Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-13106: Commits · u-boot/u-boot

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.

CVE
Open in Source
#mac#linux#perl#buffer_overflow#wifi

Commits on Feb 28, 2023

  1. board: rock5b-rk3588: add memory gaps into kernel’s DTB

    RK3588 has two memory gaps when using 16 GiB DRAM size: [0x3fc000000 , 0x3fc500000] and [0x3fff00000 , 0x3ffffffff]

    If the kernel is agnostic to these gaps, accessing the area causes a SError panic.

    Hence, add reserved memory areas in kernel’s DTB before booting.

    Signed-off-by: Eugen Hristev [email protected] Reviewed-by: Kever Yang [email protected]

  1. board: rockchip: add Radxa ROCK5B Rk3588 board

    ROCK 5B is a Rockchip RK3588 based SBC (Single Board Computer) by Radxa.

    There are tree variants depending on the DRAM size : 4G, 8G and 16G.

    Specification:

    Rockchip Rk3588 SoC
4x ARM Cortex-A76, 4x ARM Cortex-A55
4/8/16GB memory LPDDR4x
Mali G610MC4 GPU
MIPI CSI 2 multiple lanes connector
eMMC module connector
uSD slot (up to 128GB)
2x USB 2.0, 2x USB 3.0
2x HDMI output, 1x HDMI input
Ethernet port
40-pin IO header including UART, SPI, I2C and 5V DC power in
USB PD over USB Type-C
Size: 85mm x 54mm

    Kernel commits: a1d3281450ab (“arm64: dts: rockchip: Add rock-5b board”) 6fb13f888f2a (“arm64: dts: rockchip: Update sdhci alias for rock-5b”)

    Signed-off-by: Eugen Hristev [email protected] Reviewed-by: Kever Yang [email protected]

  1. clk: rockchip: rk3568: add more supported clk rates for sdmmc and emmc

    SDHCI driver may attempt to set 26MHz clock, but clk_rk3568 will return error in this case. Apparently, SDHCI silently ignores the error and as a result eMMC initialization fails.

    Add 25 MHz and 26 MHz clk rates for sdmmc and emmc on rk3568 to fix that.

    Signed-off-by: Vasily Khoruzhick [email protected] Reviewed-by: Kever Yang [email protected]

  1. rockchip: rk3568: Read cpuid from otp

    The cpuid on RK3568 is located at 0xa instead of 0x7 as all other SoCs. Add and use a CFG_CPUID_OFFSET to define this offset.

    Signed-off-by: Jonas Karlman [email protected] Reviewed-by: Kever Yang [email protected]

  1. rockchip: misc: Set eth1addr mac address

    Set eth1addr in addition to ethaddr.

    Also allow fdt fixup of ethernet mac addresses when CMD_NET is disabled. Set ethaddr and eth1addr based on HASH and SHA256 options.

    Signed-off-by: Jonas Karlman [email protected] Reviewed-by: Kever Yang [email protected]

  1. rockchip: efuse: Refactor to use driver data and ops
Refactor the driver to use driver data and ops to simplify handling
of SoCs that require a unique read op.

Move handling of the aligned bounce buffer to main read op in order to
keep the SoC unique read op simple.

Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. rockchip: otp: Add support for RK3588
Add support for rk3588 compatible.

Adjust offset using driver data in main read op.

Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. rockchip: otp: Add support for RK3568
Add support for rk3568 compatible.

Handle allocation of an aligned bounce buffer in main read op in order
to keep the SoC unique read op simple.

Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. rockchip: otp: Refactor to use driver data and ops
Refactor the driver to use driver data and ops to simplify handling
of SoCs that require a unique read op.

Use readl\_poll\_sleep\_timeout instead of a custom poll loop, and add
validation of input parameter to main read op.

Signed-off-by: Jonas Karlman <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. board: rockchip: Add Edgeble Neural Compute Module 6
Neural Compute Module 6(Neu2) is a 96boards SoM-CB compute module
based on Rockchip RK3588 from Edgeble AI.

General features:
- Rockchip RK3588
- up to 32GB LPDDR4x
- up to 128GB eMMC
- 2x MIPI CSI2 FPC

On module WiFi6/BT5 is available in the following Neu6 variants.

