 @@ static int pci_cfg_modify(struct udevice *dev, ulong addr, ulong size,
 	int	nbytes;
 	ulong val;
 
+	if (addr >= 4096)
+		return 1;
+
 	/* Print the address, followed by value.  Then accept input for
 	 * the next value.  A non-converted value exits.
 	 */
@@ -427,7 +436,10 @@ static int pci_cfg_modify(struct udevice *dev, ulong addr, ulong size,
 					addr += size;
 			}
 		}
-	} while (nbytes);
+	} while (nbytes && addr < 4096);
+
+	if (nbytes)
+		return 1;
 
 	return 0;
 }
diff --git a/drivers/pci/pci-uclass.c b/drivers/pci/pci-uclass.c
index 2c85e78a136..16a6a699f92 100644
--- a/drivers/pci/pci-uclass.c
+++ b/drivers/pci/pci-uclass.c
@@ -286,6 +286,8 @@ int pci_bus_write_config(struct udevice *bus, pci_dev_t bdf, int offset,
 	ops = pci_get_ops(bus);
 	if (!ops->write_config)
 		return -ENOSYS;
+	if (offset < 0 || offset >= 4096)
+		return -EINVAL;
 	return ops->write_config(bus, bdf, offset, value, size);
 }
 
@@ -364,8 +366,14 @@ int pci_bus_read_config(const struct udevice *bus, pci_dev_t bdf, int offset,
 	struct dm_pci_ops *ops;
 
 	ops = pci_get_ops(bus);
-	if (!ops->read_config)
+	if (!ops->read_config) {
+		*valuep = pci_conv_32_to_size(~0, offset, size);
 		return -ENOSYS;
+	}
+	if (offset < 0 || offset >= 4096) {
+		*valuep = pci_conv_32_to_size(0, offset, size);
+		return -EINVAL;
+	}
 	return ops->read_config(bus, bdf, offset, valuep, size);
 }
 

From e9ac3a939d4f11e9cdcdcb2bad090f4cb1929a85 Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Sun, 31 Jul 2022 15:31:31 +0900
Subject: [PATCH 2/4] nvme: Do a clean NVMe shutdown

The brute-force controller disable method can end up racing controller
initialization and causing a crash when we shut down Apple ANS2 NVMe
controllers. Do a proper controlled shutdown, which does block until
things are quiesced properly. This is nicer in general for all
controllers.

Signed-off-by: Hector Martin <marcan@marcan.st>
Tested-by: Mark Kettenis <kettenis@openbsd.org> (firefly-rk3399)
---
 drivers/nvme/nvme.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/drivers/nvme/nvme.c b/drivers/nvme/nvme.c
index a305305885e..5fd2fb9ed6a 100644
--- a/drivers/nvme/nvme.c
+++ b/drivers/nvme/nvme.c
@@ -27,9 +27,8 @@
 #define IO_TIMEOUT		30
 #define MAX_PRP_POOL		512
 
-static int nvme_wait_ready(struct nvme_dev *dev, bool enabled)
+static int nvme_wait_csts(struct nvme_dev *dev, u32 mask, u32 val)
 {
-	u32 bit = enabled ? NVME_CSTS_RDY : 0;
 	int timeout;
 	ulong start;
 
@@ -38,7 +37,7 @@ static int nvme_wait_ready(struct nvme_dev *dev, bool enabled)
 
 	start = get_timer(0);
 	while (get_timer(start) < timeout) {
-		if ((readl(&dev->bar->csts) & NVME_CSTS_RDY) == bit)
+		if ((readl(&dev->bar->csts) & mask) == val)
 			return 0;
 	}
 
@@ -295,7 +294,7 @@ static int nvme_enable_ctrl(struct nvme_dev *dev)
 	dev->ctrl_config |= NVME_CC_ENABLE;
 	writel(dev->ctrl_config, &dev->bar->cc);
 
-	return nvme_wait_ready(dev, true);
+	return nvme_wait_csts(dev, NVME_CSTS_RDY, NVME_CSTS_RDY);
 }
 
 static int nvme_disable_ctrl(struct nvme_dev *dev)
@@ -304,7 +303,16 @@ static int nvme_disable_ctrl(struct nvme_dev *dev)
 	dev->ctrl_config &= ~NVME_CC_ENABLE;
 	writel(dev->ctrl_config, &dev->bar->cc);
 
-	return nvme_wait_ready(dev, false);
+	return nvme_wait_csts(dev, NVME_CSTS_RDY, 0);
+}
+
+static int nvme_shutdown_ctrl(struct nvme_dev *dev)
+{
+	dev->ctrl_config &= ~NVME_CC_SHN_MASK;
+	dev->ctrl_config |= NVME_CC_SHN_NORMAL;
+	writel(dev->ctrl_config, &dev->bar->cc);
+
+	return nvme_wait_csts(dev, NVME_CSTS_SHST_MASK, NVME_CSTS_SHST_CMPLT);
 }
 
 static void nvme_free_queue(struct nvme_queue *nvmeq)
@@ -904,6 +912,13 @@ free_nvme:
 int nvme_shutdown(struct udevice *udev)
 {
 	struct nvme_dev *ndev = dev_get_priv(udev);
+	int ret;
+
+	ret = nvme_shutdown_ctrl(ndev);
+	if (ret < 0) {
+		printf("Error: %s: Shutdown timed out!\n", udev->name);
+		return ret;
+	}
 
 	return nvme_disable_ctrl(ndev);
 }

From 2f03a639f36d305800b8befe066f0d3a1616aed0 Mon Sep 17 00:00:00 2001
From: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Date: Mon, 8 Aug 2022 16:45:17 +0200
Subject: [PATCH 3/4] disk: part: remove dependency to ubifs for spl

The spl doesn't support ubifs and thereby doesn't provide the
ubifs_is_mounted function. Remove the dependency to ubifs for the spl.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
---
 disk/part.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/disk/part.c b/disk/part.c
index 79955c7fb00..de1b917e842 100644
--- a/disk/part.c
+++ b/disk/part.c
@@ -479,7 +479,7 @@ int blk_get_device_part_str(const char *ifname, const char *dev_part_str,
 	}
 #endif
 
-#ifdef CONFIG_CMD_UBIFS
+#if IS_ENABLED(CONFIG_CMD_UBIFS) && !IS_ENABLED(CONFIG_SPL_BUILD)
 	/*
 	 * Special-case ubi, ubi goes through a mtd, rather than through
 	 * a regular block device.

From 53a9f9ef879fbc9ae0e6bf5330d3817ebd726e5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
Date: Sun, 7 Aug 2022 21:04:22 +0200
Subject: [PATCH 4/4] distroboot: ubifs: Add support for specifying UBI header
 offset
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some UBI partitions may use non-standard UBI header offset. For attaching
these UBI partitions it is required to pass second argument with offset to
"ubi part" command.

Therefore extend distroboot to allow specifying additional optional 6th
argument with UBI header offset. This offset is set in new distroboot
variable ${bootubioff} which may be used by distroboot script to e.g.
properly pass this value to linux kernel command line for proper mounting
of rootfs by kernel. This variable is set to empty string (cleared) when
UBI header offset is not specified into distroboot BOOT_TARGET_DEVICES
macro.

Usage of helper macro BOOTENV_DEV_UBIFS_BOOTUBIOFF in this change is there
as a type check. It ensures that in BOOT_TARGET_DEVICES macro was specified
UBIFS func with either 5 or 6 arguments. If not then cpp throws compile
error.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
---
 include/config_distro_bootcmd.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/config_distro_bootcmd.h b/include/config_distro_bootcmd.h
index c6e9c497413..5506f3168f3 100644
--- a/include/config_distro_bootcmd.h
+++ b/include/config_distro_bootcmd.h
@@ -70,7 +70,7 @@
 #ifdef CONFIG_CMD_UBIFS
 #define BOOTENV_SHARED_UBIFS \
 	"ubifs_boot=" \
-		"if ubi part ${bootubipart} && " \
+		"if ubi part ${bootubipart} ${bootubioff} && " \
 			"ubifsmount ubi0:${bootubivol}; " \
 		"then " \
 			"devtype=ubi; " \
@@ -80,12 +80,14 @@
 			"run scan_dev_for_boot; " \
 			"ubifsumount; " \
 		"fi\0"
-#define BOOTENV_DEV_UBIFS(devtypeu, devtypel, instance, bootubipart, bootubivol) \
+#define BOOTENV_DEV_UBIFS_BOOTUBIOFF(off) #off /* type check, throw error when called with more args */
+#define BOOTENV_DEV_UBIFS(devtypeu, devtypel, instance, bootubipart, bootubivol, ...) \
 	"bootcmd_ubifs" #instance "=" \
 		"bootubipart=" #bootubipart "; " \
 		"bootubivol=" #bootubivol "; " \
+		"bootubioff=" BOOTENV_DEV_UBIFS_BOOTUBIOFF(__VA_ARGS__) "; " \
 		"run ubifs_boot\0"
-#define BOOTENV_DEV_NAME_UBIFS(devtypeu, devtypel, instance, bootubipart, bootubivol) \
+#define BOOTENV_DEV_NAME_UBIFS(devtypeu, devtypel, instance, ...) \
 	#devtypel #instance " "
 #else
 #define BOOTENV_SHARED_UBIFS