Neural Compute Module 6(Neu6) IO board is an industrial form factor
ready-to-use IO board from Edgeble AI.

IO board offers plenty of peripherals and connectivity options and
this patch enables basic eMMC and UART which is enough to successfully
boot Linux.

Neu6 needs to mount on top of this IO board in order to create a
complete Edgeble Neural Compute Module 6(Neu6) IO platform.

Boot log for the record,

DDR Version V1.08 20220617
LPDDR4X, 2112MHz
channel\[0\] BW=16 Col=10 Bk=8 CS0 Row=16 CS1 Row=16 CS=2 Die BW=16 Size=2048MB
channel\[1\] BW=16 Col=10 Bk=8 CS0 Row=16 CS1 Row=16 CS=2 Die BW=16 Size=2048MB
channel\[2\] BW=16 Col=10 Bk=8 CS0 Row=16 CS1 Row=16 CS=2 Die BW=16 Size=2048MB
channel\[3\] BW=16 Col=10 Bk=8 CS0 Row=16 CS1 Row=16 CS=2 Die BW=16 Size=2048MB
Manufacturer ID:0x6
CH0 RX Vref:31.7%, TX Vref:21.8%,21.8%
CH1 RX Vref:30.7%, TX Vref:22.8%,23.8%
CH2 RX Vref:30.7%, TX Vref:22.8%,22.8%
CH3 RX Vref:30.7%, TX Vref:21.8%,21.8%
change to F1: 528MHz
change to F2: 1068MHz
change to F3: 1560MHz
change to F0: 2112MHz
out

U-Boot SPL 2023.01-00952-g1d1785a516-dirty (Jan 30 2023 - 19:53:55 +0530)
Trying to boot from MMC1
INFO:    Preloader serial: 2
NOTICE:  BL31: v2.3():v2.3-391-g856309329:derrick.huang
NOTICE:  BL31: Built : 14:15:50, Jul 18 2022
INFO:    ext 32k is not valid
INFO:    GICv3 without legacy support detected.
INFO:    ARM GICv3 driver initialized in EL3
INFO:    system boots from cpu-hwid-0
INFO:    idle\_st=0x21fff, pd\_st=0x11fff9, repair\_st=0xfff70001
INFO:    dfs DDR fsp\_params\[0\].freq\_mhz= 2112MHz
INFO:    dfs DDR fsp\_params\[1\].freq\_mhz= 528MHz
INFO:    dfs DDR fsp\_params\[2\].freq\_mhz= 1068MHz
INFO:    dfs DDR fsp\_params\[3\].freq\_mhz= 1560MHz
INFO:    BL31: Initialising Exception Handling Framework
INFO:    BL31: Initializing runtime services
WARNING: No OPTEE provided by BL2 boot loader, Booting device without OPTEE initialization. SMC\`s destined for OPTEE will return SMC\_UNK
ERROR:   Error initializing runtime service opteed\_fast
INFO:    BL31: Preparing for EL3 exit to normal world
INFO:    Entry point address = 0xa00000
INFO:    SPSR = 0x3c9

U-Boot 2023.01-00952-g1d1785a516-dirty (Jan 30 2023 - 19:53:55 +0530)

Model: Edgeble Neu6A IO Board
DRAM:  7.5 GiB (effective 3.7 GiB)
Core:  71 devices, 15 uclasses, devicetree: separate
MMC:   mmc@fe2c0000: 0
Loading Environment from nowhere... OK
In:    serial@feb50000
Out:   serial@feb50000
Err:   serial@feb50000
Model: Edgeble Neu6A IO Board
Net:   No ethernet found.
Hit any key to stop autoboot:  0
=>

Add support for Edgeble Neu6 Model A IO Board.

Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. ARM: dts: rockchip: rk3588s-u-boot: Add sdmmc node
Booting from SDMMC is one of the fast and easy booting methods
for initial support of any SoC to upstream more features. 

This patch is trying to add the sdmmc node for rk3588 and added
as u-boot specific node in -u-boot.dtsi as upstream Linux is not
supporting yet.

As soon as Linux supports it, a sync of the Linux device tree
would eventually drop this node. 

Clock properties as added according to the rockchip mmc driver
but the actual definition might add scmi clocks into 0 and 1
indexes. This is due to scmi clock are not supporting in upstream
U-Boot. Properly addition of scmi clock would eventually follow
sdmmc clock definition of Linux once they upstreamed.

Signed-off-by: Jagan Teki <[email protected]>
  1. ARM: dts: rockchip: Add rk3588-u-boot.dtsi
Add u-boot,dm-spl and u-boot,dm-pre-reloc related properties
for Rockchip RK3588 SoC to boot the SPL.

Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. arm: rockchip: Add RK3588 arch core support
The Rockchip RK3588 is a ARM-based SoC with quad-core Cortex-A76
and quad-core Cortex-A55 including NEON and GPU, 6TOPS NPU,
Mali-G610 MP4, HDMI Out, HDMI In, DP, eDP, MIPI DSI, MIPI CSI2,
LPDDR4/4X/5, eMMC5.1, SD3.0/MMC4.5, USB OTG 3.0, Type-C, USB 2.0,
PCIe 3.0, SATA 3, Ethernet, SDIO3.0 I2C, UART, SPI, GPIO and PWM.

Add arch core support for it.

Signed-off-by: Jagan Teki <[email protected]>
Signed-off-by: Kever Yang <[email protected]>
  1. arm64: dts: rockchip: rk3588: Add Edgeble Neu6 Model A IO
Neural Compute Module 6(Neu6) IO board is an industrial form factor
ready-to-use IO board from Edgeble AI.

IO board offers plenty of peripherals and connectivity options and
this patch enables basic eMMC and UART which is enough to successfully
boot Linux.

Neu6 needs to mount on top of this IO board in order to create a
complete Edgeble Neural Compute Module 6(Neu6) IO platform.

commit <a5079a534554> ("arm64: dts: rockchip: rk3588: Add Edgeble Neu6
Model A IO")

Add support for Edgeble Neu6 Model A IO Board.

Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. arm64: dts: rockchip: rk3588: Add Edgeble Neu6 Model A SoM
Neural Compute Module 6(Neu2) is a 96boards SoM-CB compute module
based on Rockchip RK3588 from Edgeble AI.

General features:
- Rockchip RK3588
- up to 32GB LPDDR4x
- up to 128GB eMMC
- 2x MIPI CSI2 FPC

On module WiFi6/BT5 is available in the following Neu6 variants.

Neu6 needs to mount on top of associated Edgeble IO boards for
creating complete platform solutions.

Enable eMMC for now to boot Linux successfully.

commit <3d9a2f7e7c5e> ("arm64: dts: rockchip: rk3588: Add Edgeble Neu6
Model A SoM")

Add support for Edgeble Neu6 Model A SoM.

Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. arm64: dts: rockchip: Add base DT for rk3588 SoC
This initial version supports CPU, dma, interrupts, timers, UART and
SDHCI (everything necessary to boot Linux on this system on chip) as
well as Ethernet, I2C, PWM and SPI.

The DT is split into rk3588 and rk3588s, which is a reduced version
(i.e. with less peripherals) of the former.

commit <9fb232e9911f> (" arm64: dts: rockchip: Add base DT for rk3588
SoC")
commit <d68a97d501f8> ("arm64: dts: rockchip: Add rk3588 pinctrl data")

Signed-off-by: Jianqun Xu <[email protected]>
Signed-off-by: Kever Yang <[email protected]>
Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. arm: rockchip: Add ioc header for rk3588
Add IOC unit header include for rk3588.

Signed-off-by: Steven Liu <[email protected]>
Signed-off-by: Joseph Chen <[email protected]>
Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. dt-bindings: reset: add rk3588 reset definitions
Add reset ID defines for rk3588.

commit <0a8eb7dae617> ("dt-bindings: reset: add rk3588 reset
definitions")

Signed-off-by: Sebastian Reichel <[email protected]>
Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
  1. dt-bindings: power: Add power-domain header for rk3588
Add power-domain header for RK3588 SoC from description in TRM.

commit <67944950c2d0> ("dt-bindings: power: add power-domain header for
rk3588")

Signed-off-by: Finley Xiao <[email protected]>
Signed-off-by: Jagan Teki <[email protected]>
Reviewed-by: Kever Yang <[email protected]>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE