diff options
| author | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | 2022-06-14 00:03:02 +0300 |
|---|---|---|
| committer | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | 2022-06-15 23:39:17 +0300 |
| commit | 1f4be67aa2cc61a3db46c577da5ccd88cc84fa16 (patch) | |
| tree | dfe08b91193d44f4984117dbd3eef9866e097582 | |
| parent | 0945170f93cc0c101bf01739f41136c2f05af570 (diff) | |
| download | openbmc-1f4be67aa2cc61a3db46c577da5ccd88cc84fa16.tar.xz | |
Update to internal 1-0.91-151
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
63 files changed, 4493 insertions, 107 deletions
diff --git a/meta-openbmc-mods/meta-ast2600/conf/machine/include/intel-ast2600.inc b/meta-openbmc-mods/meta-ast2600/conf/machine/include/intel-ast2600.inc index a7146299c..1304178d4 100644 --- a/meta-openbmc-mods/meta-ast2600/conf/machine/include/intel-ast2600.inc +++ b/meta-openbmc-mods/meta-ast2600/conf/machine/include/intel-ast2600.inc @@ -4,6 +4,7 @@ KERNEL_DEVICETREE = " \ ${KMACHINE}-bmc-${COMPATIBLE_MACHINE}.dtb \ " #KERNEL_DEVICETREE = "${KMACHINE}-ast2600-evb.dtb" +UBOOT_MACHINE = "ast2600_openbmc_defconfig" require conf/machine/include/ast2600.inc require conf/machine/include/obmc-bsp-si-common.inc @@ -13,7 +14,6 @@ TARGET_FPU = "hard" PREFERRED_PROVIDER_u-boot-fw-utils ?= "u-boot-fw-utils-aspeed-sdk" -UBOOT_MACHINE = "ast2600_openbmc_defconfig" UBOOT_DEVICETREE = "ast2600-intel" VIRTUAL-RUNTIME_skeleton_workbook = "${MACHINE}-config" diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0012-IPMI-command-handler-implementation-in-uboot.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0012-IPMI-command-handler-implementation-in-uboot.patch index 67123645d..b400aae9e 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0012-IPMI-command-handler-implementation-in-uboot.patch +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0012-IPMI-command-handler-implementation-in-uboot.patch @@ -5,7 +5,7 @@ Subject: [PATCH] IPMI command handler implementation in uboot IPMI command handler implementation in uBoot. Implemented IPMI commands: - 1) Get Device ID + 1) Get Device ID with default Product ID=0 2) Get Self Test Result Tested By: @@ -13,7 +13,7 @@ Ran the above IPMI command Via KCS channel and got proper response. - Get Device ID Req: ipmitool raw 6 1 - Res: 00 23 00 82 03 02 00 57 01 00 7b 00 00 00 00 00 + Res: 00 23 00 82 03 02 00 57 01 00 00 00 00 00 00 00 - Get Self Test Results Req: ipmitool raw 6 4 Res: 56 00 @@ -205,7 +205,7 @@ index 000000000000..04732846ac28 + /* Get Device ID */ + bool operation = 1; /* Firmware operation */ + u8 intel_mfg_id[3] = { 0x57, 0x01, 0x00 }; -+ u8 platform_id[2] = { 0x7B, 0x00 }; ++ u8 platform_id[2] = { 0x00, 0x00 }; + u8 aux_fw_rev[4] = { 0x00, 0x00, 0x00, 0x00 }; + struct get_dev_id *result = (struct get_dev_id *)res; + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0044-Enable-WDT2-for-causing-reset-in-Kernel-u-boot-hang.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0044-Enable-WDT2-for-causing-reset-in-Kernel-u-boot-hang.patch new file mode 100644 index 000000000..a79fc6e85 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0044-Enable-WDT2-for-causing-reset-in-Kernel-u-boot-hang.patch @@ -0,0 +1,77 @@ +From 6a5cf930c34fe2ba29fa3361b07ae42e1e1a66d3 Mon Sep 17 00:00:00 2001 +From: AKSHAY RAVEENDRAN K <akshay.raveendran.k@intel.com> +Date: Mon, 11 Apr 2022 12:24:33 +0000 +Subject: [PATCH] Enable WDT2 for causing reset in Kernel/u-boot hang + +In the current implementation, WDT1 is enabled as the reset reason +for u-boot/kernel hang recovery. This fix changes the watchdog timer from +WDT1 to WDT2 for the u-boot/kernel hang or panic as WDT2 is expected +here. + +Along with this fix, panic time out value is changed from "-1" to "0" in +kernel configuration file. Which will make the system remain in hang +instead of rebooting immediately. This will allow WDT2 to complete the +time out period and trigger the reset. + +Tested: +1. Triggered a kernel panic using "echo c > /proc/sysrq-trigger" command +and confirmed the reset reason is WDT2 reset. +2. After 3 kernel panics the BMC is booted to u-boot prompt +3. The normal BMC resets(ipmitool raw 6 2) are caused by WDT1 only as +expected. + +Signed-off-by: AKSHAY RAVEENDRAN K <akshay.raveendran.k@intel.com> +--- + arch/arm/dts/ast2600-intel.dts | 2 +- + arch/arm/mach-aspeed/ast2600/platform.S | 11 +++++++---- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/arch/arm/dts/ast2600-intel.dts b/arch/arm/dts/ast2600-intel.dts +index dba62fd254..b894be2a64 100644 +--- a/arch/arm/dts/ast2600-intel.dts ++++ b/arch/arm/dts/ast2600-intel.dts +@@ -98,7 +98,7 @@ + + &wdt1 { + u-boot,dm-pre-reloc; +- status = "okay"; ++ status = "disabled"; + }; + + &wdt2 { +diff --git a/arch/arm/mach-aspeed/ast2600/platform.S b/arch/arm/mach-aspeed/ast2600/platform.S +index cc1d6b7a61..967c255cd5 100644 +--- a/arch/arm/mach-aspeed/ast2600/platform.S ++++ b/arch/arm/mach-aspeed/ast2600/platform.S +@@ -78,6 +78,9 @@ + #define AST_WDT1_RESET_MASK2 (AST_WDT1_BASE + 0x020) + + #define AST_WDT2_BASE 0x1E785040 ++#define AST_WDT2_RELOAD_VAL (AST_WDT2_BASE + 0x004) ++#define AST_WDT2_RESTART_CTRL (AST_WDT2_BASE + 0x008) ++#define AST_WDT2_CTRL (AST_WDT2_BASE + 0x00C) + #define AST_WDT2_RESET_MASK1 (AST_WDT2_BASE + 0x01C) + #define AST_WDT2_RESET_MASK2 (AST_WDT2_BASE + 0x020) + +@@ -388,14 +391,14 @@ wait_lock: + str r0, [r1] + + #ifdef CONFIG_HW_WATCHDOG +- /* Enable WDT1 to recover u-boot hang */ +- ldr r0, =AST_WDT1_RELOAD_VAL ++ /* Enable WDT2 to recover u-boot hang */ ++ ldr r0, =AST_WDT2_RELOAD_VAL + ldr r1, =0x00500000 @ ~5 seconds + str r1, [r0] +- ldr r0, =AST_WDT1_RESTART_CTRL ++ ldr r0, =AST_WDT2_RESTART_CTRL + ldr r1, =0x00004755 + str r1, [r0] +- ldr r0, =AST_WDT1_CTRL ++ ldr r0, =AST_WDT2_CTRL + ldr r1, =0x00000013 + str r1, [r0] + #endif +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0045-PFR-Skip-counting-WDT2-event-when-EXTRST-is-set.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0045-PFR-Skip-counting-WDT2-event-when-EXTRST-is-set.patch new file mode 100644 index 000000000..5c2b307f3 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/0045-PFR-Skip-counting-WDT2-event-when-EXTRST-is-set.patch @@ -0,0 +1,45 @@ +From 59dc87adc78cfcc2a4dba57a777c1c46ef6cd4d8 Mon Sep 17 00:00:00 2001 +From: AKSHAY RAVEENDRAN K <akshay.raveendran.k@intel.com> +Date: Tue, 19 Apr 2022 06:25:32 +0000 +Subject: [PATCH] PFR- Skip counting WDT2 event when EXTRST# is set + +when a kernel/u-boot panic or hang occurs the WDT2 will trigger a BMC +reset and it will increase bootfailure count. If the bootfailure count +is more than 3, the u-boot will abort the booting to BMC. This fix will +remove the bootfailure count incrementing if PFR is provisioned as PFR +CPLD will boot a recovery image anyway if the booting process is not +working as expected and stopping in u-boot is not necessary. + +Tested: +triggered kernel panic 4 times and confirmed that boot process +is not aborted at u-boot in PFR provisioned mode. + +Signed-off-by: AKSHAY RAVEENDRAN K <akshay.raveendran.k@intel.com> +--- + board/aspeed/ast2600_intel/intel.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/board/aspeed/ast2600_intel/intel.c b/board/aspeed/ast2600_intel/intel.c +index c0d82bfb4b..5a54051ac7 100644 +--- a/board/aspeed/ast2600_intel/intel.c ++++ b/board/aspeed/ast2600_intel/intel.c +@@ -13,6 +13,7 @@ + #define SYS_PWR_RESET_FLAG BIT(0) /* from scu_info.c */ + #define WATCHDOG_RESET_BIT BIT(20) + #define BOOT_FAILURE_LIMIT 3 ++#define EXTRST_RESET_BIT BIT(1) + + #define SCU_014 0x014 /* Silicon Revision ID */ + #define REV_ID_AST2600A0 0x05000303 /* AST2600 A0 */ +@@ -703,7 +704,7 @@ int board_late_init(void) + + boot_failures = get_boot_failures(); + +- if (gd->reset_reason & WATCHDOG_RESET_BIT) ++ if ((gd->reset_reason & WATCHDOG_RESET_BIT) && !(gd->reset_reason & EXTRST_RESET_BIT)) + set_boot_failures(boot_failures + 1); + else + set_boot_failures(0); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend index fdc83fce1..22f2eb540 100644 --- a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/u-boot-aspeed-sdk_%.bbappend @@ -42,6 +42,7 @@ SRC_URI:append:intel-ast2600 = " \ file://0036-Disable-BMC-MMIO-Decode-on-VGA-SCU-register-bit.patch \ file://0037-Enable-I2C-clock-stretching-and-multi-master-support.patch \ file://0038-Disabling-serial-console-if-FFUJ-is-enabled.patch \ + file://0044-Enable-WDT2-for-causing-reset-in-Kernel-u-boot-hang.patch \ " # CVE-2020-10648 vulnerability fix @@ -99,6 +100,7 @@ SRC_URI:append:intel-ast2600 = " \ PFR_SRC_URI = " \ file://0043-AST2600-PFR-u-boot-env-changes-as-per-PFR-BMC-image.patch \ + file://0045-PFR-Skip-counting-WDT2-event-when-EXTRST-is-set.patch \ " AUTOBOOT_SRC_URI = " \ diff --git a/meta-openbmc-mods/meta-common/classes/image_types_phosphor_auto.bbclass b/meta-openbmc-mods/meta-common/classes/image_types_phosphor_auto.bbclass index 3efbfe092..cdfceab0a 100644 --- a/meta-openbmc-mods/meta-common/classes/image_types_phosphor_auto.bbclass +++ b/meta-openbmc-mods/meta-common/classes/image_types_phosphor_auto.bbclass @@ -16,7 +16,9 @@ IMAGE_TYPES += "mtd-auto" IMAGE_TYPEDEP:mtd-auto = "${IMAGE_BASETYPE}" IMAGE_TYPES_MASKED += "mtd-auto" - +FLASH_UBOOT_SPL_IMAGE ?= "u-boot-spl" +FLASH_UBOOT_IMAGE ?= "u-boot" +image_dst ?= "image-u-boot" # Flash characteristics in KB unless otherwise noted python() { types = d.getVar('IMAGE_FSTYPES', True).split() @@ -47,9 +49,23 @@ do_generate_auto() { bbdebug 1 "do_generate_auto IMAGE_TYPES=${IMAGE_TYPES} size=${FLASH_SIZE}KB (${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.auto.mtd)" # Assemble the flash image mk_nor_image ${IMGDEPLOYDIR}/${IMAGE_NAME}.auto.mtd ${FLASH_SIZE} + uboot_offset=${FLASH_UBOOT_OFFSET} + if [ ! -z ${SPL_BINARY} ]; then dd bs=1k conv=notrunc seek=${FLASH_UBOOT_OFFSET} \ + if=${DEPLOY_DIR_IMAGE}/${FLASH_UBOOT_SPL_IMAGE}.${UBOOT_SUFFIX} \ + of=${DEPLOY_DIR_IMAGE}/${image_dst} + uboot_offset=${FLASH_UBOOT_SPL_SIZE} + dd bs=1k conv=notrunc seek=${uboot_offset} \ + if=${DEPLOY_DIR_IMAGE}/${FLASH_UBOOT_IMAGE}.${UBOOT_SUFFIX} \ + of=${DEPLOY_DIR_IMAGE}/${image_dst} + dd bs=1k conv=notrunc seek=${FLASH_UBOOT_OFFSET} \ + if=${DEPLOY_DIR_IMAGE}/${image_dst} \ + of=${IMGDEPLOYDIR}/${IMAGE_NAME}.auto.mtd + else + dd bs=1k conv=notrunc seek=${FLASH_UBOOT_OFFSET} \ if=${DEPLOY_DIR_IMAGE}/u-boot.${UBOOT_SUFFIX} \ of=${IMGDEPLOYDIR}/${IMAGE_NAME}.auto.mtd + fi for OFFSET in ${FLASH_RUNTIME_OFFSETS}; do dd bs=1k conv=notrunc seek=${OFFSET} \ diff --git a/meta-openbmc-mods/meta-common/classes/obmc-phosphor-image-common.bbclass b/meta-openbmc-mods/meta-common/classes/obmc-phosphor-image-common.bbclass index bc20e5a29..b0227e381 100644 --- a/meta-openbmc-mods/meta-common/classes/obmc-phosphor-image-common.bbclass +++ b/meta-openbmc-mods/meta-common/classes/obmc-phosphor-image-common.bbclass @@ -60,7 +60,6 @@ IMAGE_INSTALL:append = " \ ac-boot-check \ host-error-monitor \ beepcode-mgr \ - psu-manager \ kernel-panic-check \ id-led-off \ hsbp-manager \ diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl/CVE-2022-0778.patch b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl/CVE-2022-0778.patch new file mode 100644 index 000000000..1cae7daac --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl/CVE-2022-0778.patch @@ -0,0 +1,69 @@ +From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tomas@openssl.org> +Date: Mon, 28 Feb 2022 18:26:21 +0100 +Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() + +The calculation in some cases does not finish for non-prime p. + +This fixes CVE-2022-0778. + +Based on patch by David Benjamin <davidben@google.com>. + +Reviewed-by: Paul Dale <pauli@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +--- + crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c +index 1723d5ded5..53b0f55985 100644 +--- a/crypto/bn/bn_sqrt.c ++++ b/crypto/bn/bn_sqrt.c +@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + /* + * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks + * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number +- * Theory", algorithm 1.5.1). 'p' must be prime! ++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or ++ * an incorrect "result" will be returned. + */ + { + BIGNUM *ret = in; +@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + goto vrfy; + } + +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) +- goto end; +- while (!BN_is_one(t)) { +- i++; +- if (i == e) { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- goto end; ++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ ++ for (i = 1; i < e; i++) { ++ if (i == 1) { ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ ++ } else { ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; + } +- if (!BN_mod_mul(t, t, t, p, ctx)) +- goto end; ++ if (BN_is_one(t)) ++ break; ++ } ++ /* If not found, a is not a square or p is not prime. */ ++ if (i >= e) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ goto end; + } + + /* t := y^2^(e - i - 1) */ +-- +2.25.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1l.bb index e395de665..ac5c81998 100644 --- a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1l.bb +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1l.bb @@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://reproducible.patch \ + file://CVE-2022-0778.patch \ " SRC_URI:append:class-nativesdk = " \ diff --git a/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf b/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf index 43967a28b..bce355ea1 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf +++ b/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf @@ -1,4 +1,2 @@ # panic kernel on OOM vm.panic_on_oom=2 -# reboot after 10 sec on panic -kernel.panic=10 diff --git a/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.4.bb b/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.5.bb index 332dc0603..b81c72515 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.4.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.5.bb @@ -14,7 +14,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" -SRC_URI[sha256sum] = "14c58c2a0b5b8b31836514dfab41bd191836db7aa7b84ae5c47bc0327a20d64a" +SRC_URI[sha256sum] = "fbb430f964c7a2db2626452b6769e6a8d5d23593a453ccbc21701b74deabedff" EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" diff --git a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend index 4b0ce63f9..26e9a2ea5 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend @@ -1,4 +1,6 @@ -SRC_URI = "git://github.com/openbmc/host-error-monitor" -SRCREV = "1c208480e6de77a5a41b0733c595e8d4a99e5311" +# The URI is required for the autobump script but keep it commented +# to not override the upstream value +# SRC_URI = "git://github.com/openbmc/host-error-monitor;branch=master;protocol=https" +SRCREV = "ed6972aefe37a039d5b41d183eafc8c48549be67" EXTRA_OECMAKE = "-DYOCTO=1" diff --git a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend index 26bbc34ee..1892a3d44 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend @@ -2,7 +2,7 @@ EXTRA_OECMAKE += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '-DINTEL_PF EXTRA_OECMAKE += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'validation-unsecure', '-DBMC_VALIDATION_UNSECURE_FEATURE=ON', '', d)}" EXTRA_OECMAKE += "-DUSING_ENTITY_MANAGER_DECORATORS=OFF" SRC_URI = "git://github.com/openbmc/intel-ipmi-oem.git" -SRCREV = "a165038f0472459ae2ec0ae50b7e0c09969882c7" +SRCREV = "6346e98cd5f33be2328478f865b34edc7203a99d" FILESEXTRAPATHS:append := ":${THISDIR}/${PN}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend index cea8fd6ed..65e70c04e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend @@ -1,3 +1,9 @@ # Enable downstream autobump SRC_URI = "git://github.com/openbmc/libpeci" -SRCREV = "6a00e9aa72f75d66eb8b9572c7fd3894f91c6bba" +SRCREV = "bdefaa3c95d0a93928f8ebda1ce158172d3a4bcf" + +inherit pkgconfig systemd + +PACKAGECONFIG ??= "" +PACKAGECONFIG[dbus-raw-peci] = "-DDBUS_RAW_PECI=ON,-DDBUS_RAW_PECI=OFF,boost sdbusplus" +SYSTEMD_SERVICE:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'dbus-raw-peci', 'com.intel.peci.service', '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2/CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2/CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch new file mode 100644 index 000000000..69cb57065 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2/CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch @@ -0,0 +1,207 @@ +From 652dd12a858989b14eed4e84e453059cd3ba340e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Feb 2022 03:29:24 +0100 +Subject: [PATCH] [CVE-2022-23308] Use-after-free of ID and IDREF attributes + +If a document is parsed with XML_PARSE_DTDVALID and without +XML_PARSE_NOENT, the value of ID attributes has to be normalized after +potentially expanding entities in xmlRemoveID. Otherwise, later calls +to xmlGetID can return a pointer to previously freed memory. + +ID attributes which are empty or contain only whitespace after +entity expansion are affected in a similar way. This is fixed by +not storing such attributes in the ID table. + +The test to detect streaming mode when validating against a DTD was +broken. In connection with the defects above, this could result in a +use-after-free when using the xmlReader interface with validation. +Fix detection of streaming mode to avoid similar issues. (This changes +the expected result of a test case. But as far as I can tell, using the +XML reader with XIncludes referencing the root document never worked +properly, anyway.) + +All of these issues can result in denial of service. Using xmlReader +with validation could result in disclosure of memory via the error +channel, typically stderr. The security impact of xmlGetID returning +a pointer to freed memory depends on the application. The typical use +case of calling xmlGetID on an unmodified document is not affected. +--- + result/XInclude/ns1.xml.rdr | 2 +- + valid.c | 88 +++++++++++++++++++++++-------------- + 2 files changed, 56 insertions(+), 34 deletions(-) + +diff --git a/result/XInclude/ns1.xml.rdr b/result/XInclude/ns1.xml.rdr +index f23702f57..9a3a5e76a 100644 +--- a/result/XInclude/ns1.xml.rdr ++++ b/result/XInclude/ns1.xml.rdr +@@ -1,7 +1,7 @@ + 0 1 doc 0 0 + 1 14 #text 0 1 + +-1 1 ns:elem 1 0 ++1 1 xi:include 1 0 + 1 14 #text 0 1 + + 1 1 elem 0 0 +diff --git a/valid.c b/valid.c +index 5ee391c04..8e596f1db 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,6 +479,35 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2607,6 +2636,24 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++static int ++xmlIsStreaming(xmlValidCtxtPtr ctxt) { ++ xmlParserCtxtPtr pctxt; ++ ++ if (ctxt == NULL) ++ return(0); ++ /* ++ * These magic values are also abused to detect whether we're validating ++ * while parsing a document. In this case, userData points to the parser ++ * context. ++ */ ++ if ((ctxt->finishDtd != XML_CTXT_FINISH_DTD_0) && ++ (ctxt->finishDtd != XML_CTXT_FINISH_DTD_1)) ++ return(0); ++ pctxt = ctxt->userData; ++ return(pctxt->parseMode == XML_PARSE_READER); ++} ++ + /** + * xmlFreeID: + * @not: A id +@@ -2650,7 +2697,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + if (doc == NULL) { + return(NULL); + } +- if (value == NULL) { ++ if ((value == NULL) || (value[0] == 0)) { + return(NULL); + } + if (attr == NULL) { +@@ -2681,7 +2728,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + */ + ret->value = xmlStrdup(value); + ret->doc = doc; +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -2820,6 +2867,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { + ID = xmlNodeListGetString(doc, attr->children, 1); + if (ID == NULL) + return(-1); ++ xmlValidNormalizeString(ID); + + id = xmlHashLookup(table, ID); + if (id == NULL || id->attr != attr) { +@@ -3009,7 +3057,7 @@ xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + * fill the structure. + */ + ret->value = xmlStrdup(value); +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -4028,8 +4076,7 @@ xmlValidateAttributeValue2(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + int extsubset = 0; + +@@ -4070,19 +4117,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) { + xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE, + "standalone: %s on %s value had to be normalized based on external subset declaration\n", +@@ -4114,8 +4149,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + + if (doc == NULL) return(NULL); +@@ -4145,19 +4179,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + return(ret); + } + diff --git a/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2_%.bbappend new file mode 100644 index 000000000..d26a47f4c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb new file mode 100644 index 000000000..5d759aed9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb @@ -0,0 +1,16 @@ +# To allow util-linux to optionally build-depend on cryptsetup, libuuid is +# split out of the main recipe, as it's needed by cryptsetup + +require util-linux.inc + +inherit autotools gettext pkgconfig + +S = "${WORKDIR}/util-linux-${PV}" +EXTRA_OECONF += "--disable-all-programs --enable-libuuid" +LICENSE = "BSD-3-Clause" + +do_install:append() { + rm -rf ${D}${datadir} ${D}${bindir} ${D}${base_bindir} ${D}${sbindir} ${D}${base_sbindir} ${D}${exec_prefix}/sbin +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux.inc b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux.inc new file mode 100644 index 000000000..c48f9572f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux.inc @@ -0,0 +1,40 @@ +SUMMARY = "A suite of basic system administration utilities" +HOMEPAGE = "https://en.wikipedia.org/wiki/Util-linux" +DESCRIPTION = "Util-linux includes a suite of basic system administration utilities \ +commonly found on most Linux systems. Some of the more important utilities include \ +disk partitioning, kernel message management, filesystem creation, and system login." + +SECTION = "base" + +LICENSE = "GPLv2+ & LGPLv2.1+ & BSD-3-Clause & BSD-4-Clause" +LICENSE:${PN}-libblkid = "LGPLv2.1+" +LICENSE:${PN}-libfdisk = "LGPLv2.1+" +LICENSE:${PN}-libmount = "LGPLv2.1+" +LICENSE:${PN}-libsmartcols = "LGPLv2.1+" + +LIC_FILES_CHKSUM = "file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://Documentation/licenses/COPYING.GPL-2.0-or-later;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://Documentation/licenses/COPYING.LGPL-2.1-or-later;md5=4fbd65380cdd255951079008b364516c \ + file://Documentation/licenses/COPYING.BSD-3-Clause;md5=58dcd8452651fc8b07d1f65ce07ca8af \ + file://Documentation/licenses/COPYING.BSD-4-Clause-UC;md5=263860f8968d8bafa5392cab74285262 \ + file://libuuid/COPYING;md5=6d2cafc999feb2c2de84d4d24b23290c \ + file://libmount/COPYING;md5=7c7e39fb7d70ffe5d693a643e29987c2 \ + file://libblkid/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \ + file://libfdisk/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \ + file://libsmartcols/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \ +" + +FILESEXTRAPATHS:prepend := "${THISDIR}/util-linux:" +MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-linux-${PV}.tar.xz \ + file://configure-sbindir.patch \ + file://runuser.pamd \ + file://runuser-l.pamd \ + file://ptest.patch \ + file://run-ptest \ + file://display_testname_for_subtest.patch \ + file://avoid_parallel_tests.patch \ + " + +SRC_URI[sha256sum] = "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83" diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/avoid_parallel_tests.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/avoid_parallel_tests.patch new file mode 100644 index 000000000..f1cbdb3be --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/avoid_parallel_tests.patch @@ -0,0 +1,29 @@ +From ee3c7812e1efa6719af68b994804f0e6caceabd8 Mon Sep 17 00:00:00 2001 +From: Tudor Florea <tudor.florea@enea.com> +Date: Mon, 14 Jun 2021 14:00:31 +0200 +Subject: [PATCH] util-linux: Add ptest + +Ptest needs buildtest-TESTS and runtest-TESTS targets. +serial-tests is required to generate those targets. +Revert run.sh script accordingly to serialize running tests + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Inappropriate + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5664f9f..075ef27 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -11,7 +11,7 @@ AC_CONFIG_MACRO_DIR([m4]) + dnl AC_USE_SYSTEM_EXTENSIONS must be called before any macros that run + dnl the compiler (like LT_INIT) to avoid autoconf errors. + AC_USE_SYSTEM_EXTENSIONS +-AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign 1.10 tar-pax no-dist-gzip dist-xz subdir-objects]) ++AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign 1.10 tar-pax no-dist-gzip dist-xz subdir-objects serial-tests]) + + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])], + [AC_SUBST([AM_DEFAULT_VERBOSITY], [1])]) diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/configure-sbindir.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/configure-sbindir.patch new file mode 100644 index 000000000..e475289f6 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/configure-sbindir.patch @@ -0,0 +1,23 @@ +util-linux: take ${sbindir} from the environment if it is set there +fix the test, the [ ] syntax was getting eaten by autoconf + +Signed-off-by: Phil Blundell <pb@pbcl.net> +Signed-off-by: Saul Wold <sgw@linux.intel.com +Upstream-Status: Inappropriate [configuration] + +Index: util-linux-2.31/configure.ac +=================================================================== +--- util-linux-2.31.orig/configure.ac ++++ util-linux-2.31/configure.ac +@@ -89,7 +89,10 @@ AC_SUBST([runstatedir]) + usrbin_execdir='${exec_prefix}/bin' + AC_SUBST([usrbin_execdir]) + +-usrsbin_execdir='${exec_prefix}/sbin' ++if test -z "$usrsbin_execdir" ; ++then ++ usrsbin_execdir='${exec_prefix}/sbin' ++fi + AC_SUBST([usrsbin_execdir]) + + AS_CASE([$libdir], diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/display_testname_for_subtest.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/display_testname_for_subtest.patch new file mode 100644 index 000000000..417ca1d98 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/display_testname_for_subtest.patch @@ -0,0 +1,25 @@ +Display testname for subtest + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Pending + +--- + tests/functions.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/functions.sh b/tests/functions.sh +index 5246605..b24dc15 100644 +--- a/tests/functions.sh ++++ b/tests/functions.sh +@@ -320,7 +320,7 @@ function ts_init_subtest { + + if [ "$TS_PARSABLE" != "yes" ]; then + [ $TS_NSUBTESTS -eq 1 ] && echo +- printf "%16s: %-27s ..." "" "$TS_SUBNAME" ++ printf "%13s: %-30s ..." "$TS_COMPONENT" "$TS_SUBNAME" + fi + } + +-- +2.8.3 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/ptest.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/ptest.patch new file mode 100644 index 000000000..ba2bd3f6a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/ptest.patch @@ -0,0 +1,24 @@ +From af073c13ef184ca75811df688e0a0a25827b36c3 Mon Sep 17 00:00:00 2001 +From: Tudor Florea <tudor.florea@enea.com> +Date: Thu, 3 Dec 2015 04:08:00 +0100 +Subject: [PATCH] Define TESTS variable + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Pending + +--- + Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile.am b/Makefile.am +index 886598d..1cf4346 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -57,6 +57,7 @@ systemdsystemunit_DATA = + dist_bashcompletion_DATA = + check_PROGRAMS = + dist_check_SCRIPTS = ++TESTS = $(check_PROGRAMS) + + PATHFILES = + ADOCFILES_COMMON = diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/run-ptest b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/run-ptest new file mode 100644 index 000000000..3a910be12 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/run-ptest @@ -0,0 +1,24 @@ +#!/bin/sh + + +# When udevd (from eudev) is running most eject/mount tests will fail because +# of automount. We need to stop udevd before executing util-linux's tests. +# The systemd-udevd daemon doesn't change the outcome of util-linux's tests. +UDEV_PID="`pidof "@base_sbindir@/udevd"`" +if [ "x$UDEV_PID" != "x" ]; then + /etc/init.d/udev stop +fi + +current_path=$(readlink -f $0) +export bindir=$(dirname $current_path) +export PATH=$bindir/bin:$PATH + +./tests/run.sh --use-system-commands --parsable --show-diff | sed -u '{ + s/^\(.*\):\(.*\) \.\.\. OK$/PASS: \1:\2/ + s/^\(.*\):\(.*\) \.\.\. FAILED \(.*\)$/FAIL: \1:\2 \3/ + s/^\(.*\):\(.*\) \.\.\. SKIPPED \(.*\)$/SKIP: \1:\2 \3/ + }' + +if [ "x$UDEV_PID" != "x" ]; then + /etc/init.d/udev start +fi diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser-l.pamd b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser-l.pamd new file mode 100644 index 000000000..4b368ccf5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser-l.pamd @@ -0,0 +1,3 @@ +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser.pamd b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser.pamd new file mode 100644 index 000000000..48d133b9e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser.pamd @@ -0,0 +1,4 @@ +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_2.37.4.bb b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_2.37.4.bb new file mode 100644 index 000000000..d609c3006 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_2.37.4.bb @@ -0,0 +1,320 @@ +require util-linux.inc + +#gtk-doc is not enabled as it requires xmlto which requires util-linux +inherit autotools gettext manpages pkgconfig systemd update-alternatives python3-dir bash-completion ptest +DEPENDS = "libcap-ng ncurses virtual/crypt zlib util-linux-libuuid" + +PACKAGES =+ "${PN}-swaponoff" +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'pylibmount', '${PN}-pylibmount', '', d)}" + +python util_linux_binpackages () { + def pkg_hook(f, pkg, file_regex, output_pattern, modulename): + pn = d.getVar('PN') + d.appendVar('RRECOMMENDS:%s' % pn, ' %s' % pkg) + + if d.getVar('ALTERNATIVE:' + pkg): + return + if d.getVarFlag('ALTERNATIVE_LINK_NAME', modulename): + d.setVar('ALTERNATIVE:' + pkg, modulename) + + bindirs = sorted(list(set(d.expand("${base_sbindir} ${base_bindir} ${sbindir} ${bindir}").split()))) + for dir in bindirs: + do_split_packages(d, root=dir, + file_regex=r'(.*)', output_pattern='${PN}-%s', + description='${PN} %s', + hook=pkg_hook, extra_depends='') + + # There are some symlinks for some binaries which we have ignored + # above. Add them to the package owning the binary they are + # pointing to + extras = {} + dvar = d.getVar('PKGD') + for root in bindirs: + for walkroot, dirs, files in os.walk(dvar + root): + for f in files: + file = os.path.join(walkroot, f) + if not os.path.islink(file): + continue + + pkg = os.path.basename(os.readlink(file)) + extras.setdefault(pkg, []) + extras[pkg].append(file.replace(dvar, '', 1)) + + pn = d.getVar('PN') + for pkg, links in extras.items(): + of = d.getVar('FILES:' + pn + '-' + pkg) + links = of + " " + " ".join(sorted(links)) + d.setVar('FILES:' + pn + '-' + pkg, links) +} + +# we must execute before update-alternatives PACKAGE_PREPROCESS_FUNCS +PACKAGE_PREPROCESS_FUNCS =+ "util_linux_binpackages " + +# skip libuuid as it will be packaged by the util-linux-libuuid recipe +python util_linux_libpackages() { + do_split_packages(d, root=d.getVar('UTIL_LINUX_LIBDIR'), file_regex=r'^lib(?!uuid)(.*)\.so\..*$', + output_pattern='${PN}-lib%s', + description='${PN} lib%s', + extra_depends='', prepend=True, allow_links=True) +} + +PACKAGESPLITFUNCS =+ "util_linux_libpackages" + +PACKAGES_DYNAMIC = "^${PN}-.*" + +CACHED_CONFIGUREVARS += "scanf_cv_alloc_modifier=ms" +UTIL_LINUX_LIBDIR = "${libdir}" +UTIL_LINUX_LIBDIR:class-target = "${base_libdir}" +EXTRA_OECONF = "\ + --enable-libuuid --enable-libblkid \ + \ + --enable-fsck --enable-kill --enable-last --enable-mesg \ + --enable-mount --enable-partx --enable-raw --enable-rfkill \ + --enable-unshare --enable-write \ + \ + --disable-bfs --disable-login \ + --disable-makeinstall-chown --disable-minix --disable-newgrp \ + --disable-use-tty-group --disable-vipw --disable-raw \ + \ + --without-udev \ + \ + usrsbin_execdir='${sbindir}' \ + --libdir='${UTIL_LINUX_LIBDIR}' \ +" + +EXTRA_OECONF:append:class-target = " --enable-setpriv" +EXTRA_OECONF:append:class-native = " --without-cap-ng --disable-setpriv" +EXTRA_OECONF:append:class-nativesdk = " --without-cap-ng --disable-setpriv" +EXTRA_OECONF:append = " --disable-hwclock-gplv3" + +# enable pcre2 for native/nativesdk to match host distros +# this helps to keep same expectations when using the SDK or +# build host versions during development +# +PACKAGECONFIG ?= "pcre2" +PACKAGECONFIG:class-target ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'chfn-chsh pam', '', d)}" +# inherit manpages requires this to be present, however util-linux does not have +# configuration options, and installs manpages always +PACKAGECONFIG[manpages] = "" +PACKAGECONFIG[pam] = "--enable-su --enable-runuser,--disable-su --disable-runuser, libpam," +# Respect the systemd feature for uuidd +PACKAGECONFIG[systemd] = "--with-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}, --without-systemd --without-systemdsystemunitdir,systemd" +# Build python bindings for libmount +PACKAGECONFIG[pylibmount] = "--with-python=3 --enable-pylibmount,--without-python --disable-pylibmount,python3" +# Readline support +PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" +# PCRE support in hardlink +PACKAGECONFIG[pcre2] = ",,libpcre2" +PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" +PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," + +EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} CPU= CPUOPT= 'OPT=${CFLAGS}'" + +ALLOW_EMPTY:${PN} = "1" +FILES:${PN} = "" +FILES:${PN}-doc += "${datadir}/getopt/getopt-*.*" +FILES:${PN}-dev += "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.la" +FILES:${PN}-mount = "${sysconfdir}/default/mountall" +FILES:${PN}-runuser = "${sysconfdir}/pam.d/runuser*" +FILES:${PN}-su = "${sysconfdir}/pam.d/su-l" +CONFFILES:${PN}-su = "${sysconfdir}/pam.d/su-l" +FILES:${PN}-pylibmount = "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.so \ + ${PYTHON_SITEPACKAGES_DIR}/libmount/__init__.* \ + ${PYTHON_SITEPACKAGES_DIR}/libmount/__pycache__/*" + +# Util-linux' blkid replaces the e2fsprogs one +RCONFLICTS:${PN}-blkid = "${MLPREFIX}e2fsprogs-blkid" +RREPLACES:${PN}-blkid = "${MLPREFIX}e2fsprogs-blkid" + +RRECOMMENDS:${PN}:class-native = "" +RRECOMMENDS:${PN}:class-nativesdk = "" +RDEPENDS:${PN}:class-native = "" +RDEPENDS:${PN}:class-nativesdk = "" + +RDEPENDS:${PN} += " util-linux-libuuid" +RDEPENDS:${PN}-dev += " util-linux-libuuid-dev" + +RPROVIDES:${PN}-dev = "${PN}-libblkid-dev ${PN}-libmount-dev" + +RDEPENDS:${PN}-bash-completion += "${PN}-lsblk" +RDEPENDS:${PN}-ptest += "bash bc btrfs-tools coreutils e2fsprogs findutils grep iproute2 kmod mdadm procps sed socat which xz" +RRECOMMENDS:${PN}-ptest += "kernel-module-scsi-debug kernel-module-sd-mod kernel-module-loop" +RDEPENDS:${PN}-swaponoff = "${PN}-swapon ${PN}-swapoff" +ALLOW_EMPTY:${PN}-swaponoff = "1" + +#SYSTEMD_PACKAGES = "${PN}-uuidd ${PN}-fstrim" +SYSTEMD_SERVICE:${PN}-uuidd = "uuidd.socket uuidd.service" +SYSTEMD_AUTO_ENABLE:${PN}-uuidd = "disable" +SYSTEMD_SERVICE:${PN}-fstrim = "fstrim.timer fstrim.service" +SYSTEMD_AUTO_ENABLE:${PN}-fstrim = "disable" + +do_install () { + # with ccache the timestamps on compiled files may + # end up earlier than on their inputs, this allows + # for the resultant compilation in the install step. + oe_runmake 'CC=${CC}' 'LD=${LD}' \ + 'LDFLAGS=${LDFLAGS}' 'DESTDIR=${D}' install + + mkdir -p ${D}${base_bindir} + + sbinprogs="agetty ctrlaltdel cfdisk vipw vigr" + sbinprogs_a="pivot_root hwclock mkswap losetup swapon swapoff fdisk fsck blkid blockdev fstrim sulogin switch_root nologin" + binprogs_a="dmesg getopt kill more umount mount login su mountpoint" + + if [ "${base_sbindir}" != "${sbindir}" ]; then + mkdir -p ${D}${base_sbindir} + for p in $sbinprogs $sbinprogs_a; do + if [ -f "${D}${sbindir}/$p" ]; then + mv "${D}${sbindir}/$p" "${D}${base_sbindir}/$p" + fi + done + fi + + if [ "${base_bindir}" != "${bindir}" ]; then + mkdir -p ${D}${base_bindir} + for p in $binprogs_a; do + if [ -f "${D}${bindir}/$p" ]; then + mv "${D}${bindir}/$p" "${D}${base_bindir}/$p" + fi + done + fi + + install -d ${D}${sysconfdir}/default/ + echo 'MOUNTALL="-t nonfs,nosmbfs,noncpfs"' > ${D}${sysconfdir}/default/mountall + + rm -f ${D}${bindir}/chkdupexe +} + +do_install:append:class-target () { + if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then + install -d ${D}${sysconfdir}/pam.d + install -m 0644 ${WORKDIR}/runuser.pamd ${D}${sysconfdir}/pam.d/runuser + install -m 0644 ${WORKDIR}/runuser-l.pamd ${D}${sysconfdir}/pam.d/runuser-l + # Required for "su -" aka "su --login" because + # otherwise it uses "other", which has "auth pam_deny.so" + # and thus prevents the operation. + ln -s su ${D}${sysconfdir}/pam.d/su-l + fi +} +# nologin causes a conflict with shadow-native +# kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir}) +do_install:append:class-native () { + rm -f ${D}${base_sbindir}/nologin + rm -f ${D}${base_bindir}/kill +} + +# dm-verity support introduces a circular build dependency, so util-linux-libuuid is split out for target builds +# Need to build libuuid for uuidgen, but then delete it and let the other recipe ship it +do_install:append () { + rm -rf ${D}${includedir}/uuid ${D}${libdir}/pkgconfig/uuid.pc ${D}${libdir}/libuuid* ${D}${base_libdir}/libuuid* +} + +ALTERNATIVE_PRIORITY = "80" + +ALTERNATIVE_LINK_NAME[blkid] = "${base_sbindir}/blkid" +ALTERNATIVE_LINK_NAME[blockdev] = "${base_sbindir}/blockdev" +ALTERNATIVE_LINK_NAME[cal] = "${bindir}/cal" +ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn" +ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh" +ALTERNATIVE_LINK_NAME[chrt] = "${bindir}/chrt" +ALTERNATIVE_LINK_NAME[dmesg] = "${base_bindir}/dmesg" +ALTERNATIVE_LINK_NAME[eject] = "${bindir}/eject" +ALTERNATIVE_LINK_NAME[fallocate] = "${bindir}/fallocate" +ALTERNATIVE_LINK_NAME[fdisk] = "${base_sbindir}/fdisk" +ALTERNATIVE_LINK_NAME[flock] = "${bindir}/flock" +ALTERNATIVE_LINK_NAME[fsck] = "${base_sbindir}/fsck" +ALTERNATIVE_LINK_NAME[fsfreeze] = "${sbindir}/fsfreeze" +ALTERNATIVE_LINK_NAME[fstrim] = "${base_sbindir}/fstrim" +ALTERNATIVE_LINK_NAME[getopt] = "${base_bindir}/getopt" +ALTERNATIVE:${PN}-agetty = "getty" +ALTERNATIVE_LINK_NAME[getty] = "${base_sbindir}/getty" +ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty" +ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump" +ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock" +ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice" +ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill" +ALTERNATIVE:${PN}-last = "last lastb" +ALTERNATIVE_LINK_NAME[last] = "${bindir}/last" +ALTERNATIVE_LINK_NAME[lastb] = "${bindir}/lastb" +ALTERNATIVE_LINK_NAME[logger] = "${bindir}/logger" +ALTERNATIVE_LINK_NAME[losetup] = "${base_sbindir}/losetup" +ALTERNATIVE_LINK_NAME[mesg] = "${bindir}/mesg" +ALTERNATIVE_LINK_NAME[mkswap] = "${base_sbindir}/mkswap" +ALTERNATIVE_LINK_NAME[mcookie] = "${bindir}/mcookie" +ALTERNATIVE_LINK_NAME[more] = "${base_bindir}/more" +ALTERNATIVE_LINK_NAME[mount] = "${base_bindir}/mount" +ALTERNATIVE_LINK_NAME[mountpoint] = "${base_bindir}/mountpoint" +ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" +ALTERNATIVE_LINK_NAME[nsenter] = "${bindir}/nsenter" +ALTERNATIVE_LINK_NAME[pivot_root] = "${base_sbindir}/pivot_root" +ALTERNATIVE_LINK_NAME[prlimit] = "${bindir}/prlimit" +ALTERNATIVE_LINK_NAME[readprofile] = "${sbindir}/readprofile" +ALTERNATIVE_LINK_NAME[renice] = "${bindir}/renice" +ALTERNATIVE_LINK_NAME[rev] = "${bindir}/rev" +ALTERNATIVE_LINK_NAME[rfkill] = "${sbindir}/rfkill" +ALTERNATIVE_LINK_NAME[rtcwake] = "${sbindir}/rtcwake" +ALTERNATIVE_LINK_NAME[setpriv] = "${bindir}/setpriv" +ALTERNATIVE_LINK_NAME[setsid] = "${bindir}/setsid" +ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" +ALTERNATIVE_LINK_NAME[sulogin] = "${base_sbindir}/sulogin" +ALTERNATIVE_LINK_NAME[swapoff] = "${base_sbindir}/swapoff" +ALTERNATIVE_LINK_NAME[swapon] = "${base_sbindir}/swapon" +ALTERNATIVE_LINK_NAME[switch_root] = "${base_sbindir}/switch_root" +ALTERNATIVE_LINK_NAME[taskset] = "${bindir}/taskset" +ALTERNATIVE_LINK_NAME[umount] = "${base_bindir}/umount" +ALTERNATIVE_LINK_NAME[unshare] = "${bindir}/unshare" +ALTERNATIVE_LINK_NAME[utmpdump] = "${bindir}/utmpdump" +ALTERNATIVE_LINK_NAME[uuidgen] = "${bindir}/uuidgen" +ALTERNATIVE_LINK_NAME[wall] = "${bindir}/wall" + +ALTERNATIVE:${PN}-doc = "\ +blkid.8 eject.1 findfs.8 fsck.8 kill.1 last.1 lastb.1 libblkid.3 logger.1 mesg.1 \ +mountpoint.1 nologin.8 rfkill.8 sulogin.8 utmpdump.1 uuid.3 wall.1\ +" +ALTERNATIVE:${PN}-doc += "${@bb.utils.contains('PACKAGECONFIG', 'pam', 'su.1', '', d)}" + +ALTERNATIVE_LINK_NAME[blkid.8] = "${mandir}/man8/blkid.8" +ALTERNATIVE_LINK_NAME[eject.1] = "${mandir}/man1/eject.1" +ALTERNATIVE_LINK_NAME[findfs.8] = "${mandir}/man8/findfs.8" +ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8" +ALTERNATIVE_LINK_NAME[kill.1] = "${mandir}/man1/kill.1" +ALTERNATIVE_LINK_NAME[last.1] = "${mandir}/man1/last.1" +ALTERNATIVE_LINK_NAME[lastb.1] = "${mandir}/man1/lastb.1" +ALTERNATIVE_LINK_NAME[libblkid.3] = "${mandir}/man3/libblkid.3" +ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" +ALTERNATIVE_LINK_NAME[mesg.1] = "${mandir}/man1/mesg.1" +ALTERNATIVE_LINK_NAME[mountpoint.1] = "${mandir}/man1/mountpoint.1" +ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" +ALTERNATIVE_LINK_NAME[rfkill.8] = "${mandir}/man8/rfkill.8" +ALTERNATIVE_LINK_NAME[setpriv.1] = "${mandir}/man1/setpriv.1" +ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" +ALTERNATIVE_LINK_NAME[sulogin.8] = "${mandir}/man8/sulogin.8" +ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1" +ALTERNATIVE_LINK_NAME[uuid.3] = "${mandir}/man3/uuid.3" +ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1" + +BBCLASSEXTEND = "native nativesdk" + +PTEST_BINDIR = "1" +do_compile_ptest() { + oe_runmake buildtest-TESTS +} + +do_install_ptest() { + mkdir -p ${D}${PTEST_PATH}/tests/ts + find . -name 'test*' -maxdepth 1 -type f -perm -111 -exec cp {} ${D}${PTEST_PATH} \; + find ./.libs -name 'sample*' -maxdepth 1 -type f -perm -111 -exec cp {} ${D}${PTEST_PATH} \; + find ./.libs -name 'test*' -maxdepth 1 -type f -perm -111 -exec cp {} ${D}${PTEST_PATH} \; + + cp ${S}/tests/*.sh ${D}${PTEST_PATH}/tests/ + cp -pR ${S}/tests/expected ${D}${PTEST_PATH}/tests/expected + cp -pR ${S}/tests/ts ${D}${PTEST_PATH}/tests/ + cp ${WORKDIR}/build/config.h ${D}${PTEST_PATH} + + sed -i 's|@base_sbindir@|${base_sbindir}|g' ${D}${PTEST_PATH}/run-ptest + + # chfn needs PAM + if ! ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then + rm -rf ${D}${PTEST_PATH}/tests/ts/chfn + fi +} diff --git a/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib/CVE-2018-25032.patch b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib/CVE-2018-25032.patch new file mode 100644 index 000000000..9f37ba5c5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib/CVE-2018-25032.patch @@ -0,0 +1,343 @@ +From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Tue, 17 Apr 2018 22:09:22 -0700 +Subject: [PATCH] Fix a bug that can crash deflate on some input when using + Z_FIXED. + +This bug was reported by Danilo Ramos of Eideticom, Inc. It has +lain in wait 13 years before being found! The bug was introduced +in zlib 1.2.2.2, with the addition of the Z_FIXED option. That +option forces the use of fixed Huffman codes. For rare inputs with +a large number of distant matches, the pending buffer into which +the compressed data is written can overwrite the distance symbol +table which it overlays. That results in corrupted output due to +invalid distances, and can result in out-of-bound accesses, +crashing the application. + +The fix here combines the distance buffer and literal/length +buffers into a single symbol buffer. Now three bytes of pending +buffer space are opened up for each literal or length/distance +pair consumed, instead of the previous two bytes. This assures +that the pending buffer cannot overwrite the symbol table, since +the maximum fixed code compressed length/distance is 31 bits, and +since there are four bytes of pending space for every three bytes +of symbol space. +--- + deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++--------------- + deflate.h | 25 +++++++++---------- + trees.c | 50 +++++++++++-------------------------- + 3 files changed, 79 insertions(+), 70 deletions(-) + +diff --git a/deflate.c b/deflate.c +index 425babc00..19cba873a 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + int wrap = 1; + static const char my_version[] = ZLIB_VERSION; + +- ushf *overlay; +- /* We overlay pending_buf and d_buf+l_buf. This works since the average +- * output size for (length,distance) codes is <= 24 bits. +- */ +- + if (version == Z_NULL || version[0] != my_version[0] || + stream_size != sizeof(z_stream)) { + return Z_VERSION_ERROR; +@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + + s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ + +- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); +- s->pending_buf = (uchf *) overlay; +- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); ++ /* We overlay pending_buf and sym_buf. This works since the average size ++ * for length/distance pairs over any compressed block is assured to be 31 ++ * bits or less. ++ * ++ * Analysis: The longest fixed codes are a length code of 8 bits plus 5 ++ * extra bits, for lengths 131 to 257. The longest fixed distance codes are ++ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest ++ * possible fixed-codes length/distance pair is then 31 bits total. ++ * ++ * sym_buf starts one-fourth of the way into pending_buf. So there are ++ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol ++ * in sym_buf is three bytes -- two for the distance and one for the ++ * literal/length. As each symbol is consumed, the pointer to the next ++ * sym_buf value to read moves forward three bytes. From that symbol, up to ++ * 31 bits are written to pending_buf. The closest the written pending_buf ++ * bits gets to the next sym_buf symbol to read is just before the last ++ * code is written. At that time, 31*(n-2) bits have been written, just ++ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at ++ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 ++ * symbols are written.) The closest the writing gets to what is unread is ++ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and ++ * can range from 128 to 32768. ++ * ++ * Therefore, at a minimum, there are 142 bits of space between what is ++ * written and what is read in the overlain buffers, so the symbols cannot ++ * be overwritten by the compressed data. That space is actually 139 bits, ++ * due to the three-bit fixed-code block header. ++ * ++ * That covers the case where either Z_FIXED is specified, forcing fixed ++ * codes, or when the use of fixed codes is chosen, because that choice ++ * results in a smaller compressed block than dynamic codes. That latter ++ * condition then assures that the above analysis also covers all dynamic ++ * blocks. A dynamic-code block will only be chosen to be emitted if it has ++ * fewer bits than a fixed-code block would for the same set of symbols. ++ * Therefore its average symbol length is assured to be less than 31. So ++ * the compressed data for a dynamic block also cannot overwrite the ++ * symbols from which it is being constructed. ++ */ ++ ++ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); ++ s->pending_buf_size = (ulg)s->lit_bufsize * 4; + + if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || + s->pending_buf == Z_NULL) { +@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + deflateEnd (strm); + return Z_MEM_ERROR; + } +- s->d_buf = overlay + s->lit_bufsize/sizeof(ush); +- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; ++ s->sym_buf = s->pending_buf + s->lit_bufsize; ++ s->sym_end = (s->lit_bufsize - 1) * 3; ++ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K ++ * on 16 bit machines and because stored blocks are restricted to ++ * 64K-1 bytes. ++ */ + + s->level = level; + s->strategy = strategy; +@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value) + + if (deflateStateCheck(strm)) return Z_STREAM_ERROR; + s = strm->state; +- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) ++ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) + return Z_BUF_ERROR; + do { + put = Buf_size - s->bi_valid; +@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source) + #else + deflate_state *ds; + deflate_state *ss; +- ushf *overlay; + + + if (deflateStateCheck(source) || dest == Z_NULL) { +@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source) + ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); + ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); + ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); +- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); +- ds->pending_buf = (uchf *) overlay; ++ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); + + if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || + ds->pending_buf == Z_NULL) { +@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source) + zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); + + ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); +- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); +- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; ++ ds->sym_buf = ds->pending_buf + ds->lit_bufsize; + + ds->l_desc.dyn_tree = ds->dyn_ltree; + ds->d_desc.dyn_tree = ds->dyn_dtree; +@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +diff --git a/deflate.h b/deflate.h +index 23ecdd312..d4cf1a98b 100644 +--- a/deflate.h ++++ b/deflate.h +@@ -217,7 +217,7 @@ typedef struct internal_state { + /* Depth of each subtree used as tie breaker for trees of equal frequency + */ + +- uchf *l_buf; /* buffer for literals or lengths */ ++ uchf *sym_buf; /* buffer for distances and literals/lengths */ + + uInt lit_bufsize; + /* Size of match buffer for literals/lengths. There are 4 reasons for +@@ -239,13 +239,8 @@ typedef struct internal_state { + * - I can't count above 4 + */ + +- uInt last_lit; /* running index in l_buf */ +- +- ushf *d_buf; +- /* Buffer for distances. To simplify the code, d_buf and l_buf have +- * the same number of elements. To use different lengths, an extra flag +- * array would be necessary. +- */ ++ uInt sym_next; /* running index in sym_buf */ ++ uInt sym_end; /* symbol table full when sym_next reaches this */ + + ulg opt_len; /* bit length of current block with optimal trees */ + ulg static_len; /* bit length of current block with static trees */ +@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf, + + # define _tr_tally_lit(s, c, flush) \ + { uch cc = (c); \ +- s->d_buf[s->last_lit] = 0; \ +- s->l_buf[s->last_lit++] = cc; \ ++ s->sym_buf[s->sym_next++] = 0; \ ++ s->sym_buf[s->sym_next++] = 0; \ ++ s->sym_buf[s->sym_next++] = cc; \ + s->dyn_ltree[cc].Freq++; \ +- flush = (s->last_lit == s->lit_bufsize-1); \ ++ flush = (s->sym_next == s->sym_end); \ + } + # define _tr_tally_dist(s, distance, length, flush) \ + { uch len = (uch)(length); \ + ush dist = (ush)(distance); \ +- s->d_buf[s->last_lit] = dist; \ +- s->l_buf[s->last_lit++] = len; \ ++ s->sym_buf[s->sym_next++] = dist; \ ++ s->sym_buf[s->sym_next++] = dist >> 8; \ ++ s->sym_buf[s->sym_next++] = len; \ + dist--; \ + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ + s->dyn_dtree[d_code(dist)].Freq++; \ +- flush = (s->last_lit == s->lit_bufsize-1); \ ++ flush = (s->sym_next == s->sym_end); \ + } + #else + # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) +diff --git a/trees.c b/trees.c +index 4f4a65011..decaeb7c3 100644 +--- a/trees.c ++++ b/trees.c +@@ -416,7 +416,7 @@ local void init_block(s) + + s->dyn_ltree[END_BLOCK].Freq = 1; + s->opt_len = s->static_len = 0L; +- s->last_lit = s->matches = 0; ++ s->sym_next = s->matches = 0; + } + + #define SMALLEST 1 +@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) + + Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, +- s->last_lit)); ++ s->sym_next / 3)); + + if (static_lenb <= opt_lenb) opt_lenb = static_lenb; + +@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) + unsigned dist; /* distance of matched string */ + unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ + { +- s->d_buf[s->last_lit] = (ush)dist; +- s->l_buf[s->last_lit++] = (uch)lc; ++ s->sym_buf[s->sym_next++] = dist; ++ s->sym_buf[s->sym_next++] = dist >> 8; ++ s->sym_buf[s->sym_next++] = lc; + if (dist == 0) { + /* lc is the unmatched char */ + s->dyn_ltree[lc].Freq++; +@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) + s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; + s->dyn_dtree[d_code(dist)].Freq++; + } +- +-#ifdef TRUNCATE_BLOCK +- /* Try to guess if it is profitable to stop the current block here */ +- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { +- /* Compute an upper bound for the compressed length */ +- ulg out_length = (ulg)s->last_lit*8L; +- ulg in_length = (ulg)((long)s->strstart - s->block_start); +- int dcode; +- for (dcode = 0; dcode < D_CODES; dcode++) { +- out_length += (ulg)s->dyn_dtree[dcode].Freq * +- (5L+extra_dbits[dcode]); +- } +- out_length >>= 3; +- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", +- s->last_lit, in_length, out_length, +- 100L - out_length*100L/in_length)); +- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; +- } +-#endif +- return (s->last_lit == s->lit_bufsize-1); +- /* We avoid equality with lit_bufsize because of wraparound at 64K +- * on 16 bit machines and because stored blocks are restricted to +- * 64K-1 bytes. +- */ ++ return (s->sym_next == s->sym_end); + } + + /* =========================================================================== +@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree) + { + unsigned dist; /* distance of matched string */ + int lc; /* match length or unmatched char (if dist == 0) */ +- unsigned lx = 0; /* running index in l_buf */ ++ unsigned sx = 0; /* running index in sym_buf */ + unsigned code; /* the code to send */ + int extra; /* number of extra bits to send */ + +- if (s->last_lit != 0) do { +- dist = s->d_buf[lx]; +- lc = s->l_buf[lx++]; ++ if (s->sym_next != 0) do { ++ dist = s->sym_buf[sx++] & 0xff; ++ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; ++ lc = s->sym_buf[sx++]; + if (dist == 0) { + send_code(s, lc, ltree); /* send a literal byte */ + Tracecv(isgraph(lc), (stderr," '%c' ", lc)); +@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree) + } + } /* literal or match pair ? */ + +- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ +- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, +- "pendingBuf overflow"); ++ /* Check that the overlay between pending_buf and sym_buf is ok: */ ++ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); + +- } while (lx < s->last_lit); ++ } while (sx < s->sym_next); + + send_code(s, END_BLOCK, ltree); + } diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib_%.bbappend index fa58d9726..09dea7c00 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib_%.bbappend @@ -1,4 +1,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += " \ + file://CVE-2018-25032.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend b/meta-openbmc-mods/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend new file mode 100644 index 000000000..de026d919 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +do_install:append() { + sed -i -e"s/ network-online.target//g" ${D}${systemd_system_unitdir}/rsyslog.service +}
\ No newline at end of file diff --git a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb index 1a7e3a26c..64f0289af 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb +++ b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb @@ -2,7 +2,7 @@ SUMMARY = "SMBIOS MDR version 2 service for Intel based platform" DESCRIPTION = "SMBIOS MDR version 2 service for Intel based platfrom" SRC_URI = "git://github.com/openbmc/smbios-mdr.git" -SRCREV = "0435a483afb10a5eabe7ae93f07fbb2d2265e53f" +SRCREV = "473d890ea7fa48e1f3925f085e870dae67d68527" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0002-gpio-gpio-aspeed-sgpio-Fix-wrong-hwirq-base-in-irq-h.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0002-gpio-gpio-aspeed-sgpio-Fix-wrong-hwirq-base-in-irq-h.patch new file mode 100644 index 000000000..5109211df --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0002-gpio-gpio-aspeed-sgpio-Fix-wrong-hwirq-base-in-irq-h.patch @@ -0,0 +1,33 @@ +From 4e5ae852c4ab46c684d71d04c30dbfd01fbccae0 Mon Sep 17 00:00:00 2001 +From: Steven Lee <steven_lee@aspeedtech.com> +Date: Tue, 14 Dec 2021 12:02:38 +0800 +Subject: [PATCH] gpio: gpio-aspeed-sgpio: Fix wrong hwirq base in irq handler + +Each aspeed sgpio bank has 64 gpio pins(32 input pins and 32 output pins). +The hwirq base for each sgpio bank should be multiples of 64 rather than +multiples of 32. + +Signed-off-by: Steven Lee <steven_lee@aspeedtech.com> +Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl> +(cherry picked from commit e5a7431f5a2d6dcff7d516ee9d178a3254b17b87) +Signed-off-by: Sujoy Ray <sujoy.ray@intel.com> +--- + drivers/gpio/gpio-aspeed-sgpio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpio/gpio-aspeed-sgpio.c b/drivers/gpio/gpio-aspeed-sgpio.c +index 931d5c38d7de..454cefbeecf0 100644 +--- a/drivers/gpio/gpio-aspeed-sgpio.c ++++ b/drivers/gpio/gpio-aspeed-sgpio.c +@@ -395,7 +395,7 @@ static void aspeed_sgpio_irq_handler(struct irq_desc *desc) + reg = ioread32(bank_reg(data, bank, reg_irq_status)); + + for_each_set_bit(p, ®, 32) +- generic_handle_domain_irq(gc->irq.domain, i * 32 + p * 2); ++ generic_handle_domain_irq(gc->irq.domain, (i * 32 + p) * 2); + } + + chained_irq_exit(ic, desc); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0003-Add-mux-deselect-support-on-timeout.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0003-Add-mux-deselect-support-on-timeout.patch new file mode 100644 index 000000000..0248d55ff --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0003-Add-mux-deselect-support-on-timeout.patch @@ -0,0 +1,95 @@ +From 51374967e9c5be8b0bfa093d7c62e7093f1eff94 Mon Sep 17 00:00:00 2001 +From: "Arun P. Mohanan" <arun.p.m@linux.intel.com> +Date: Wed, 27 Apr 2022 10:16:47 +0530 +Subject: [PATCH] i2c: mux: Add mux deselect support on timeout + +Add support to deselect the mux when there is a timeout. +The mux idle_state settings will be configured on startup. In case of +MCTP it is MUX_IDLE_DISCONNECT. But when there is a timeout, mux ends +up in connected position and the devices behind the mux will appear under +different muxes connected to the same bus. This change fix the same. + +Signed-off-by: Arun P. Mohanan <arun.p.m@linux.intel.com> +--- + drivers/i2c/i2c-mux.c | 15 ++++++++++----- + include/linux/i2c-mux.h | 1 + + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/drivers/i2c/i2c-mux.c b/drivers/i2c/i2c-mux.c +index ce3c3ad3f129..abdfd7513df2 100644 +--- a/drivers/i2c/i2c-mux.c ++++ b/drivers/i2c/i2c-mux.c +@@ -36,9 +36,11 @@ struct i2c_mux_priv { + u32 chan_id; + }; + +-static void i2c_mux_hold(struct i2c_mux_core *muxc, unsigned long timeout) ++static void i2c_mux_hold(struct i2c_mux_core *muxc, u32 chan_id, ++ unsigned long timeout) + { + mutex_lock(&muxc->hold_lock); ++ muxc->holder_chan_id = chan_id; + schedule_delayed_work(&muxc->unhold_work, timeout); + } + +@@ -54,6 +56,9 @@ static void i2c_mux_unhold_work(struct work_struct *work) + struct i2c_mux_core *muxc = container_of(dwork, struct i2c_mux_core, + unhold_work); + ++ if (muxc->deselect) ++ muxc->deselect(muxc, muxc->holder_chan_id); ++ + mutex_unlock(&muxc->hold_lock); + } + +@@ -74,7 +79,7 @@ static int __i2c_mux_master_xfer(struct i2c_adapter *adap, + (u16 *)msgs[num - 1].buf); + if (hold_msg == I2C_HOLD_MSG_SET) { + timeout = msecs_to_jiffies(*(u16 *)msgs[num - 1].buf); +- i2c_mux_hold(muxc, timeout); ++ i2c_mux_hold(muxc, priv->chan_id, timeout); + } else if (hold_msg == I2C_HOLD_MSG_NONE) { + mutex_lock(&muxc->hold_lock); + } +@@ -112,7 +117,7 @@ static int i2c_mux_master_xfer(struct i2c_adapter *adap, + (u16 *)msgs[num - 1].buf); + if (hold_msg == I2C_HOLD_MSG_SET) { + timeout = msecs_to_jiffies(*(u16 *)msgs[num - 1].buf); +- i2c_mux_hold(muxc, timeout); ++ i2c_mux_hold(muxc, priv->chan_id, timeout); + } else if (hold_msg == I2C_HOLD_MSG_NONE) { + mutex_lock(&muxc->hold_lock); + } +@@ -150,7 +155,7 @@ static int __i2c_mux_smbus_xfer(struct i2c_adapter *adap, + &data->word); + if (hold_msg == I2C_HOLD_MSG_SET) { + timeout = msecs_to_jiffies(data->word); +- i2c_mux_hold(muxc, timeout); ++ i2c_mux_hold(muxc, priv->chan_id, timeout); + } else if (hold_msg == I2C_HOLD_MSG_NONE) { + mutex_lock(&muxc->hold_lock); + } +@@ -189,7 +194,7 @@ static int i2c_mux_smbus_xfer(struct i2c_adapter *adap, + &data->word); + if (hold_msg == I2C_HOLD_MSG_SET) { + timeout = msecs_to_jiffies(data->word); +- i2c_mux_hold(muxc, timeout); ++ i2c_mux_hold(muxc, priv->chan_id, timeout); + } else if (hold_msg == I2C_HOLD_MSG_NONE) { + mutex_lock(&muxc->hold_lock); + } +diff --git a/include/linux/i2c-mux.h b/include/linux/i2c-mux.h +index 43c40680d8c5..3d2586062ccc 100644 +--- a/include/linux/i2c-mux.h ++++ b/include/linux/i2c-mux.h +@@ -29,6 +29,7 @@ struct i2c_mux_core { + int (*deselect)(struct i2c_mux_core *, u32 chan_id); + + struct mutex hold_lock; /* mutex for channel holding */ ++ u32 holder_chan_id; + struct delayed_work unhold_work; + + int num_adapters; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-22600.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-22600.patch new file mode 100644 index 000000000..6897998d9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-22600.patch @@ -0,0 +1,41 @@ +From ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 Mon Sep 17 00:00:00 2001 +From: Willem de Bruijn <willemb@google.com> +Date: Wed, 15 Dec 2021 09:39:37 -0500 +Subject: net/packet: rx_owner_map depends on pg_vec + +Packet sockets may switch ring versions. Avoid misinterpreting state +between versions, whose fields share a union. rx_owner_map is only +allocated with a packet ring (pg_vec) and both are swapped together. +If pg_vec is NULL, meaning no packet ring was allocated, then neither +was rx_owner_map. And the field may be old state from a tpacket_v3. + +Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition") +Reported-by: Syzbot <syzbot+1ac0994a0a0c55151121@syzkaller.appspotmail.com> +Signed-off-by: Willem de Bruijn <willemb@google.com> +Reviewed-by: Eric Dumazet <edumazet@google.com> +Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com +Signed-off-by: Jakub Kicinski <kuba@kernel.org> +--- + net/packet/af_packet.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 46943a18a10d5..76c2dca7f0a59 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -4492,9 +4492,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + } + + out_free_pg_vec: +- bitmap_free(rx_owner_map); +- if (pg_vec) ++ if (pg_vec) { ++ bitmap_free(rx_owner_map); + free_pg_vec(pg_vec, order, req->tp_block_nr); ++ } + out: + return err; + } +-- +cgit 1.2.3-1.el7 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-001.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-001.patch new file mode 100644 index 000000000..065861699 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-001.patch @@ -0,0 +1,146 @@ +From mboxrd@z Thu Jan 1 00:00:00 1970 +Return-Path: <linux-kernel-owner@kernel.org> +X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on + aws-us-west-2-korg-lkml-1.web.codeaurora.org +Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) + by smtp.lore.kernel.org (Postfix) with ESMTP id 2746BC433F5 + for <linux-kernel@archiver.kernel.org>; Thu, 9 Dec 2021 21:47:21 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S232085AbhLIVuw (ORCPT <rfc822;linux-kernel@archiver.kernel.org>); + Thu, 9 Dec 2021 16:50:52 -0500 +Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54404 "EHLO + lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org + with ESMTP id S231216AbhLIVut (ORCPT + <rfc822;linux-kernel@vger.kernel.org>); + Thu, 9 Dec 2021 16:50:49 -0500 +Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) + by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15ABAC061746 + for <linux-kernel@vger.kernel.org>; Thu, 9 Dec 2021 13:47:16 -0800 (PST) +Received: by mail-pl1-x636.google.com with SMTP id u11so4909590plf.3 + for <linux-kernel@vger.kernel.org>; Thu, 09 Dec 2021 13:47:16 -0800 (PST) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=gmail.com; s=20210112; + h=sender:from:to:cc:subject:date:message-id:in-reply-to:references + :mime-version:content-transfer-encoding; + bh=a8swiEXoojgR8fMVEpmKtUWFtMz5ImAG/VTZz39Zgtg=; + b=iK06xmgZWH845WJbjlaSUNXX2witJGET/NOunc7vcXITqaQ+J0OYBlbsrVZWqXmNpq + 1ZkdS89uhl9wPRwln+nGOF3CDgn2rOlIZHy5q1hYCjPeXIRqSUNk66eYbMP9k/CE9ofE + 4Bq4HI5Zj9L3TaxJgIf5/fGE4YPT74ZH3DlBwA0YH1Mdmxl6bb+jmHmsOxvH8pNxJK2U + Am31x8dqOy61eJi8NizKPzwK6/hjeE+hdG5m1Nmnk5DWCfUUnOtRBxQrB5e0Hbo6JCPQ + kMKE3uw5v51EwhqYJNYnL//1RO98imhrjATlvuqHU0d4v4a1XKlWxqUx16iTYCvsosnF + Mo7g== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20210112; + h=x-gm-message-state:sender:from:to:cc:subject:date:message-id + :in-reply-to:references:mime-version:content-transfer-encoding; + bh=a8swiEXoojgR8fMVEpmKtUWFtMz5ImAG/VTZz39Zgtg=; + b=X87PriTxCChj/TkUhDJr4aE+PHQusR2F4ehhhro6BdZc5SYUMwHjWUuCSK1tY1BEd7 + GEtuuXtKD9Db1y31IHETMUDBRRQny9Bq+8CoZXeFfl8e4QU+kXToVAnnqHrTCQ2ixDIO + HvXo4+VYI0Pw2Xa0bBM73tTCOG6eD1vmsgzxHqD8OrvgJjwI+17qwUO+OHj8VDBTkCCK + 4RVwKbKbdUXavEkciY+gosUlmFzgA7H7cr259iTbG+HBuR2UKxpGted3TTLX873mLsbr + lIjyLjYxMaH5sJyj3cb18H5JWn1ib9XEtL7iGv8ihZQLHat2kLIepfnH+EdLIiEZ/5ul + Rc+g== +X-Gm-Message-State: AOAM530B/Jym56zUeVEmuQkH/0YbXn40Om9sSgzLwWEWqda400Am/sDL + kt7aQzHmCCChtT5uZ2factg= +X-Google-Smtp-Source: ABdhPJx+0LW9W6RtSgFd704deVCu5AmHhWzYPMKR8HLuTdkfp5ILPOsf/i/FyG1u0yQsz5MqjeYppg== +X-Received: by 2002:a17:90b:1c81:: with SMTP id oo1mr19350534pjb.137.1639086435505; + Thu, 09 Dec 2021 13:47:15 -0800 (PST) +Received: from localhost (2603-800c-1a02-1bae-e24f-43ff-fee6-449f.res6.spectrum.com. [2603:800c:1a02:1bae:e24f:43ff:fee6:449f]) + by smtp.gmail.com with ESMTPSA id h5sm673182pfc.113.2021.12.09.13.47.14 + (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); + Thu, 09 Dec 2021 13:47:15 -0800 (PST) +Sender: Tejun Heo <htejun@gmail.com> +From: Tejun Heo <tj@kernel.org> +To: torvalds@linuxfoundation.org, ebiederm@xmission.com, + mkoutny@suse.com, axboe@kernel.dk, keescook@chromium.org, + oleg@redhat.com, peterz@infradead.org, tglx@linutronix.de, + jnewsome@torproject.org, legion@kernel.org, luto@amacapital.net, + jannh@google.com +Cc: linux-kernel@vger.kernel.org, security@kernel.org, + kernel-team@fb.com, Tejun Heo <tj@kernel.org> +Subject: [PATCH 1/6] cgroup: Use open-time credentials for process migraton perm checks +Date: Thu, 9 Dec 2021 11:47:02 -1000 +Message-Id: <20211209214707.805617-2-tj@kernel.org> +X-Mailer: git-send-email 2.34.1 +In-Reply-To: <20211209214707.805617-1-tj@kernel.org> +References: <20211209214707.805617-1-tj@kernel.org> +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Precedence: bulk +List-ID: <linux-kernel.vger.kernel.org> +X-Mailing-List: linux-kernel@vger.kernel.org + +cgroup process migration permission checks are performed at write time as +whether a given operation is allowed or not is dependent on the content of +the write - the PID. This currently uses current's credentials which is a +potential security weakness as it may allow scenarios where a less +privileged process tricks a more privileged one into writing into a fd that +it created. + +This patch makes both cgroup2 and cgroup1 process migration interfaces to +use the credentials saved at the time of open (file->f_cred) instead of +current's. + +Signed-off-by: Tejun Heo <tj@kernel.org> +Reported-by: "Eric W. Biederman" <ebiederm@xmission.com> +Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> +Cc: Michal Koutný <mkoutny@suse.com> +--- + kernel/cgroup/cgroup-v1.c | 7 ++++--- + kernel/cgroup/cgroup.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c +index 81c9e0685948..0e7369103ba6 100644 +--- a/kernel/cgroup/cgroup-v1.c ++++ b/kernel/cgroup/cgroup-v1.c +@@ -504,10 +504,11 @@ static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of, + goto out_unlock; + + /* +- * Even if we're attaching all tasks in the thread group, we only +- * need to check permissions on one of them. ++ * Even if we're attaching all tasks in the thread group, we only need ++ * to check permissions on one of them. Check permissions using the ++ * credentials from file open to protect against inherited fd attacks. + */ +- cred = current_cred(); ++ cred = of->file->f_cred; + tcred = get_task_cred(task); + if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) && + !uid_eq(cred->euid, tcred->uid) && +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 919194de39c8..2632e46da1d4 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -4892,6 +4892,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, + { + struct cgroup *src_cgrp, *dst_cgrp; + struct task_struct *task; ++ const struct cred *saved_cred; + ssize_t ret; + bool locked; + +@@ -4909,9 +4910,15 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, + src_cgrp = task_cgroup_from_root(task, &cgrp_dfl_root); + spin_unlock_irq(&css_set_lock); + +- /* process and thread migrations follow same delegation rule */ ++ /* ++ * Process and thread migrations follow same delegation rule. Check ++ * permissions using the credentials from file open to protect against ++ * inherited fd attacks. ++ */ ++ saved_cred = override_creds(of->file->f_cred); + ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, + of->file->f_path.dentry->d_sb, threadgroup); ++ revert_creds(saved_cred); + if (ret) + goto out_finish; + +-- +2.34.1 + + + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-002.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-002.patch new file mode 100644 index 000000000..afa5d75dc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-002.patch @@ -0,0 +1,234 @@ +From mboxrd@z Thu Jan 1 00:00:00 1970 +Return-Path: <linux-kernel-owner@kernel.org> +X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on + aws-us-west-2-korg-lkml-1.web.codeaurora.org +Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) + by smtp.lore.kernel.org (Postfix) with ESMTP id A3D2FC433F5 + for <linux-kernel@archiver.kernel.org>; Thu, 9 Dec 2021 21:47:23 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S232241AbhLIVu4 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>); + Thu, 9 Dec 2021 16:50:56 -0500 +Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54408 "EHLO + lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org + with ESMTP id S232095AbhLIVuv (ORCPT + <rfc822;linux-kernel@vger.kernel.org>); + Thu, 9 Dec 2021 16:50:51 -0500 +Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) + by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3818C0617A1 + for <linux-kernel@vger.kernel.org>; Thu, 9 Dec 2021 13:47:17 -0800 (PST) +Received: by mail-pf1-x436.google.com with SMTP id k26so6616237pfp.10 + for <linux-kernel@vger.kernel.org>; Thu, 09 Dec 2021 13:47:17 -0800 (PST) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=gmail.com; s=20210112; + h=sender:from:to:cc:subject:date:message-id:in-reply-to:references + :mime-version:content-transfer-encoding; + bh=22UN/WZfz3+QYellK/yP53GLUSfFKJJ2R3F2tAgAET8=; + b=crlPZVYNT73j5kM8EcWEaWtWHdf132nCoHr9bHqpRMOsXF6Tbyn6sCi+bH/WLX/04M + hmOzvTEigEvwqsv/WgDLTnRhMpSgRvm9ewWUI9TDgYP8A3UP2G6Xj80jdt2qYMxJFm7e + 2NE0lc/MxGejNYvOIyonGtOOeJSq94vsLBkhaQfkvp9pWTS+qcxGS2rXiEsSqKYHj0/q + NrZ9Aik0soSXMvwrfc8PwQi8hpeyXkwocPf5zSbYCv+gU2kckT61xqdohuyOogLYA6c7 + gqCxYsOQ+aG2LfQsGnf6N+l8OisU2/FNLyKcqAUFGdpYuOOLzt2AwrK7EaCu3IROSejk + NngQ== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20210112; + h=x-gm-message-state:sender:from:to:cc:subject:date:message-id + :in-reply-to:references:mime-version:content-transfer-encoding; + bh=22UN/WZfz3+QYellK/yP53GLUSfFKJJ2R3F2tAgAET8=; + b=MpoYTlLkkOA7YDQMm1M/rxR4LjUNfnLJYNsIeotlztd3ukdc9/AXWpGrQcHsdenRhy + oy8sLRD12FWLK+krGYxyYhFqICYWvmbuPHFdrXzwD9ahvyuSw+bX2HvJKDRzdyf8Dh2w + WQT1UAPTc1RZBUh162t0df4zc//YX4x8WcrQhR+0IxJKo8B9ppAIJx/jsvGScd7S2djW + 8Wb+pMDt/T+/m80Q4XYS+beGQvJmN/lbrvI3d5QIiyIBJmBzGeyBnpjHBdFLMq+nlHNL + K2JO9UWZuy2WdT3WPqPc255QpKKJd/zD4zYZHbUe0EPS43dNC6G0pNvskSKQEgtY1NAP + 3zog== +X-Gm-Message-State: AOAM532QYv3rmIs4gLNSmAuScYZKJ3W8ir7h2ivU8RrjE6JNltIf0gNw + +T1Axm3vZZOT4PLYH5sfpss= +X-Google-Smtp-Source: ABdhPJzx0JxIsxMlhk/9r19Od8fyJzNtci3c4nOm3wCVXBhPyh+d2N/zpOeq1+rslnsz0H27YHYyIA== +X-Received: by 2002:a63:6cc8:: with SMTP id h191mr36732362pgc.76.1639086437332; + Thu, 09 Dec 2021 13:47:17 -0800 (PST) +Received: from localhost (2603-800c-1a02-1bae-e24f-43ff-fee6-449f.res6.spectrum.com. [2603:800c:1a02:1bae:e24f:43ff:fee6:449f]) + by smtp.gmail.com with ESMTPSA id rm1sm10646953pjb.3.2021.12.09.13.47.16 + (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); + Thu, 09 Dec 2021 13:47:16 -0800 (PST) +Sender: Tejun Heo <htejun@gmail.com> +From: Tejun Heo <tj@kernel.org> +To: torvalds@linuxfoundation.org, ebiederm@xmission.com, + mkoutny@suse.com, axboe@kernel.dk, keescook@chromium.org, + oleg@redhat.com, peterz@infradead.org, tglx@linutronix.de, + jnewsome@torproject.org, legion@kernel.org, luto@amacapital.net, + jannh@google.com +Cc: linux-kernel@vger.kernel.org, security@kernel.org, + kernel-team@fb.com, Tejun Heo <tj@kernel.org> +Subject: [PATCH 2/6] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv +Date: Thu, 9 Dec 2021 11:47:03 -1000 +Message-Id: <20211209214707.805617-3-tj@kernel.org> +X-Mailer: git-send-email 2.34.1 +In-Reply-To: <20211209214707.805617-1-tj@kernel.org> +References: <20211209214707.805617-1-tj@kernel.org> +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Precedence: bulk +List-ID: <linux-kernel.vger.kernel.org> +X-Mailing-List: linux-kernel@vger.kernel.org + +of->priv is currently used by each interface file implementation to store +private information. This patch collects the current two private data usages +into struct cgroup_file_ctx which is allocated and freed by the common path. +This allows generic private data which applies to multiple files, which will +be used to in the following patch. + +Signed-off-by: Tejun Heo <tj@kernel.org> +--- + kernel/cgroup/cgroup-internal.h | 12 +++++++++ + kernel/cgroup/cgroup.c | 47 ++++++++++++++++++++++++--------- + 2 files changed, 46 insertions(+), 13 deletions(-) + +diff --git a/kernel/cgroup/cgroup-internal.h b/kernel/cgroup/cgroup-internal.h +index bfbeabc17a9d..8f681f14828c 100644 +--- a/kernel/cgroup/cgroup-internal.h ++++ b/kernel/cgroup/cgroup-internal.h +@@ -65,6 +65,18 @@ static inline struct cgroup_fs_context *cgroup_fc2context(struct fs_context *fc) + return container_of(kfc, struct cgroup_fs_context, kfc); + } + ++struct cgroup_file_ctx { ++ union { ++ struct { ++ struct css_task_iter *it; ++ } procs; ++ ++ struct { ++ void *trigger; ++ } psi; ++ }; ++}; ++ + /* + * A cgroup can be associated with multiple css_sets as different tasks may + * belong to different cgroups on different hierarchies. In the other +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 2632e46da1d4..2992eb7e8244 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -3630,6 +3630,7 @@ static int cgroup_cpu_pressure_show(struct seq_file *seq, void *v) + static ssize_t cgroup_pressure_write(struct kernfs_open_file *of, char *buf, + size_t nbytes, enum psi_res res) + { ++ struct cgroup_file_ctx *ctx = of->priv; + struct psi_trigger *new; + struct cgroup *cgrp; + struct psi_group *psi; +@@ -3648,7 +3649,7 @@ static ssize_t cgroup_pressure_write(struct kernfs_open_file *of, char *buf, + return PTR_ERR(new); + } + +- psi_trigger_replace(&of->priv, new); ++ psi_trigger_replace(&ctx->psi.trigger, new); + + cgroup_put(cgrp); + +@@ -3679,12 +3680,16 @@ static ssize_t cgroup_cpu_pressure_write(struct kernfs_open_file *of, + static __poll_t cgroup_pressure_poll(struct kernfs_open_file *of, + poll_table *pt) + { +- return psi_trigger_poll(&of->priv, of->file, pt); ++ struct cgroup_file_ctx *ctx = of->priv; ++ ++ return psi_trigger_poll(&ctx->psi.trigger, of->file, pt); + } + + static void cgroup_pressure_release(struct kernfs_open_file *of) + { +- psi_trigger_replace(&of->priv, NULL); ++ struct cgroup_file_ctx *ctx = of->priv; ++ ++ psi_trigger_replace(&ctx->psi.trigger, NULL); + } + + bool cgroup_psi_enabled(void) +@@ -3811,18 +3816,31 @@ static ssize_t cgroup_kill_write(struct kernfs_open_file *of, char *buf, + static int cgroup_file_open(struct kernfs_open_file *of) + { + struct cftype *cft = of_cft(of); ++ struct cgroup_file_ctx *ctx; ++ int ret; + +- if (cft->open) +- return cft->open(of); +- return 0; ++ ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); ++ if (!ctx) ++ return -ENOMEM; ++ of->priv = ctx; ++ ++ if (!cft->open) ++ return 0; ++ ++ ret = cft->open(of); ++ if (ret) ++ kfree(ctx); ++ return ret; + } + + static void cgroup_file_release(struct kernfs_open_file *of) + { + struct cftype *cft = of_cft(of); ++ struct cgroup_file_ctx *ctx = of->priv; + + if (cft->release) + cft->release(of); ++ kfree(ctx); + } + + static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf, +@@ -4751,21 +4769,23 @@ void css_task_iter_end(struct css_task_iter *it) + + static void cgroup_procs_release(struct kernfs_open_file *of) + { +- if (of->priv) { +- css_task_iter_end(of->priv); +- kfree(of->priv); ++ struct cgroup_file_ctx *ctx = of->priv; ++ ++ if (ctx->procs.it) { ++ css_task_iter_end(ctx->procs.it); ++ kfree(ctx->procs.it); + } + } + + static void *cgroup_procs_next(struct seq_file *s, void *v, loff_t *pos) + { + struct kernfs_open_file *of = s->private; +- struct css_task_iter *it = of->priv; ++ struct cgroup_file_ctx *ctx = of->priv; + + if (pos) + (*pos)++; + +- return css_task_iter_next(it); ++ return css_task_iter_next(ctx->procs.it); + } + + static void *__cgroup_procs_start(struct seq_file *s, loff_t *pos, +@@ -4773,7 +4793,8 @@ static void *__cgroup_procs_start(struct seq_file *s, loff_t *pos, + { + struct kernfs_open_file *of = s->private; + struct cgroup *cgrp = seq_css(s)->cgroup; +- struct css_task_iter *it = of->priv; ++ struct cgroup_file_ctx *ctx = of->priv; ++ struct css_task_iter *it = ctx->procs.it; + + /* + * When a seq_file is seeked, it's always traversed sequentially +@@ -4786,7 +4807,7 @@ static void *__cgroup_procs_start(struct seq_file *s, loff_t *pos, + it = kzalloc(sizeof(*it), GFP_KERNEL); + if (!it) + return ERR_PTR(-ENOMEM); +- of->priv = it; ++ ctx->procs.it = it; + css_task_iter_start(&cgrp->self, iter_flags, it); + } else if (!(*pos)) { + css_task_iter_end(it); +-- +2.34.1 + + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-003.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-003.patch new file mode 100644 index 000000000..424b43e8d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-4197-003.patch @@ -0,0 +1,215 @@ +From mboxrd@z Thu Jan 1 00:00:00 1970 +Return-Path: <linux-kernel-owner@kernel.org> +X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on + aws-us-west-2-korg-lkml-1.web.codeaurora.org +Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) + by smtp.lore.kernel.org (Postfix) with ESMTP id 5D6FEC433EF + for <linux-kernel@archiver.kernel.org>; Thu, 9 Dec 2021 21:47:30 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S232858AbhLIVvA (ORCPT <rfc822;linux-kernel@archiver.kernel.org>); + Thu, 9 Dec 2021 16:51:00 -0500 +Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54424 "EHLO + lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org + with ESMTP id S232209AbhLIVux (ORCPT + <rfc822;linux-kernel@vger.kernel.org>); + Thu, 9 Dec 2021 16:50:53 -0500 +Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) + by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3DD9C061746 + for <linux-kernel@vger.kernel.org>; Thu, 9 Dec 2021 13:47:19 -0800 (PST) +Received: by mail-pf1-x42a.google.com with SMTP id 8so6655245pfo.4 + for <linux-kernel@vger.kernel.org>; Thu, 09 Dec 2021 13:47:19 -0800 (PST) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=gmail.com; s=20210112; + h=sender:from:to:cc:subject:date:message-id:in-reply-to:references + :mime-version:content-transfer-encoding; + bh=ceDq7F+M2EGXPTD9tNvmIZrgG0K6W+WW/I/LWWjhs78=; + b=WHvq8+W2CMnCUcsgl0Pvwlcttyl4c03Dv8EUkb4wDsrDWJAa51hDRypQXI7JGRyTKg + IMgPu45MPjyqitqII6ACZPy4bz3uYsK14VlZgDC1XLlraCyXsbxaJIpQYFFmIrOpx088 + aqNw04d8ncgifEYbJXkgpy4O9NROAkqIG9unUF1OvDr3NZiLISlBeO7hW5Pt+GoHgpdp + Yh1jWCKjaVI7C4MR6xVuEayXP7KYV+I+iQvKZeu5vHHfLxJlcviXUHTQt+YcdP5iTYZF + 82UC2BqisfXYZBK0iSUtI+DwkBztN252y+m0k8yhvvku38Gs6zvH6qNifOzXT4GQg0c9 + X3og== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20210112; + h=x-gm-message-state:sender:from:to:cc:subject:date:message-id + :in-reply-to:references:mime-version:content-transfer-encoding; + bh=ceDq7F+M2EGXPTD9tNvmIZrgG0K6W+WW/I/LWWjhs78=; + b=LYEcq9Y7kBVgUrlYRr1olI0fjQ9Kdr/lCTG//q/ZpIxjw1bwQ384WonyRCpqupfoQg + rPT2ommx9bb5lsIGGUvsnD2F0dxVBfJOb0D5TBd8YVnmzfwtsnhIOMwvXFBA9uExcfnC + Ufyy7i0USVBAwBizTiVo1+f4ZyV/z8Up7y/8Ym0Rn26TtjDLg37rwHlZP9BG1Eko+Cc+ + XMvyjTDmxR3RHgVkd3ImE5V4BITtmrd9UYEoc53Jh98pCO8esKUG/pxYLA8TczaMIZhX + cdJ+r5Kt2NhTUfJfY5gDa/Q/L5IpH1598MP3qS3JElZVhih6JWuHbupg07GQAYb8Xg6m + sCDQ== +X-Gm-Message-State: AOAM531Qjg/ui9GkWGbTS4yOpaOES1MCUOCp5fqU2CfYFKOcksNAp0LR + vZZhIGBJSDiCxYKqbwo9MtdoLw4eHbs= +X-Google-Smtp-Source: ABdhPJzWk+vi1e4wW7FZgqRviTv2hPqDTvU4iydpc8M8DrZ4RigY81P1ATgqKdyl3z0qYs9FlfOkLA== +X-Received: by 2002:a62:dd54:0:b0:4a2:93f7:c20a with SMTP id w81-20020a62dd54000000b004a293f7c20amr13508057pff.46.1639086439084; + Thu, 09 Dec 2021 13:47:19 -0800 (PST) +Received: from localhost (2603-800c-1a02-1bae-e24f-43ff-fee6-449f.res6.spectrum.com. [2603:800c:1a02:1bae:e24f:43ff:fee6:449f]) + by smtp.gmail.com with ESMTPSA id o134sm605138pfg.1.2021.12.09.13.47.18 + (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); + Thu, 09 Dec 2021 13:47:18 -0800 (PST) +Sender: Tejun Heo <htejun@gmail.com> +From: Tejun Heo <tj@kernel.org> +To: torvalds@linuxfoundation.org, ebiederm@xmission.com, + mkoutny@suse.com, axboe@kernel.dk, keescook@chromium.org, + oleg@redhat.com, peterz@infradead.org, tglx@linutronix.de, + jnewsome@torproject.org, legion@kernel.org, luto@amacapital.net, + jannh@google.com +Cc: linux-kernel@vger.kernel.org, security@kernel.org, + kernel-team@fb.com, Tejun Heo <tj@kernel.org> +Subject: [PATCH 3/6] cgroup: Use open-time cgroup namespace for process migration perm checks +Date: Thu, 9 Dec 2021 11:47:04 -1000 +Message-Id: <20211209214707.805617-4-tj@kernel.org> +X-Mailer: git-send-email 2.34.1 +In-Reply-To: <20211209214707.805617-1-tj@kernel.org> +References: <20211209214707.805617-1-tj@kernel.org> +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Precedence: bulk +List-ID: <linux-kernel.vger.kernel.org> +X-Mailing-List: linux-kernel@vger.kernel.org + +cgroup process migration permission checks are performed at write time as +whether a given operation is allowed or not is dependent on the content of +the write - the PID. This currently uses current's cgroup namespace which is +a potential security weakness as it may allow scenarios where a less +privileged process tricks a more privileged one into writing into a fd that +it created. + +This patch makes cgroup remember the cgroup namespace at the time of open +and uses it for migration permission checks instad of current's. Note that +this only applies to cgroup2 as cgroup1 doesn't have namespace support. + +Signed-off-by: Tejun Heo <tj@kernel.org> +Reported-by: "Eric W. Biederman" <ebiederm@xmission.com> +Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> +Cc: Michal Koutný <mkoutny@suse.com> +--- + kernel/cgroup/cgroup-internal.h | 2 ++ + kernel/cgroup/cgroup.c | 28 +++++++++++++++++++--------- + 2 files changed, 21 insertions(+), 9 deletions(-) + +diff --git a/kernel/cgroup/cgroup-internal.h b/kernel/cgroup/cgroup-internal.h +index 8f681f14828c..eb0585245b07 100644 +--- a/kernel/cgroup/cgroup-internal.h ++++ b/kernel/cgroup/cgroup-internal.h +@@ -66,6 +66,8 @@ static inline struct cgroup_fs_context *cgroup_fc2context(struct fs_context *fc) + } + + struct cgroup_file_ctx { ++ struct cgroup_namespace *ns; ++ + union { + struct { + struct css_task_iter *it; +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 2992eb7e8244..a3292558e96c 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -3822,14 +3822,19 @@ static int cgroup_file_open(struct kernfs_open_file *of) + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) + return -ENOMEM; ++ ++ ctx->ns = current->nsproxy->cgroup_ns; ++ get_cgroup_ns(ctx->ns); + of->priv = ctx; + + if (!cft->open) + return 0; + + ret = cft->open(of); +- if (ret) ++ if (ret) { ++ put_cgroup_ns(ctx->ns); + kfree(ctx); ++ } + return ret; + } + +@@ -3840,13 +3845,14 @@ static void cgroup_file_release(struct kernfs_open_file *of) + + if (cft->release) + cft->release(of); ++ put_cgroup_ns(ctx->ns); + kfree(ctx); + } + + static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf, + size_t nbytes, loff_t off) + { +- struct cgroup_namespace *ns = current->nsproxy->cgroup_ns; ++ struct cgroup_file_ctx *ctx = of->priv; + struct cgroup *cgrp = of->kn->parent->priv; + struct cftype *cft = of_cft(of); + struct cgroup_subsys_state *css; +@@ -3863,7 +3869,7 @@ static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf, + */ + if ((cgrp->root->flags & CGRP_ROOT_NS_DELEGATE) && + !(cft->flags & CFTYPE_NS_DELEGATABLE) && +- ns != &init_cgroup_ns && ns->root_cset->dfl_cgrp == cgrp) ++ ctx->ns != &init_cgroup_ns && ctx->ns->root_cset->dfl_cgrp == cgrp) + return -EPERM; + + if (cft->write) +@@ -4859,9 +4865,9 @@ static int cgroup_may_write(const struct cgroup *cgrp, struct super_block *sb) + + static int cgroup_procs_write_permission(struct cgroup *src_cgrp, + struct cgroup *dst_cgrp, +- struct super_block *sb) ++ struct super_block *sb, ++ struct cgroup_namespace *ns) + { +- struct cgroup_namespace *ns = current->nsproxy->cgroup_ns; + struct cgroup *com_cgrp = src_cgrp; + int ret; + +@@ -4890,11 +4896,12 @@ static int cgroup_procs_write_permission(struct cgroup *src_cgrp, + + static int cgroup_attach_permissions(struct cgroup *src_cgrp, + struct cgroup *dst_cgrp, +- struct super_block *sb, bool threadgroup) ++ struct super_block *sb, bool threadgroup, ++ struct cgroup_namespace *ns) + { + int ret = 0; + +- ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb); ++ ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb, ns); + if (ret) + return ret; + +@@ -4911,6 +4918,7 @@ static int cgroup_attach_permissions(struct cgroup *src_cgrp, + static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, + bool threadgroup) + { ++ struct cgroup_file_ctx *ctx = of->priv; + struct cgroup *src_cgrp, *dst_cgrp; + struct task_struct *task; + const struct cred *saved_cred; +@@ -4938,7 +4946,8 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, + */ + saved_cred = override_creds(of->file->f_cred); + ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, +- of->file->f_path.dentry->d_sb, threadgroup); ++ of->file->f_path.dentry->d_sb, ++ threadgroup, ctx->ns); + revert_creds(saved_cred); + if (ret) + goto out_finish; +@@ -6158,7 +6167,8 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs) + goto err; + + ret = cgroup_attach_permissions(cset->dfl_cgrp, dst_cgrp, sb, +- !(kargs->flags & CLONE_THREAD)); ++ !(kargs->flags & CLONE_THREAD), ++ current->nsproxy->cgroup_ns); + if (ret) + goto err; + +-- +2.34.1 + + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-44733.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-44733.patch new file mode 100644 index 000000000..a4f8b4d26 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-44733.patch @@ -0,0 +1,339 @@ +From 492eb7afe858d60408b2da09adc78540c4d16543 Mon Sep 17 00:00:00 2001 +From: Jens Wiklander <jens.wiklander@linaro.org> +Date: Thu, 9 Dec 2021 15:59:37 +0100 +Subject: [PATCH] tee: handle lookup of shm with reference count 0 + +commit dfd0743f1d9ea76931510ed150334d571fbab49d upstream. + +Since the tee subsystem does not keep a strong reference to its idle +shared memory buffers, it races with other threads that try to destroy a +shared memory through a close of its dma-buf fd or by unmapping the +memory. + +In tee_shm_get_from_id() when a lookup in teedev->idr has been +successful, it is possible that the tee_shm is in the dma-buf teardown +path, but that path is blocked by the teedev mutex. Since we don't have +an API to tell if the tee_shm is in the dma-buf teardown path or not we +must find another way of detecting this condition. + +Fix this by doing the reference counting directly on the tee_shm using a +new refcount_t refcount field. dma-buf is replaced by using +anon_inode_getfd() instead, this separates the life-cycle of the +underlying file from the tee_shm. tee_shm_put() is updated to hold the +mutex when decreasing the refcount to 0 and then remove the tee_shm from +teedev->idr before releasing the mutex. This means that the tee_shm can +never be found unless it has a refcount larger than 0. + +Fixes: 967c9cca2cc5 ("tee: generic TEE subsystem") +Cc: stable@vger.kernel.org +Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Reviewed-by: Lars Persson <larper@axis.com> +Reviewed-by: Sumit Garg <sumit.garg@linaro.org> +Reported-by: Patrik Lantz <patrik.lantz@axis.com> +Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/tee/tee_shm.c | 171 ++++++++++++++++------------------------ + include/linux/tee_drv.h | 4 +- + 2 files changed, 68 insertions(+), 107 deletions(-) + +diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c +index 8a9384a64f3e29..499fccba3d74bd 100644 +--- a/drivers/tee/tee_shm.c ++++ b/drivers/tee/tee_shm.c +@@ -1,11 +1,11 @@ + // SPDX-License-Identifier: GPL-2.0-only + /* +- * Copyright (c) 2015-2016, Linaro Limited ++ * Copyright (c) 2015-2017, 2019-2021 Linaro Limited + */ ++#include <linux/anon_inodes.h> + #include <linux/device.h> +-#include <linux/dma-buf.h> +-#include <linux/fdtable.h> + #include <linux/idr.h> ++#include <linux/mm.h> + #include <linux/sched.h> + #include <linux/slab.h> + #include <linux/tee_drv.h> +@@ -28,16 +28,8 @@ static void release_registered_pages(struct tee_shm *shm) + } + } + +-static void tee_shm_release(struct tee_shm *shm) ++static void tee_shm_release(struct tee_device *teedev, struct tee_shm *shm) + { +- struct tee_device *teedev = shm->ctx->teedev; +- +- if (shm->flags & TEE_SHM_DMA_BUF) { +- mutex_lock(&teedev->mutex); +- idr_remove(&teedev->idr, shm->id); +- mutex_unlock(&teedev->mutex); +- } +- + if (shm->flags & TEE_SHM_POOL) { + struct tee_shm_pool_mgr *poolm; + +@@ -64,45 +56,6 @@ static void tee_shm_release(struct tee_shm *shm) + tee_device_put(teedev); + } + +-static struct sg_table *tee_shm_op_map_dma_buf(struct dma_buf_attachment +- *attach, enum dma_data_direction dir) +-{ +- return NULL; +-} +- +-static void tee_shm_op_unmap_dma_buf(struct dma_buf_attachment *attach, +- struct sg_table *table, +- enum dma_data_direction dir) +-{ +-} +- +-static void tee_shm_op_release(struct dma_buf *dmabuf) +-{ +- struct tee_shm *shm = dmabuf->priv; +- +- tee_shm_release(shm); +-} +- +-static int tee_shm_op_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) +-{ +- struct tee_shm *shm = dmabuf->priv; +- size_t size = vma->vm_end - vma->vm_start; +- +- /* Refuse sharing shared memory provided by application */ +- if (shm->flags & TEE_SHM_USER_MAPPED) +- return -EINVAL; +- +- return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT, +- size, vma->vm_page_prot); +-} +- +-static const struct dma_buf_ops tee_shm_dma_buf_ops = { +- .map_dma_buf = tee_shm_op_map_dma_buf, +- .unmap_dma_buf = tee_shm_op_unmap_dma_buf, +- .release = tee_shm_op_release, +- .mmap = tee_shm_op_mmap, +-}; +- + struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) + { + struct tee_device *teedev = ctx->teedev; +@@ -137,6 +90,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) + goto err_dev_put; + } + ++ refcount_set(&shm->refcount, 1); + shm->flags = flags | TEE_SHM_POOL; + shm->ctx = ctx; + if (flags & TEE_SHM_DMA_BUF) +@@ -150,10 +104,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) + goto err_kfree; + } + +- + if (flags & TEE_SHM_DMA_BUF) { +- DEFINE_DMA_BUF_EXPORT_INFO(exp_info); +- + mutex_lock(&teedev->mutex); + shm->id = idr_alloc(&teedev->idr, shm, 1, 0, GFP_KERNEL); + mutex_unlock(&teedev->mutex); +@@ -161,28 +112,11 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags) + ret = ERR_PTR(shm->id); + goto err_pool_free; + } +- +- exp_info.ops = &tee_shm_dma_buf_ops; +- exp_info.size = shm->size; +- exp_info.flags = O_RDWR; +- exp_info.priv = shm; +- +- shm->dmabuf = dma_buf_export(&exp_info); +- if (IS_ERR(shm->dmabuf)) { +- ret = ERR_CAST(shm->dmabuf); +- goto err_rem; +- } + } + + teedev_ctx_get(ctx); + + return shm; +-err_rem: +- if (flags & TEE_SHM_DMA_BUF) { +- mutex_lock(&teedev->mutex); +- idr_remove(&teedev->idr, shm->id); +- mutex_unlock(&teedev->mutex); +- } + err_pool_free: + poolm->ops->free(poolm, shm); + err_kfree: +@@ -243,6 +177,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, + goto err; + } + ++ refcount_set(&shm->refcount, 1); + shm->flags = flags | TEE_SHM_REGISTER; + shm->ctx = ctx; + shm->id = -1; +@@ -303,22 +238,6 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, + goto err; + } + +- if (flags & TEE_SHM_DMA_BUF) { +- DEFINE_DMA_BUF_EXPORT_INFO(exp_info); +- +- exp_info.ops = &tee_shm_dma_buf_ops; +- exp_info.size = shm->size; +- exp_info.flags = O_RDWR; +- exp_info.priv = shm; +- +- shm->dmabuf = dma_buf_export(&exp_info); +- if (IS_ERR(shm->dmabuf)) { +- ret = ERR_CAST(shm->dmabuf); +- teedev->desc->ops->shm_unregister(ctx, shm); +- goto err; +- } +- } +- + return shm; + err: + if (shm) { +@@ -336,6 +255,35 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, + } + EXPORT_SYMBOL_GPL(tee_shm_register); + ++static int tee_shm_fop_release(struct inode *inode, struct file *filp) ++{ ++ tee_shm_put(filp->private_data); ++ return 0; ++} ++ ++static int tee_shm_fop_mmap(struct file *filp, struct vm_area_struct *vma) ++{ ++ struct tee_shm *shm = filp->private_data; ++ size_t size = vma->vm_end - vma->vm_start; ++ ++ /* Refuse sharing shared memory provided by application */ ++ if (shm->flags & TEE_SHM_USER_MAPPED) ++ return -EINVAL; ++ ++ /* check for overflowing the buffer's size */ ++ if (vma->vm_pgoff + vma_pages(vma) > shm->size >> PAGE_SHIFT) ++ return -EINVAL; ++ ++ return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT, ++ size, vma->vm_page_prot); ++} ++ ++static const struct file_operations tee_shm_fops = { ++ .owner = THIS_MODULE, ++ .release = tee_shm_fop_release, ++ .mmap = tee_shm_fop_mmap, ++}; ++ + /** + * tee_shm_get_fd() - Increase reference count and return file descriptor + * @shm: Shared memory handle +@@ -348,10 +296,11 @@ int tee_shm_get_fd(struct tee_shm *shm) + if (!(shm->flags & TEE_SHM_DMA_BUF)) + return -EINVAL; + +- get_dma_buf(shm->dmabuf); +- fd = dma_buf_fd(shm->dmabuf, O_CLOEXEC); ++ /* matched by tee_shm_put() in tee_shm_op_release() */ ++ refcount_inc(&shm->refcount); ++ fd = anon_inode_getfd("tee_shm", &tee_shm_fops, shm, O_RDWR); + if (fd < 0) +- dma_buf_put(shm->dmabuf); ++ tee_shm_put(shm); + return fd; + } + +@@ -361,17 +310,7 @@ int tee_shm_get_fd(struct tee_shm *shm) + */ + void tee_shm_free(struct tee_shm *shm) + { +- /* +- * dma_buf_put() decreases the dmabuf reference counter and will +- * call tee_shm_release() when the last reference is gone. +- * +- * In the case of driver private memory we call tee_shm_release +- * directly instead as it doesn't have a reference counter. +- */ +- if (shm->flags & TEE_SHM_DMA_BUF) +- dma_buf_put(shm->dmabuf); +- else +- tee_shm_release(shm); ++ tee_shm_put(shm); + } + EXPORT_SYMBOL_GPL(tee_shm_free); + +@@ -478,10 +417,15 @@ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id) + teedev = ctx->teedev; + mutex_lock(&teedev->mutex); + shm = idr_find(&teedev->idr, id); ++ /* ++ * If the tee_shm was found in the IDR it must have a refcount ++ * larger than 0 due to the guarantee in tee_shm_put() below. So ++ * it's safe to use refcount_inc(). ++ */ + if (!shm || shm->ctx != ctx) + shm = ERR_PTR(-EINVAL); +- else if (shm->flags & TEE_SHM_DMA_BUF) +- get_dma_buf(shm->dmabuf); ++ else ++ refcount_inc(&shm->refcount); + mutex_unlock(&teedev->mutex); + return shm; + } +@@ -493,7 +437,24 @@ EXPORT_SYMBOL_GPL(tee_shm_get_from_id); + */ + void tee_shm_put(struct tee_shm *shm) + { +- if (shm->flags & TEE_SHM_DMA_BUF) +- dma_buf_put(shm->dmabuf); ++ struct tee_device *teedev = shm->ctx->teedev; ++ bool do_release = false; ++ ++ mutex_lock(&teedev->mutex); ++ if (refcount_dec_and_test(&shm->refcount)) { ++ /* ++ * refcount has reached 0, we must now remove it from the ++ * IDR before releasing the mutex. This will guarantee that ++ * the refcount_inc() in tee_shm_get_from_id() never starts ++ * from 0. ++ */ ++ if (shm->flags & TEE_SHM_DMA_BUF) ++ idr_remove(&teedev->idr, shm->id); ++ do_release = true; ++ } ++ mutex_unlock(&teedev->mutex); ++ ++ if (do_release) ++ tee_shm_release(teedev, shm); + } + EXPORT_SYMBOL_GPL(tee_shm_put); +diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h +index 3ebfea0781f100..feda1dc7f98ee7 100644 +--- a/include/linux/tee_drv.h ++++ b/include/linux/tee_drv.h +@@ -195,7 +195,7 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, + * @offset: offset of buffer in user space + * @pages: locked pages from userspace + * @num_pages: number of locked pages +- * @dmabuf: dmabuf used to for exporting to user space ++ * @refcount: reference counter + * @flags: defined by TEE_SHM_* in tee_drv.h + * @id: unique id of a shared memory object on this device + * +@@ -210,7 +210,7 @@ struct tee_shm { + unsigned int offset; + struct page **pages; + size_t num_pages; +- struct dma_buf *dmabuf; ++ refcount_t refcount; + u32 flags; + int id; + }; + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0185.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0185.patch new file mode 100644 index 000000000..876c87dc6 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0185.patch @@ -0,0 +1,38 @@ +From 722d94847de29310e8aa03fcbdb41fc92c521756 Mon Sep 17 00:00:00 2001 +From: Jamie Hill-Daniel <jamie@hill-daniel.co.uk> +Date: Tue, 18 Jan 2022 08:06:04 +0100 +Subject: vfs: fs_context: fix up param length parsing in legacy_parse_param + +The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an +unsigned type so a large value of "size" results in a high positive +value instead of a negative value as expected. Fix this by getting rid +of the subtraction. + +Signed-off-by: Jamie Hill-Daniel <jamie@hill-daniel.co.uk> +Signed-off-by: William Liu <willsroot@protonmail.com> +Tested-by: Salvatore Bonaccorso <carnil@debian.org> +Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Acked-by: Dan Carpenter <dan.carpenter@oracle.com> +Acked-by: Al Viro <viro@zeniv.linux.org.uk> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +--- + fs/fs_context.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/fs_context.c b/fs/fs_context.c +index b7e43a780a625..24ce12f0db32e 100644 +--- a/fs/fs_context.c ++++ b/fs/fs_context.c +@@ -548,7 +548,7 @@ static int legacy_parse_param(struct fs_context *fc, struct fs_parameter *param) + param->key); + } + +- if (len > PAGE_SIZE - 2 - size) ++ if (size + len + 2 > PAGE_SIZE) + return invalf(fc, "VFS: Legacy: Cumulative options too large"); + if (strchr(param->key, ',') || + (param->type == fs_value_is_string && +-- +cgit 1.2.3-1.el7 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0492.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0492.patch new file mode 100644 index 000000000..409689e4b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0492.patch @@ -0,0 +1,54 @@ +From 24f6008564183aa120d07c03d9289519c2fe02af Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Thu, 20 Jan 2022 11:04:01 -0600 +Subject: cgroup-v1: Require capabilities to set release_agent + +The cgroup release_agent is called with call_usermodehelper. The function +call_usermodehelper starts the release_agent with a full set fo capabilities. +Therefore require capabilities when setting the release_agaent. + +Reported-by: Tabitha Sable <tabitha.c.sable@gmail.com> +Tested-by: Tabitha Sable <tabitha.c.sable@gmail.com> +Fixes: 81a6a5cdd2c5 ("Task Control Groups: automatic userspace notification of idle cgroups") +Cc: stable@vger.kernel.org # v2.6.24+ +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +Signed-off-by: Tejun Heo <tj@kernel.org> +--- + kernel/cgroup/cgroup-v1.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c +index 41e0837a5a0bd..0e877dbcfeea9 100644 +--- a/kernel/cgroup/cgroup-v1.c ++++ b/kernel/cgroup/cgroup-v1.c +@@ -549,6 +549,14 @@ static ssize_t cgroup_release_agent_write(struct kernfs_open_file *of, + + BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX); + ++ /* ++ * Release agent gets called with all capabilities, ++ * require capabilities to set release agent. ++ */ ++ if ((of->file->f_cred->user_ns != &init_user_ns) || ++ !capable(CAP_SYS_ADMIN)) ++ return -EPERM; ++ + cgrp = cgroup_kn_lock_live(of->kn, false); + if (!cgrp) + return -ENODEV; +@@ -954,6 +962,12 @@ int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) + /* Specifying two release agents is forbidden */ + if (ctx->release_agent) + return invalfc(fc, "release_agent respecified"); ++ /* ++ * Release agent gets called with all capabilities, ++ * require capabilities to set release agent. ++ */ ++ if ((fc->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN)) ++ return invalfc(fc, "Setting release_agent not allowed"); + ctx->release_agent = param->string; + param->string = NULL; + break; +-- +cgit 1.2.3-1.el7 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0742.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0742.patch new file mode 100644 index 000000000..ada9c57b1 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-0742.patch @@ -0,0 +1,115 @@ +From 2d3916f3189172d5c69d33065c3c21119fe539fc Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <edumazet@google.com> +Date: Thu, 3 Mar 2022 09:37:28 -0800 +Subject: ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() + +While investigating on why a synchronize_net() has been added recently +in ipv6_mc_down(), I found that igmp6_event_query() and igmp6_event_report() +might drop skbs in some cases. + +Discussion about removing synchronize_net() from ipv6_mc_down() +will happen in a different thread. + +Fixes: f185de28d9ae ("mld: add new workqueues for process mld events") +Signed-off-by: Eric Dumazet <edumazet@google.com> +Cc: Taehee Yoo <ap420073@gmail.com> +Cc: Cong Wang <xiyou.wangcong@gmail.com> +Cc: David Ahern <dsahern@kernel.org> +Link: https://lore.kernel.org/r/20220303173728.937869-1-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski <kuba@kernel.org> +--- + include/net/ndisc.h | 4 ++-- + net/ipv6/mcast.c | 32 ++++++++++++-------------------- + 2 files changed, 14 insertions(+), 22 deletions(-) + +diff --git a/include/net/ndisc.h b/include/net/ndisc.h +index 53cb8de0e589c..47ffb360ddfac 100644 +--- a/include/net/ndisc.h ++++ b/include/net/ndisc.h +@@ -475,9 +475,9 @@ int igmp6_late_init(void); + void igmp6_cleanup(void); + void igmp6_late_cleanup(void); + +-int igmp6_event_query(struct sk_buff *skb); ++void igmp6_event_query(struct sk_buff *skb); + +-int igmp6_event_report(struct sk_buff *skb); ++void igmp6_event_report(struct sk_buff *skb); + + + #ifdef CONFIG_SYSCTL +diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c +index a8861db52c187..909f937befd71 100644 +--- a/net/ipv6/mcast.c ++++ b/net/ipv6/mcast.c +@@ -1371,27 +1371,23 @@ static void mld_process_v2(struct inet6_dev *idev, struct mld2_query *mld, + } + + /* called with rcu_read_lock() */ +-int igmp6_event_query(struct sk_buff *skb) ++void igmp6_event_query(struct sk_buff *skb) + { + struct inet6_dev *idev = __in6_dev_get(skb->dev); + +- if (!idev) +- return -EINVAL; +- +- if (idev->dead) { +- kfree_skb(skb); +- return -ENODEV; +- } ++ if (!idev || idev->dead) ++ goto out; + + spin_lock_bh(&idev->mc_query_lock); + if (skb_queue_len(&idev->mc_query_queue) < MLD_MAX_SKBS) { + __skb_queue_tail(&idev->mc_query_queue, skb); + if (!mod_delayed_work(mld_wq, &idev->mc_query_work, 0)) + in6_dev_hold(idev); ++ skb = NULL; + } + spin_unlock_bh(&idev->mc_query_lock); +- +- return 0; ++out: ++ kfree_skb(skb); + } + + static void __mld_query_work(struct sk_buff *skb) +@@ -1542,27 +1538,23 @@ static void mld_query_work(struct work_struct *work) + } + + /* called with rcu_read_lock() */ +-int igmp6_event_report(struct sk_buff *skb) ++void igmp6_event_report(struct sk_buff *skb) + { + struct inet6_dev *idev = __in6_dev_get(skb->dev); + +- if (!idev) +- return -EINVAL; +- +- if (idev->dead) { +- kfree_skb(skb); +- return -ENODEV; +- } ++ if (!idev || idev->dead) ++ goto out; + + spin_lock_bh(&idev->mc_report_lock); + if (skb_queue_len(&idev->mc_report_queue) < MLD_MAX_SKBS) { + __skb_queue_tail(&idev->mc_report_queue, skb); + if (!mod_delayed_work(mld_wq, &idev->mc_report_work, 0)) + in6_dev_hold(idev); ++ skb = NULL; + } + spin_unlock_bh(&idev->mc_report_lock); +- +- return 0; ++out: ++ kfree_skb(skb); + } + + static void __mld_report_work(struct sk_buff *skb) +-- +cgit 1.2.3-1.el7 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-24122.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-24122.patch new file mode 100644 index 000000000..42fbba9ac --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-24122.patch @@ -0,0 +1,57 @@ +From f9d87929d451d3e649699d0f1d74f71f77ad38f5 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Mon, 24 Jan 2022 12:46:50 -0600 +Subject: ucount: Make get_ucount a safe get_user replacement + +When the ucount code was refactored to create get_ucount it was missed +that some of the contexts in which a rlimit is kept elevated can be +the only reference to the user/ucount in the system. + +Ordinary ucount references exist in places that also have a reference +to the user namspace, but in POSIX message queues, the SysV shm code, +and the SIGPENDING code there is no independent user namespace +reference. + +Inspection of the the user_namespace show no instance of circular +references between struct ucounts and the user_namespace. So +hold a reference from struct ucount to i's user_namespace to +resolve this problem. + +Link: https://lore.kernel.org/lkml/YZV7Z+yXbsx9p3JN@fixkernel.com/ +Reported-by: Qian Cai <quic_qiancai@quicinc.com> +Reported-by: Mathias Krause <minipli@grsecurity.net> +Tested-by: Mathias Krause <minipli@grsecurity.net> +Reviewed-by: Mathias Krause <minipli@grsecurity.net> +Reviewed-by: Alexey Gladkov <legion@kernel.org> +Fixes: d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") +Fixes: 6e52a9f0532f ("Reimplement RLIMIT_MSGQUEUE on top of ucounts") +Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts") +Cc: stable@vger.kernel.org +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +--- + kernel/ucount.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/kernel/ucount.c b/kernel/ucount.c +index 7b32c356ebc5c..65b597431c861 100644 +--- a/kernel/ucount.c ++++ b/kernel/ucount.c +@@ -190,6 +190,7 @@ struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid) + kfree(new); + } else { + hlist_add_head(&new->node, hashent); ++ get_user_ns(new->ns); + spin_unlock_irq(&ucounts_lock); + return new; + } +@@ -210,6 +211,7 @@ void put_ucounts(struct ucounts *ucounts) + if (atomic_dec_and_lock_irqsave(&ucounts->count, &ucounts_lock, flags)) { + hlist_del_init(&ucounts->node); + spin_unlock_irqrestore(&ucounts_lock, flags); ++ put_user_ns(ucounts->ns); + kfree(ucounts); + } + } +-- +cgit 1.2.3-1.el7 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch new file mode 100644 index 000000000..89f62c3fc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch @@ -0,0 +1,29 @@ +From 75e5b4849b81e19e9efe1654b30d7f3151c33c2c Mon Sep 17 00:00:00 2001 +From: Szymon Heidrich <szymon.heidrich@gmail.com> +Date: Mon, 24 Jan 2022 12:14:00 +0100 +Subject: [PATCH] USB: gadget: validate interface OS descriptor requests + +Stall the control endpoint in case provided index exceeds array size of +MAX_CONFIG_INTERFACES or when the retrieved function pointer is null. + +Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com> +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/usb/gadget/composite.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c +index 16f9e3423c9faa..9315313108c9d5 100644 +--- a/drivers/usb/gadget/composite.c ++++ b/drivers/usb/gadget/composite.c +@@ -1988,6 +1988,9 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) + if (w_index != 0x5 || (w_value >> 8)) + break; + interface = w_value & 0xFF; ++ if (interface >= MAX_CONFIG_INTERFACES || ++ !os_desc_cfg->interface[interface]) ++ break; + buf[6] = w_index; + count = count_ext_prop(os_desc_cfg, + interface); diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-29582.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-29582.patch new file mode 100644 index 000000000..e0fac6ec5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-29582.patch @@ -0,0 +1,53 @@ +From e677edbcabee849bfdd43f1602bccbecf736a646 Mon Sep 17 00:00:00 2001 +From: Jens Axboe <axboe@kernel.dk> +Date: Fri, 8 Apr 2022 11:08:58 -0600 +Subject: [PATCH] io_uring: fix race between timeout flush and removal + +io_flush_timeouts() assumes the timeout isn't in progress of triggering +or being removed/canceled, so it unconditionally removes it from the +timeout list and attempts to cancel it. + +Leave it on the list and let the normal timeout cancelation take care +of it. + +Cc: stable@vger.kernel.org # 5.5+ +Signed-off-by: Jens Axboe <axboe@kernel.dk> +--- + fs/io_uring.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index fafd1ca4780b6..659f8ecba5b79 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -1736,12 +1736,11 @@ static __cold void io_flush_timeouts(struct io_ring_ctx *ctx) + __must_hold(&ctx->completion_lock) + { + u32 seq = ctx->cached_cq_tail - atomic_read(&ctx->cq_timeouts); ++ struct io_kiocb *req, *tmp; + + spin_lock_irq(&ctx->timeout_lock); +- while (!list_empty(&ctx->timeout_list)) { ++ list_for_each_entry_safe(req, tmp, &ctx->timeout_list, timeout.list) { + u32 events_needed, events_got; +- struct io_kiocb *req = list_first_entry(&ctx->timeout_list, +- struct io_kiocb, timeout.list); + + if (io_is_timeout_noseq(req)) + break; +@@ -1758,7 +1757,6 @@ static __cold void io_flush_timeouts(struct io_ring_ctx *ctx) + if (events_got < events_needed) + break; + +- list_del_init(&req->timeout.list); + io_kill_timeout(req, 0); + } + ctx->cq_last_tm_flush = seq; +@@ -6628,6 +6626,7 @@ static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe, + if (data->ts.tv_sec < 0 || data->ts.tv_nsec < 0) + return -EINVAL; + ++ INIT_LIST_HEAD(&req->timeout.list); + data->mode = io_translate_timeout_mode(flags); + hrtimer_init(&data->timer, io_timeout_get_clock(data), data->mode); + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg index c33020874..6a8899c59 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg @@ -93,4 +93,5 @@ CONFIG_BPF_SYSCALL=n CONFIG_IPV6_SIT=n CONFIG_RTC_DRV_PCHC620=y CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
\ No newline at end of file +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_PANIC_TIMEOUT=0 diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend index 302338120..1ddfbd726 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend @@ -16,6 +16,19 @@ do_compile:prepend(){ SRC_URI += " \ file://intel.cfg \ file://0001-peci-aspeed-Improve-workaround-for-controller-hang.patch \ + file://0002-gpio-gpio-aspeed-sgpio-Fix-wrong-hwirq-base-in-irq-h.patch \ + file://0003-Add-mux-deselect-support-on-timeout.patch \ + file://CVE-2022-0185.patch \ + file://CVE-2021-22600.patch \ + file://CVE-2022-24122.patch \ + file://CVE-2022-0492.patch \ + file://CVE-2022-25258.patch \ + file://CVE-2022-0742.patch\ + file://CVE-2021-4197-001.patch \ + file://CVE-2021-4197-002.patch\ + file://CVE-2021-4197-003.patch\ + file://CVE-2021-44733.patch\ + file://CVE-2022-29582.patch\ " SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'file://1000-128MB-flashmap-for-PFR.patch', '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0001-fru-device-Add-MUX-channel-name-to-FRU-objects.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0001-fru-device-Add-MUX-channel-name-to-FRU-objects.patch index 5c301a7eb..865b1972a 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0001-fru-device-Add-MUX-channel-name-to-FRU-objects.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0001-fru-device-Add-MUX-channel-name-to-FRU-objects.patch @@ -171,7 +171,7 @@ index 1451830..2a5ff90 100644 } ], - "Name": "SOLUM CO IS162F22 PSU$ADDRESS % 4 + 1", -+ "Name": "$MUX SOLUM CO IS162F22 $ADDRESS % 4 + 1", ++ "Name": "$MUX SOLUM CO IS162F22 PSU$ADDRESS % 4 + 1", "Probe": "xyz.openbmc_project.FruDevice({'PRODUCT_PRODUCT_NAME': 'IS162F22*'})", "Type": "PowerSupply", "xyz.openbmc_project.Inventory.Decorator.Asset": { diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0004-Adding-MUX-and-Drives-present-in-HSBP-in-json-config.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0004-Adding-MUX-and-Drives-present-in-HSBP-in-json-config.patch index 4f6679dde..d686b3cff 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0004-Adding-MUX-and-Drives-present-in-HSBP-in-json-config.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0004-Adding-MUX-and-Drives-present-in-HSBP-in-json-config.patch @@ -37,7 +37,7 @@ index c6c7678..e2eedfa 100644 + "Drive_3", + "Drive_4" + ], -+ "Name": "Drive Mux 1", ++ "Name": "HSBP 1 Mux 1", + "Type": "PCA9546Mux" + }, + { @@ -49,7 +49,7 @@ index c6c7678..e2eedfa 100644 + "Drive_7", + "Drive_8" + ], -+ "Name": "Drive Mux 2", ++ "Name": "HSBP 1 Mux 2", + "Type": "PCA9546Mux" + }, { @@ -77,7 +77,7 @@ index c6c7678..e2eedfa 100644 + "Drive_11", + "Drive_12" + ], -+ "Name": "Drive Mux 3", ++ "Name": "HSBP 2 Mux 1", + "Type": "PCA9546Mux" + }, + { @@ -89,7 +89,7 @@ index c6c7678..e2eedfa 100644 + "Drive_15", + "Drive_16" + ], -+ "Name": "Drive Mux 4", ++ "Name": "HSBP 2 Mux 2", + "Type": "PCA9546Mux" + }, { @@ -117,7 +117,7 @@ index c6c7678..e2eedfa 100644 + "Drive_19", + "Drive_20" + ], -+ "Name": "Drive Mux 5", ++ "Name": "HSBP 3 Mux 1", + "Type": "PCA9546Mux" + }, + { @@ -129,7 +129,7 @@ index c6c7678..e2eedfa 100644 + "Drive_23", + "Drive_24" + ], -+ "Name": "Drive Mux 6", ++ "Name": "HSBP 3 Mux 2", + "Type": "PCA9546Mux" + }, { diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0006-Change-HSBP-FRU-address-and-add-MUX-mode-configurati.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0006-Change-HSBP-FRU-address-and-add-MUX-mode-configurati.patch index a3d065fd9..fad44623d 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0006-Change-HSBP-FRU-address-and-add-MUX-mode-configurati.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0006-Change-HSBP-FRU-address-and-add-MUX-mode-configurati.patch @@ -30,7 +30,7 @@ index e2eedfa..60e7817 100644 "Drive_4" ], + "MuxIdleMode": "Disconnect", - "Name": "Drive Mux 1", + "Name": "HSBP 1 Mux 1", "Type": "PCA9546Mux" }, @@ -28,6 +29,7 @@ @@ -38,7 +38,7 @@ index e2eedfa..60e7817 100644 "Drive_8" ], + "MuxIdleMode": "Disconnect", - "Name": "Drive Mux 2", + "Name": "HSBP 1 Mux 2", "Type": "PCA9546Mux" }, @@ -65,7 +67,7 @@ @@ -55,7 +55,7 @@ index e2eedfa..60e7817 100644 "Drive_12" ], + "MuxIdleMode": "Disconnect", - "Name": "Drive Mux 3", + "Name": "HSBP 2 Mux 1", "Type": "PCA9546Mux" }, @@ -103,6 +106,7 @@ @@ -63,7 +63,7 @@ index e2eedfa..60e7817 100644 "Drive_16" ], + "MuxIdleMode": "Disconnect", - "Name": "Drive Mux 4", + "Name": "HSBP 2 Mux 2", "Type": "PCA9546Mux" }, @@ -140,7 +144,7 @@ @@ -80,7 +80,7 @@ index e2eedfa..60e7817 100644 "Drive_20" ], + "MuxIdleMode": "Disconnect", - "Name": "Drive Mux 5", + "Name": "HSBP 3 Mux 1", "Type": "PCA9546Mux" }, @@ -178,6 +183,7 @@ @@ -88,7 +88,7 @@ index e2eedfa..60e7817 100644 "Drive_24" ], + "MuxIdleMode": "Disconnect", - "Name": "Drive Mux 6", + "Name": "HSBP 3 Mux 2", "Type": "PCA9546Mux" }, -- diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0032-Remove-chassis-from-the-odata-id-of-the-PSU.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0032-Remove-chassis-from-the-odata-id-of-the-PSU.patch new file mode 100644 index 000000000..9951a83c0 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0032-Remove-chassis-from-the-odata-id-of-the-PSU.patch @@ -0,0 +1,49 @@ +From dd4a6807841555ccc23aa2ac8b2c876101408563 Mon Sep 17 00:00:00 2001 +From: Anjaliintel-21 <anjali.ray@intel.com> +Date: Thu, 3 Mar 2022 19:42:05 +0000 +Subject: [PATCH] Remove chassis from the odata.id of the PSU + +As the Redfish validator was failing for the PSU because odata.id +of the PSU was showing a chassis device URI and the GET operation on +that URI was giving error. +So, to resolve this problem we removed chassis URI from the PSU's json +response. + +Tested: + +*** /redfish/v1/Managers/bmc#/Oem/OpenBmc/Fan/FanZones/PSU +No parent found with which to test @odata.id of ReferenceableMember +Type (#OemManager.FanZone), GET SUCCESS (time: 1.212592) +PASS +Elapsed time: 0:01:06 +Counter({'metadataNamespaces': 2335, 'pass': 2, 'passGet': 1, +'skipOptional': 1, 'warningPresent': 1, 'serviceNamespaces': 1}) +Validation has succeeded. + +Signed-off-by: Anjaliintel-21 <anjali.ray@intel.com> +--- + redfish-core/lib/managers.hpp | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/redfish-core/lib/managers.hpp b/redfish-core/lib/managers.hpp +index 7b0e14c..9ed87ef 100644 +--- a/redfish-core/lib/managers.hpp ++++ b/redfish-core/lib/managers.hpp +@@ -371,8 +371,12 @@ inline void + chassis = "#IllegalValue"; + } + nlohmann::json& zone = zones[name]; +- zone["Chassis"] = { +- {"@odata.id", "/redfish/v1/Chassis/" + chassis}}; ++ if (name != "PSU") ++ { ++ zone["Chassis"] = { ++ {"@odata.id", ++ "/redfish/v1/Chassis/" + chassis}}; ++ } + zone["@odata.id"] = + "/redfish/v1/Managers/bmc#/Oem/OpenBmc/Fan/FanZones/" + + name; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0033-Add-message-registry-entry-for-Memhot-event.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0033-Add-message-registry-entry-for-Memhot-event.patch new file mode 100644 index 000000000..ddf239e99 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0033-Add-message-registry-entry-for-Memhot-event.patch @@ -0,0 +1,80 @@ +From 31661f341a32e07967f5e3279b79771823275395 Mon Sep 17 00:00:00 2001 +From: Hardik Panchal <hardikx.panchal@intel.com> +Date: Thu, 24 Mar 2022 12:29:48 +0000 +Subject: [PATCH] Add message registry entry for Memhot event + +Add "ComponentOverTemperature" event message entry in RedFish for +Memhot monitor to log based on the MEMHOT pins. + +Tested: +1. Redfish validator - passed for this new addition +2. Verified in Redfish, ComponentOverTemperature event logged properly. +GET: +https:/<BMC-IP>/redfish/v1/Systems/system/LogServices/EventLog/Entries +{ + "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/ + Entries/1648143395", + "@odata.type": "#LogEntry.v1_8_0.LogEntry", + "Created": "2022-03-24T17:36:35+00:00", + "EntryType": "Event", + "Id": "1648143395", + "Message": "CPU 1 memory over temperature and being throttled.", + "MessageArgs": [ + "CPU 1 memory" + ], + "MessageId": "OpenBMC.0.1.ComponentOverTemperature", + "Name": "System Event Log Entry", + "Severity": "Critical" +} + +Signed-off-by: Hardik Panchal <hardikx.panchal@intel.com> +--- + .../registries/openbmc_message_registry.hpp | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/redfish-core/include/registries/openbmc_message_registry.hpp b/redfish-core/include/registries/openbmc_message_registry.hpp +index 0b409cf..a181080 100644 +--- a/redfish-core/include/registries/openbmc_message_registry.hpp ++++ b/redfish-core/include/registries/openbmc_message_registry.hpp +@@ -19,17 +19,17 @@ + namespace redfish::message_registries::openbmc + { + const Header header = { +- "Copyright 2018 OpenBMC. All rights reserved.", ++ "Copyright 2022 OpenBMC. All rights reserved.", + "#MessageRegistry.v1_4_0.MessageRegistry", +- "OpenBMC.0.3.0", ++ "OpenBMC.0.3.1", + "OpenBMC Message Registry", + "en", + "This registry defines the base messages for OpenBMC.", + "OpenBMC", +- "0.3.0", ++ "0.3.1", + "OpenBMC", + }; +-constexpr std::array<MessageEntry, 199> registry = { ++constexpr std::array<MessageEntry, 200> registry = { + MessageEntry{ + "ADDDCCorrectable", + { +@@ -340,6 +340,16 @@ constexpr std::array<MessageEntry, 199> registry = { + {}, + "None.", + }}, ++ MessageEntry{"ComponentOverTemperature", ++ { ++ "Indicates that the specified component is over temperature.", ++ "%1 over temperature and being throttled.", ++ "Critical", ++ "Critical", ++ 1, ++ {"string"}, ++ "None.", ++ }}, + MessageEntry{"CPLDFirmwarePanicReason", + { + "Indicates the reason for CPLD firmware panic.", +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0034-Update-odata.type-version-of-redfish-v1-AccountService.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0034-Update-odata.type-version-of-redfish-v1-AccountService.patch new file mode 100644 index 000000000..3269b5ca0 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0034-Update-odata.type-version-of-redfish-v1-AccountService.patch @@ -0,0 +1,47 @@ +From 9f159168ab5b1e0e73f4af8dd4536e77b440ad0b Mon Sep 17 00:00:00 2001 +From: Anjaliintel-21 <anjali.ray@intel.com> +Date: Mon, 28 Mar 2022 09:43:03 +0000 +Subject: [PATCH] Update odata.type version of /redfish/v1/AccountService/ + +Redfish validator was failing and throwing below error: +*** /redfish/v1/AccountService +AccountService.v1_10_0.ExternalAccountProvider:OAuth2Service : +Could not get details on this property (argument of type 'NoneType' is not iterable) +Type (#AccountService.v1_5_0.AccountService), GET SUCCESS (time: 1.283549) +complex @odata.id: Expected @odata.id to match URI link +/redfish/v1/AccountService#/Oem/OpenBMC +FAIL... + +As AccountService_v1.xml version was v1.10.0 and the odata.type was +"AccountService.v1_5_0.AccountService" which was mismatch. +So I updated odata.type to AccountService.v1_10_0.AccountService". + +Tested: + +*** /redfish/v1/AccountService + Type (#AccountService.v1_10_0.AccountService), GET SUCCESS (time: 1.286845) +complex @odata.id: Expected @odata.id to match URI link +/redfish/v1/AccountService#/Oem/OpenBMC + PASS + +Signed-off-by: Anjaliintel-21 <anjali.ray@intel.com> +--- + redfish-core/lib/account_service.hpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp +index 55ce6ae..b1950f7 100644 +--- a/redfish-core/lib/account_service.hpp ++++ b/redfish-core/lib/account_service.hpp +@@ -1280,7 +1280,7 @@ inline void requestAccountServiceRoutes(App& app) + asyncResp->res.jsonValue = { + {"@odata.id", "/redfish/v1/AccountService"}, + {"@odata.type", "#AccountService." +- "v1_5_0.AccountService"}, ++ "v1_10_0.AccountService"}, + {"Id", "AccountService"}, + {"Name", "Account Service"}, + {"Description", "Account Service"}, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0035-Add-MemoryMetrics-schema-file.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0035-Add-MemoryMetrics-schema-file.patch new file mode 100644 index 000000000..0097fd93a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0035-Add-MemoryMetrics-schema-file.patch @@ -0,0 +1,1048 @@ +From ac0154a247412c5891fb61a95fea15a5fd170053 Mon Sep 17 00:00:00 2001 +From: Anjaliintel-21 <anjali.ray@intel.com> +Date: Mon, 4 Apr 2022 20:54:29 +0000 +Subject: [PATCH] Add MemoryMetrics schema file + +As reference URI for MemoryMetrics was missing, +which was causing redfish validator to fail. +So, added reference URI for MemoryMetrics in the +index.xml file and also added "MemoryMetrics" in +update_schemas.py file. + +Tested: + +*** /redfish/v1/Systems/system/Memory/dimm0/MemoryMetrics +Type (#MemoryMetrics.v1_4_1.MemoryMetrics), GET SUCCESS (time: 1.315905) +PASS +Elapsed time: 0:03:35 +Counter({'metadataNamespaces': 2337, 'skipOptional': 9, 'pass': 2, 'passGet': 1, 'serviceNamespaces': 1}) +Validation has succeeded. + +Signed-off-by: Anjaliintel-21 <anjali.ray@intel.com> +--- + scripts/update_schemas.py | 1 + + static/redfish/v1/$metadata/index.xml | 28 ++ + .../MemoryMetrics/MemoryMetrics.json | 473 ++++++++++++++++++ + .../v1/JsonSchemas/MemoryMetrics/index.json | 21 + + static/redfish/v1/JsonSchemas/index.json | 5 +- + static/redfish/v1/schema/MemoryMetrics_v1.xml | 424 ++++++++++++++++ + 6 files changed, 951 insertions(+), 1 deletion(-) + create mode 100644 static/redfish/v1/JsonSchemas/MemoryMetrics/MemoryMetrics.json + create mode 100644 static/redfish/v1/JsonSchemas/MemoryMetrics/index.json + create mode 100644 static/redfish/v1/schema/MemoryMetrics_v1.xml + +diff --git a/scripts/update_schemas.py b/scripts/update_schemas.py +index 3f0f57c..a233291 100755 +--- a/scripts/update_schemas.py ++++ b/scripts/update_schemas.py +@@ -48,6 +48,7 @@ include_list = [ + 'ManagerNetworkProtocol', + 'Memory', + 'MemoryCollection', ++ 'MemoryMetrics', + 'Message', + 'MessageRegistry', + 'MessageRegistryCollection', +diff --git a/static/redfish/v1/$metadata/index.xml b/static/redfish/v1/$metadata/index.xml +index 9b080f3..d7b9e08 100644 +--- a/static/redfish/v1/$metadata/index.xml ++++ b/static/redfish/v1/$metadata/index.xml +@@ -1340,6 +1340,34 @@ + <edmx:Reference Uri="/redfish/v1/schema/MemoryCollection_v1.xml"> + <edmx:Include Namespace="MemoryCollection"/> + </edmx:Reference> ++ <edmx:Reference Uri="/redfish/v1/schema/MemoryMetrics_v1.xml"> ++ <edmx:Include Namespace="MemoryMetrics"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_0"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_1"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_2"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_3"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_4"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_5"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_6"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_7"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_0_8"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_0"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_1"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_2"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_3"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_4"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_5"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_6"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_7"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_1_8"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_2_0"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_2_1"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_2_2"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_3_0"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_3_1"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_4_0"/> ++ <edmx:Include Namespace="MemoryMetrics.v1_4_1"/> ++ </edmx:Reference> + <edmx:Reference Uri="/redfish/v1/schema/Message_v1.xml"> + <edmx:Include Namespace="Message"/> + <edmx:Include Namespace="Message.v1_0_0"/> +diff --git a/static/redfish/v1/JsonSchemas/MemoryMetrics/MemoryMetrics.json b/static/redfish/v1/JsonSchemas/MemoryMetrics/MemoryMetrics.json +new file mode 100644 +index 0000000..a841f07 +--- /dev/null ++++ b/static/redfish/v1/JsonSchemas/MemoryMetrics/MemoryMetrics.json +@@ -0,0 +1,473 @@ ++{ ++ "$id": "http://redfish.dmtf.org/schemas/v1/MemoryMetrics.v1_4_1.json", ++ "$ref": "#/definitions/MemoryMetrics", ++ "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json", ++ "copyright": "Copyright 2014-2020 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright", ++ "definitions": { ++ "Actions": { ++ "additionalProperties": false, ++ "description": "The available actions for this resource.", ++ "longDescription": "This type shall contain the available actions for this resource.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "#MemoryMetrics.ClearCurrentPeriod": { ++ "$ref": "#/definitions/ClearCurrentPeriod" ++ }, ++ "Oem": { ++ "$ref": "#/definitions/OemActions", ++ "description": "The available OEM-specific actions for this resource.", ++ "longDescription": "This property shall contain the available OEM-specific actions for this resource." ++ } ++ }, ++ "type": "object" ++ }, ++ "AlarmTrips": { ++ "additionalProperties": false, ++ "description": "The alarm trip information about the memory. These alarms are reset when the system resets. Note that if they are re-discovered they can be reasserted.", ++ "longDescription": "This type shall contain properties that describe the types of alarms that have been raised by the memory. These alarms shall be reset when the system resets. Note that if they are re-discovered they can be reasserted.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "AddressParityError": { ++ "description": "An indication of whether an address parity error was detected that a retry could not correct.", ++ "longDescription": "This property shall indicate whether an address parity error was detected that a retry could not correct.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "CorrectableECCError": { ++ "description": "An indication of whether the correctable error threshold crossing alarm trip was detected.", ++ "longDescription": "This property shall indicate whether the correctable error threshold crossing alarm trip was detected.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "SpareBlock": { ++ "description": "An indication of whether the spare block capacity crossing alarm trip was detected.", ++ "longDescription": "This property shall indicate whether the spare block capacity crossing alarm trip was detected.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "Temperature": { ++ "description": "An indication of whether a temperature threshold alarm trip was detected.", ++ "longDescription": "This property shall indicates whether a temperature threshold alarm trip was detected.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "UncorrectableECCError": { ++ "description": "An indication of whether the uncorrectable error threshold alarm trip was detected.", ++ "longDescription": "This property shall indicate whether the uncorrectable error threshold alarm trip was detected.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ } ++ }, ++ "type": "object" ++ }, ++ "ClearCurrentPeriod": { ++ "additionalProperties": false, ++ "description": "This action sets the CurrentPeriod property's values to 0.", ++ "longDescription": "This action shall set the CurrentPeriod property's values to 0.", ++ "parameters": {}, ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "target": { ++ "description": "Link to invoke action", ++ "format": "uri-reference", ++ "type": "string" ++ }, ++ "title": { ++ "description": "Friendly action name", ++ "type": "string" ++ } ++ }, ++ "type": "object" ++ }, ++ "CurrentPeriod": { ++ "additionalProperties": false, ++ "description": "The memory metrics since the last system reset or ClearCurrentPeriod action.", ++ "longDescription": "This type shall describe the memory metrics since last system reset or ClearCurrentPeriod action.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "BlocksRead": { ++ "description": "The number of blocks read since reset.", ++ "longDescription": "This property shall contain the number of blocks read since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksRead over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ] ++ }, ++ "BlocksWritten": { ++ "description": "The number of blocks written since reset.", ++ "longDescription": "This property shall contain the number of blocks written since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksWritten over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ] ++ }, ++ "CorrectableECCErrorCount": { ++ "description": "The number of the correctable errors since reset.", ++ "longDescription": "This property shall contain the number of correctable errors since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of CorrectableECCErrorCount over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ], ++ "versionAdded": "v1_4_0" ++ }, ++ "UncorrectableECCErrorCount": { ++ "description": "The number of the uncorrectable errors since reset.", ++ "longDescription": "This property shall contain the number of uncorrectable errors since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of UncorrectableECCErrorCount over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ], ++ "versionAdded": "v1_4_0" ++ } ++ }, ++ "type": "object" ++ }, ++ "HealthData": { ++ "additionalProperties": false, ++ "description": "The health information of the memory.", ++ "longDescription": "This type shall contain properties that describe the HealthData metrics for this resource.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "AlarmTrips": { ++ "$ref": "#/definitions/AlarmTrips", ++ "description": "Alarm trip information about the memory.", ++ "longDescription": "This object shall contain properties describe the types of alarms that have been raised by the memory. When this resource is subordinate to the MemorySummary object, this property shall indicate whether an alarm of a given type have been raised by any area of memory." ++ }, ++ "DataLossDetected": { ++ "description": "An indication of whether data loss was detected.", ++ "longDescription": "This property shall indicate whether data loss was detected. When this resource is subordinate to the MemorySummary object, this property shall indicate whether any data loss was detected in any area of memory.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "LastShutdownSuccess": { ++ "description": "An indication of whether the last shutdown succeeded.", ++ "longDescription": "This property shall indicate whether the last shutdown succeeded.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "PerformanceDegraded": { ++ "description": "An indication of whether performance has degraded.", ++ "longDescription": "This property shall indicate whether performance has degraded. When this resource is subordinate to the MemorySummary object, this property shall indicate whether degraded performance mode status is detected in any area of memory.", ++ "readonly": true, ++ "type": [ ++ "boolean", ++ "null" ++ ] ++ }, ++ "PredictedMediaLifeLeftPercent": { ++ "description": "The percentage of reads and writes that are predicted to still be available for the media.", ++ "longDescription": "This property shall contain an indicator of the percentage of life remaining in the media.", ++ "readonly": true, ++ "type": [ ++ "number", ++ "null" ++ ], ++ "units": "%", ++ "versionAdded": "v1_1_0" ++ }, ++ "RemainingSpareBlockPercentage": { ++ "description": "The remaining spare blocks, as a percentage.", ++ "longDescription": "This property shall contain the remaining spare blocks as a percentage. When this resource is subordinate to the MemorySummary object, this property shall be the RemainingSpareBlockPercentage over all memory.", ++ "readonly": true, ++ "type": [ ++ "number", ++ "null" ++ ], ++ "units": "%" ++ } ++ }, ++ "type": "object" ++ }, ++ "LifeTime": { ++ "additionalProperties": false, ++ "description": "The memory metrics for the lifetime of the memory.", ++ "longDescription": "This type shall describe the memory metrics since manufacturing.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "BlocksRead": { ++ "description": "The number of blocks read for the lifetime of the memory.", ++ "longDescription": "This property shall contain the number of blocks read for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksRead over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ] ++ }, ++ "BlocksWritten": { ++ "description": "The number of blocks written for the lifetime of the memory.", ++ "longDescription": "This property shall contain the number of blocks written for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksWritten over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ] ++ }, ++ "CorrectableECCErrorCount": { ++ "description": "The number of the correctable errors for the lifetime of the memory.", ++ "longDescription": "This property shall contain the number of the correctable errors for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of CorrectableECCErrorCount over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ], ++ "versionAdded": "v1_4_0" ++ }, ++ "UncorrectableECCErrorCount": { ++ "description": "The number of the uncorrectable errors for the lifetime of the memory.", ++ "longDescription": "This property shall contain the number of the uncorrectable errors for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of UncorrectableECCErrorCount over all memory.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ], ++ "versionAdded": "v1_4_0" ++ } ++ }, ++ "type": "object" ++ }, ++ "MemoryMetrics": { ++ "additionalProperties": false, ++ "description": "The usage and health statistics for a memory device or system memory summary.", ++ "longDescription": "The MemoryMetrics schema shall contain the memory metrics for a memory device or system memory summary in a Redfish implementation.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": { ++ "@odata.context": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context" ++ }, ++ "@odata.etag": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag" ++ }, ++ "@odata.id": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id" ++ }, ++ "@odata.type": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type" ++ }, ++ "Actions": { ++ "$ref": "#/definitions/Actions", ++ "description": "The available actions for this resource.", ++ "longDescription": "This property shall contain the available actions for this resource." ++ }, ++ "BandwidthPercent": { ++ "description": "The memory bandwidth utilization as a percentage.", ++ "longDescription": "This property shall contain memory bandwidth utilization as a percentage. When this resource is subordinate to the MemorySummary object, this property shall be the memory bandwidth utilization over all memory as a percentage.", ++ "minimum": 0, ++ "readonly": true, ++ "type": [ ++ "number", ++ "null" ++ ], ++ "units": "%", ++ "versionAdded": "v1_2_0" ++ }, ++ "BlockSizeBytes": { ++ "description": "The block size, in bytes.", ++ "longDescription": "This property shall contain the block size, in bytes, of all structure elements. When this resource is subordinate to the MemorySummary object, this property is not applicable.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ], ++ "units": "By" ++ }, ++ "CurrentPeriod": { ++ "$ref": "#/definitions/CurrentPeriod", ++ "description": "The memory metrics since the last reset or ClearCurrentPeriod action.", ++ "longDescription": "This property shall contain properties that describe the memory metrics for the current period." ++ }, ++ "Description": { ++ "anyOf": [ ++ { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description" ++ }, ++ { ++ "type": "null" ++ } ++ ], ++ "readonly": true ++ }, ++ "HealthData": { ++ "$ref": "#/definitions/HealthData", ++ "description": "The health information of the memory.", ++ "longDescription": "This property shall contain properties that describe the health data memory metrics for the memory." ++ }, ++ "Id": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id", ++ "readonly": true ++ }, ++ "LifeTime": { ++ "$ref": "#/definitions/LifeTime", ++ "description": "The memory metrics for the lifetime of the memory.", ++ "longDescription": "This property shall contain properties that describe the memory metrics for the lifetime of the memory." ++ }, ++ "Name": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name", ++ "readonly": true ++ }, ++ "Oem": { ++ "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", ++ "description": "The OEM extension property.", ++ "longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements." ++ }, ++ "OperatingSpeedMHz": { ++ "description": "Operating speed of memory in MHz or MT/s as appropriate.", ++ "longDescription": "This property shall contain the operating speed of memory in MHz or MT/s (mega-transfers per second) as reported by the memory device. Memory devices that operate at their bus speed shall report the operating speed in MHz (bus speed), while memory devices that transfer data faster than their bus speed, such as DDR memory, shall report the operating speed in MT/s (mega-transfers/second). The reported value shall match the conventionally reported values for the technology used by the memory device.", ++ "readonly": true, ++ "type": [ ++ "integer", ++ "null" ++ ], ++ "units": "MHz", ++ "versionAdded": "v1_3_0" ++ } ++ }, ++ "required": [ ++ "@odata.id", ++ "@odata.type", ++ "Id", ++ "Name" ++ ], ++ "type": "object" ++ }, ++ "OemActions": { ++ "additionalProperties": true, ++ "description": "The available OEM-specific actions for this resource.", ++ "longDescription": "This type shall contain the available OEM-specific actions for this resource.", ++ "patternProperties": { ++ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { ++ "description": "This property shall specify a valid odata or Redfish property.", ++ "type": [ ++ "array", ++ "boolean", ++ "integer", ++ "number", ++ "null", ++ "object", ++ "string" ++ ] ++ } ++ }, ++ "properties": {}, ++ "type": "object" ++ } ++ }, ++ "owningEntity": "DMTF", ++ "release": "2020.3", ++ "title": "#MemoryMetrics.v1_4_1.MemoryMetrics" ++} +\ No newline at end of file +diff --git a/static/redfish/v1/JsonSchemas/MemoryMetrics/index.json b/static/redfish/v1/JsonSchemas/MemoryMetrics/index.json +new file mode 100644 +index 0000000..e506f59 +--- /dev/null ++++ b/static/redfish/v1/JsonSchemas/MemoryMetrics/index.json +@@ -0,0 +1,21 @@ ++{ ++ "@odata.context": "/redfish/v1/$metadata#JsonSchemaFile.JsonSchemaFile", ++ "@odata.id": "/redfish/v1/JsonSchemas/MemoryMetrics", ++ "@odata.type": "#JsonSchemaFile.v1_0_2.JsonSchemaFile", ++ "Name": "MemoryMetrics Schema File", ++ "Schema": "#MemoryMetrics.MemoryMetrics", ++ "Description": "MemoryMetrics Schema File Location", ++ "Id": "MemoryMetrics", ++ "Languages": [ ++ "en" ++ ], ++ "Languages@odata.count": 1, ++ "Location": [ ++ { ++ "Language": "en", ++ "PublicationUri": "http://redfish.dmtf.org/schemas/v1/MemoryMetrics.json", ++ "Uri": "/redfish/v1/JsonSchemas/MemoryMetrics/MemoryMetrics.json" ++ } ++ ], ++ "Location@odata.count": 1 ++} +\ No newline at end of file +diff --git a/static/redfish/v1/JsonSchemas/index.json b/static/redfish/v1/JsonSchemas/index.json +index 8811f26..fd5abbf 100644 +--- a/static/redfish/v1/JsonSchemas/index.json ++++ b/static/redfish/v1/JsonSchemas/index.json +@@ -4,7 +4,7 @@ + "@odata.type": "#JsonSchemaFileCollection.JsonSchemaFileCollection", + "Name": "JsonSchemaFile Collection", + "Description": "Collection of JsonSchemaFiles", +- "Members@odata.count": 58, ++ "Members@odata.count": 59, + "Members": [ + { + "@odata.id": "/redfish/v1/JsonSchemas/AccountService" +@@ -75,6 +75,9 @@ + { + "@odata.id": "/redfish/v1/JsonSchemas/Memory" + }, ++ { ++ "@odata.id": "/redfish/v1/JsonSchemas/MemoryMetrics" ++ }, + { + "@odata.id": "/redfish/v1/JsonSchemas/Message" + }, +diff --git a/static/redfish/v1/schema/MemoryMetrics_v1.xml b/static/redfish/v1/schema/MemoryMetrics_v1.xml +new file mode 100644 +index 0000000..bfeae79 +--- /dev/null ++++ b/static/redfish/v1/schema/MemoryMetrics_v1.xml +@@ -0,0 +1,424 @@ ++<?xml version="1.0" encoding="UTF-8"?> ++<!----> ++<!--################################################################################ --> ++<!--# Redfish Schema: MemoryMetrics v1.4.1 --> ++<!--# --> ++<!--# For a detailed change log, see the README file contained in the DSP8010 bundle, --> ++<!--# available at http://www.dmtf.org/standards/redfish --> ++<!--# Copyright 2014-2021 DMTF. --> ++<!--# For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright --> ++<!--################################################################################ --> ++<!----> ++<edmx:Edmx xmlns:edmx="http://docs.oasis-open.org/odata/ns/edmx" Version="4.0"> ++ ++ <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Core.V1.xml"> ++ <edmx:Include Namespace="Org.OData.Core.V1" Alias="OData"/> ++ </edmx:Reference> ++ <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Capabilities.V1.xml"> ++ <edmx:Include Namespace="Org.OData.Capabilities.V1" Alias="Capabilities"/> ++ </edmx:Reference> ++ <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/Resource_v1.xml"> ++ <edmx:Include Namespace="Resource.v1_0_0"/> ++ </edmx:Reference> ++ <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/RedfishExtensions_v1.xml"> ++ <edmx:Include Namespace="RedfishExtensions.v1_0_0" Alias="Redfish"/> ++ <edmx:Include Namespace="Validation.v1_0_0" Alias="Validation"/> ++ </edmx:Reference> ++ <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Measures.V1.xml"> ++ <edmx:Include Namespace="Org.OData.Measures.V1" Alias="Measures"/> ++ </edmx:Reference> ++ ++ <edmx:DataServices> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ ++ <EntityType Name="MemoryMetrics" BaseType="Resource.v1_0_0.Resource" Abstract="true"> ++ <Annotation Term="OData.Description" String="The usage and health statistics for a memory device or system memory summary."/> ++ <Annotation Term="OData.LongDescription" String="The MemoryMetrics schema shall contain the memory metrics for a memory device or system memory summary in a Redfish implementation."/> ++ <Annotation Term="OData.AdditionalProperties" Bool="false"/> ++ <Annotation Term="Capabilities.InsertRestrictions"> ++ <Record> ++ <PropertyValue Property="Insertable" Bool="false"/> ++ </Record> ++ </Annotation> ++ <Annotation Term="Capabilities.UpdateRestrictions"> ++ <Record> ++ <PropertyValue Property="Updatable" Bool="false"/> ++ </Record> ++ </Annotation> ++ <Annotation Term="Capabilities.DeleteRestrictions"> ++ <Record> ++ <PropertyValue Property="Deletable" Bool="false"/> ++ </Record> ++ </Annotation> ++ <Annotation Term="Redfish.Uris"> ++ <Collection> ++ <String>/redfish/v1/Systems/{ComputerSystemId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/Systems/{ComputerSystemId}/Memory/{MemoryId}/MemoryMetrics</String> ++ <String>/redfish/v1/Systems/{ComputerSystemId}/Processors/{ProcessorId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Memory/{MemoryId}/MemoryMetrics</String> ++ <String>/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Processors/{ProcessorId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Memory/{MemoryId}/MemoryMetrics</String> ++ <String>/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Processors/{ProcessorId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/ResourceBlocks/{ResourceBlockId}/Memory/{MemoryId}/MemoryMetrics</String> ++ <String>/redfish/v1/ResourceBlocks/{ResourceBlockId}/Processors/{ProcessorId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Memory/{MemoryId}/MemoryMetrics</String> ++ <String>/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/MemorySummary/MemoryMetrics</String> ++ <String>/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Processors/{ProcessorId}/MemorySummary/MemoryMetrics</String> ++ </Collection> ++ </Annotation> ++ </EntityType> ++ ++ <Action Name="ClearCurrentPeriod" IsBound="true"> ++ <Parameter Name="MemoryMetrics" Type="MemoryMetrics.v1_0_0.Actions"/> ++ <Annotation Term="OData.Description" String="This action sets the CurrentPeriod property's values to 0."/> ++ <Annotation Term="OData.LongDescription" String="This action shall set the CurrentPeriod property's values to 0."/> ++ </Action> ++ ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_0"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="Redfish.Release" String="2016.1"/> ++ ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.MemoryMetrics"> ++ <Property Name="BlockSizeBytes" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The block size, in bytes."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the block size, in bytes, of all structure elements. When this resource is subordinate to the MemorySummary object, this property is not applicable."/> ++ <Annotation Term="Measures.Unit" String="By"/> ++ </Property> ++ <Property Name="CurrentPeriod" Type="MemoryMetrics.v1_0_0.CurrentPeriod" Nullable="false"> ++ <Annotation Term="OData.Description" String="The memory metrics since the last reset or ClearCurrentPeriod action."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain properties that describe the memory metrics for the current period."/> ++ </Property> ++ <Property Name="LifeTime" Type="MemoryMetrics.v1_0_0.LifeTime" Nullable="false"> ++ <Annotation Term="OData.Description" String="The memory metrics for the lifetime of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain properties that describe the memory metrics for the lifetime of the memory."/> ++ </Property> ++ <Property Name="HealthData" Type="MemoryMetrics.v1_0_0.HealthData" Nullable="false"> ++ <Annotation Term="OData.Description" String="The health information of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain properties that describe the health data memory metrics for the memory."/> ++ </Property> ++ <Property Name="Actions" Type="MemoryMetrics.v1_0_0.Actions" Nullable="false"> ++ <Annotation Term="OData.Description" String="The available actions for this resource."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the available actions for this resource."/> ++ </Property> ++ </EntityType> ++ ++ <ComplexType Name="CurrentPeriod"> ++ <Annotation Term="OData.AdditionalProperties" Bool="false"/> ++ <Annotation Term="OData.Description" String="The memory metrics since the last system reset or ClearCurrentPeriod action."/> ++ <Annotation Term="OData.LongDescription" String="This type shall describe the memory metrics since last system reset or ClearCurrentPeriod action."/> ++ <Property Name="BlocksRead" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of blocks read since reset."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of blocks read since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksRead over all memory."/> ++ </Property> ++ <Property Name="BlocksWritten" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of blocks written since reset."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of blocks written since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksWritten over all memory."/> ++ </Property> ++ </ComplexType> ++ ++ <ComplexType Name="LifeTime"> ++ <Annotation Term="OData.AdditionalProperties" Bool="false"/> ++ <Annotation Term="OData.Description" String="The memory metrics for the lifetime of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This type shall describe the memory metrics since manufacturing."/> ++ <Property Name="BlocksRead" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of blocks read for the lifetime of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of blocks read for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksRead over all memory."/> ++ </Property> ++ <Property Name="BlocksWritten" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of blocks written for the lifetime of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of blocks written for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of BlocksWritten over all memory."/> ++ </Property> ++ </ComplexType> ++ ++ <ComplexType Name="HealthData"> ++ <Annotation Term="OData.AdditionalProperties" Bool="false"/> ++ <Annotation Term="OData.Description" String="The health information of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This type shall contain properties that describe the HealthData metrics for this resource."/> ++ <Property Name="RemainingSpareBlockPercentage" Type="Edm.Decimal"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The remaining spare blocks, as a percentage."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the remaining spare blocks as a percentage. When this resource is subordinate to the MemorySummary object, this property shall be the RemainingSpareBlockPercentage over all memory."/> ++ <Annotation Term="Measures.Unit" String="%"/> ++ </Property> ++ <Property Name="LastShutdownSuccess" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether the last shutdown succeeded."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether the last shutdown succeeded."/> ++ </Property> ++ <Property Name="DataLossDetected" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether data loss was detected."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether data loss was detected. When this resource is subordinate to the MemorySummary object, this property shall indicate whether any data loss was detected in any area of memory."/> ++ </Property> ++ <Property Name="PerformanceDegraded" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether performance has degraded."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether performance has degraded. When this resource is subordinate to the MemorySummary object, this property shall indicate whether degraded performance mode status is detected in any area of memory."/> ++ </Property> ++ <Property Name="AlarmTrips" Type="MemoryMetrics.v1_0_0.AlarmTrips" Nullable="false"> ++ <Annotation Term="OData.Description" String="Alarm trip information about the memory."/> ++ <Annotation Term="OData.LongDescription" String="This object shall contain properties describe the types of alarms that have been raised by the memory. When this resource is subordinate to the MemorySummary object, this property shall indicate whether an alarm of a given type have been raised by any area of memory."/> ++ </Property> ++ </ComplexType> ++ ++ <ComplexType Name="AlarmTrips"> ++ <Annotation Term="OData.AdditionalProperties" Bool="false"/> ++ <Annotation Term="OData.Description" String="The alarm trip information about the memory. These alarms are reset when the system resets. Note that if they are re-discovered they can be reasserted."/> ++ <Annotation Term="OData.LongDescription" String="This type shall contain properties that describe the types of alarms that have been raised by the memory. These alarms shall be reset when the system resets. Note that if they are re-discovered they can be reasserted."/> ++ <Property Name="Temperature" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether a temperature threshold alarm trip was detected."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicates whether a temperature threshold alarm trip was detected."/> ++ </Property> ++ <Property Name="SpareBlock" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether the spare block capacity crossing alarm trip was detected."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether the spare block capacity crossing alarm trip was detected."/> ++ </Property> ++ <Property Name="UncorrectableECCError" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether the uncorrectable error threshold alarm trip was detected."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether the uncorrectable error threshold alarm trip was detected."/> ++ </Property> ++ <Property Name="CorrectableECCError" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether the correctable error threshold crossing alarm trip was detected."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether the correctable error threshold crossing alarm trip was detected."/> ++ </Property> ++ <Property Name="AddressParityError" Type="Edm.Boolean"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="An indication of whether an address parity error was detected that a retry could not correct."/> ++ <Annotation Term="OData.LongDescription" String="This property shall indicate whether an address parity error was detected that a retry could not correct."/> ++ </Property> ++ </ComplexType> ++ ++ <ComplexType Name="Actions"> ++ <Annotation Term="OData.AdditionalProperties" Bool="false"/> ++ <Annotation Term="OData.Description" String="The available actions for this resource."/> ++ <Annotation Term="OData.LongDescription" String="This type shall contain the available actions for this resource."/> ++ <Property Name="Oem" Type="MemoryMetrics.v1_0_0.OemActions" Nullable="false"> ++ <Annotation Term="OData.Description" String="The available OEM-specific actions for this resource."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the available OEM-specific actions for this resource."/> ++ </Property> ++ </ComplexType> ++ ++ <ComplexType Name="OemActions"> ++ <Annotation Term="OData.AdditionalProperties" Bool="true"/> ++ <Annotation Term="OData.Description" String="The available OEM-specific actions for this resource."/> ++ <Annotation Term="OData.LongDescription" String="This type shall contain the available OEM-specific actions for this resource."/> ++ </ComplexType> ++ ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_1"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to show that annotations in previous namespaces were updated."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_0.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_2"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to show BlocksWritten in CurrentPeriod and LifeTime ComplexTypes, and to update annotations in earlier versions of namespaces."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_1.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_3"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version shows that AlarmTrips was modified to add semantics about AlarmTrips resets upon system reset."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_2.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_4"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to force the regeneration of JSON Schema so that OData properties are marked as required, and integer properties are marked as integer rather than number. It was also created to add missing percent units onto existing properties."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_3.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_5"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to force the regeneration of JSON Schema so that URI properties use the uri-reference format."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_4.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_6"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to update descriptions to give guidance to the usage of certain properties when the metrics is used for a summary of all memory in a system. It was also created to update descriptions that this schema defines."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_5.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_7"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to update description HealthData to allow for usage when this resource is subordinate to the MemorySummary object."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_6.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_0_8"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to fix typos in descriptions and long descriptions."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_7.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_0"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="Redfish.Release" String="2016.2"/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_0_0.MemoryMetrics"/> ++ ++ <ComplexType Name="HealthData" BaseType="MemoryMetrics.v1_0_0.HealthData"> ++ <Property Name="PredictedMediaLifeLeftPercent" Type="Edm.Decimal"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The percentage of reads and writes that are predicted to still be available for the media."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain an indicator of the percentage of life remaining in the media."/> ++ <Annotation Term="Measures.Unit" String="%"/> ++ </Property> ++ </ComplexType> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_1"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to show that annotations in previous namespaces were updated."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_0.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_2"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to show BlocksWritten in CurrentPeriod and LifeTime ComplexTypes, and to update annotations in earlier versions of namespaces."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_1.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_3"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version shows that AlarmTrips was modified to add semantics about AlarmTrips resets upon system reset."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_2.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_4"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to force the regeneration of JSON Schema so that OData properties are marked as required, and integer properties are marked as integer rather than number. It was also created to add missing percent units onto existing properties."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_3.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_5"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to force the regeneration of JSON Schema so that URI properties use the uri-reference format."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_4.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_6"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to update descriptions to give guidance to the usage of certain properties when the metrics is used for a summary of all memory in a system. It was also created to update descriptions that this schema defines."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_5.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_7"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to update description HealthData to allow for usage when this resource is subordinate to the MemorySummary object."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_6.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_1_8"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to fix typos in descriptions and long descriptions."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_7.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_2_0"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="Redfish.Release" String="2019.2"/> ++ <Annotation Term="OData.Description" String="This version was created to add the BandwidthPercent property. It was also created to update property descriptions for cases when the metrics are used in a summary of all memory in a system."/> ++ ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_1_6.MemoryMetrics"> ++ <Property Name="BandwidthPercent" Type="Edm.Decimal"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The memory bandwidth utilization as a percentage."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain memory bandwidth utilization as a percentage. When this resource is subordinate to the MemorySummary object, this property shall be the memory bandwidth utilization over all memory as a percentage."/> ++ <Annotation Term="Validation.Minimum" Int="0"/> ++ <Annotation Term="Measures.Unit" String="%"/> ++ </Property> ++ </EntityType> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_2_1"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to update description HealthData to allow for usage when this resource is subordinate to the MemorySummary object."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_2_0.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_2_2"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to fix typos in descriptions and long descriptions."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_2_1.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_3_0"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="Redfish.Release" String="2020.1"/> ++ <Annotation Term="OData.Description" String="This version was created to add OperatingSpeedMHz property."/> ++ ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_2_1.MemoryMetrics"> ++ <Property Name="OperatingSpeedMHz" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="Operating speed of memory in MHz or MT/s as appropriate."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the operating speed of memory in MHz or MT/s (mega-transfers per second) as reported by the memory device. Memory devices that operate at their bus speed shall report the operating speed in MHz (bus speed), while memory devices that transfer data faster than their bus speed, such as DDR memory, shall report the operating speed in MT/s (mega-transfers/second). The reported value shall match the conventionally reported values for the technology used by the memory device."/> ++ <Annotation Term="Measures.Unit" String="MHz"/> ++ </Property> ++ </EntityType> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_3_1"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to fix typos in descriptions and long descriptions."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_3_0.MemoryMetrics"/> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_4_0"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="Redfish.Release" String="2020.3"/> ++ <Annotation Term="OData.Description" String="This version was created to add CorrectableECCErrorCount and UncorrectableECCErrorCount properties for CurrentPeriod and LifeTime of the memory."/> ++ ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_3_0.MemoryMetrics"/> ++ ++ <ComplexType Name="CurrentPeriod" BaseType="MemoryMetrics.v1_0_0.CurrentPeriod"> ++ <Property Name="CorrectableECCErrorCount" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of the correctable errors since reset."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of correctable errors since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of CorrectableECCErrorCount over all memory."/> ++ </Property> ++ <Property Name="UncorrectableECCErrorCount" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of the uncorrectable errors since reset."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of uncorrectable errors since reset. When this resource is subordinate to the MemorySummary object, this property shall be the sum of UncorrectableECCErrorCount over all memory."/> ++ </Property> ++ </ComplexType> ++ ++ <ComplexType Name="LifeTime" BaseType="MemoryMetrics.v1_0_0.LifeTime"> ++ <Property Name="CorrectableECCErrorCount" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of the correctable errors for the lifetime of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of the correctable errors for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of CorrectableECCErrorCount over all memory."/> ++ </Property> ++ <Property Name="UncorrectableECCErrorCount" Type="Edm.Int64"> ++ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> ++ <Annotation Term="OData.Description" String="The number of the uncorrectable errors for the lifetime of the memory."/> ++ <Annotation Term="OData.LongDescription" String="This property shall contain the number of the uncorrectable errors for the lifetime of the memory. When this resource is subordinate to the MemorySummary object, this property shall be the sum of UncorrectableECCErrorCount over all memory."/> ++ </Property> ++ </ComplexType> ++ </Schema> ++ ++ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="MemoryMetrics.v1_4_1"> ++ <Annotation Term="Redfish.OwningEntity" String="DMTF"/> ++ <Annotation Term="OData.Description" String="This version was created to fix typos in descriptions and long descriptions."/> ++ <EntityType Name="MemoryMetrics" BaseType="MemoryMetrics.v1_4_0.MemoryMetrics"/> ++ </Schema> ++ ++ </edmx:DataServices> ++</edmx:Edmx> +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0008-Add-BIOSAttributesChanged-message-entry.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0008-Add-BIOSAttributesChanged-message-entry.patch new file mode 100644 index 000000000..bbcd7df12 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0008-Add-BIOSAttributesChanged-message-entry.patch @@ -0,0 +1,88 @@ +From d2b0499ad8b8610f8be1963f5ca1bb8548a97641 Mon Sep 17 00:00:00 2001 +From: Snehalatha Venkatesh <snehalathax.v@intel.com> +Date: Mon, 11 Apr 2022 07:12:53 +0000 +Subject: [PATCH] Add BIOSAttributesChanged message entry + +When BIOS attributes are changed via OOB (using Redfish PATCH operation) +No Redfish event is logged. + +Added a Message Registry entry to inform that a set of BIOS attributes +are changed via OOB. It will be logged after BIOS reset, during which +attributes are re-populated with patched values. + +Changing the BIOS attributes via OOB is possible only through +Redfish PATCH operation currently and not supported through IPMI. + +This event is implemented for the following review. +https://gerrit.openbmc-project.xyz/c/openbmc/intel-ipmi-oem/+/52320 + +Tested: +1. Redfish validator - passed for this new addition. +2. Enable "BMC Remote Setup" and Set BIOS admin password. +3. Do BIOS reset. +4. Check for the attributes in redfish uri +GET: /redfish/v1/Systems/system/Bios +Response: Success +5. Patch any attribute. +PATCH: /redfish/v1/Systems/system/Bios/Settings +Body: +{ + "data": { + "serialDebugMsgLvl": "0x2" +}} +Response: Success +6. Do BIOS reset. +7. Verified in Redfish, Biosattribute change message populated. +GET: /redfish/v1/Systems/system/LogServices/EventLog/Entries +Response: +{ + "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/32635", + "@odata.type": "#LogEntry.v1_8_0.LogEntry", + "Created": "1970-01-01T09:03:55+00:00", + "EntryType": "Event", + "Id": "32635", + "Message": "Set of BIOS Attributes changed.", + "MessageArgs": [], + "MessageId": "OpenBMC.0.1.BIOSAttributesChanged", + "Name": "System Event Log Entry", + "Severity": "OK" +} + +Signed-off-by: Snehalatha Venkatesh <snehalathax.v@intel.com> +--- + .../include/registries/openbmc_message_registry.hpp | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/redfish-core/include/registries/openbmc_message_registry.hpp b/redfish-core/include/registries/openbmc_message_registry.hpp +index a181080..f0e0e59 100644 +--- a/redfish-core/include/registries/openbmc_message_registry.hpp ++++ b/redfish-core/include/registries/openbmc_message_registry.hpp +@@ -29,7 +29,7 @@ const Header header = { + "0.3.1", + "OpenBMC", + }; +-constexpr std::array<MessageEntry, 200> registry = { ++constexpr std::array<MessageEntry, 201> registry = { + MessageEntry{ + "ADDDCCorrectable", + { +@@ -139,6 +139,16 @@ constexpr std::array<MessageEntry, 200> registry = { + "None.", + }}, + ++ MessageEntry{"BIOSAttributesChanged", ++ { ++ "Indicates that a set of BIOS attributes changed.", ++ "Set of BIOS Attributes changed.", ++ "OK", ++ "OK", ++ 0, ++ {}, ++ "None.", ++ }}, + MessageEntry{ + "BIOSBoot", + { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0006-Add-EventService-SSE-filter-support.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0006-Add-EventService-SSE-filter-support.patch index 05018a47d..5b2c48926 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0006-Add-EventService-SSE-filter-support.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0006-Add-EventService-SSE-filter-support.patch @@ -33,18 +33,18 @@ Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> Change-Id: I55c6f53bb5e57aa1f2d1601f1a16525a33b13bd2 --- - include/eventservice_sse.hpp | 145 +++++++++++++++++- + include/eventservice_sse.hpp | 146 +++++++++++++++++- redfish-core/include/error_messages.hpp | 9 ++ .../include/event_service_manager.hpp | 5 + redfish-core/lib/event_service.hpp | 5 - redfish-core/src/error_messages.cpp | 26 ++++ - 5 files changed, 181 insertions(+), 9 deletions(-) + 5 files changed, 182 insertions(+), 9 deletions(-) diff --git a/include/eventservice_sse.hpp b/include/eventservice_sse.hpp index 14daf00..fed7fec 100644 --- a/include/eventservice_sse.hpp +++ b/include/eventservice_sse.hpp -@@ -23,16 +23,153 @@ static bool createSubscription(std::shared_ptr<crow::SseConnection>& conn, +@@ -23,16 +23,154 @@ static bool createSubscription(std::shared_ptr<crow::SseConnection>& conn, } BMCWEB_LOG_DEBUG << "Request query param size: " << req.urlParams.size(); @@ -199,6 +199,7 @@ index 14daf00..fed7fec 100644 + subValue->registryMsgIds = msgIds; + subValue->registryPrefixes = regPrefixes; + subValue->metricReportDefinitions = mrdsArray; ++ subValue->subscriptionOwner = req.session->username; std::string id = redfish::EventServiceManager::getInstance().addSubscription(subValue, diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0015-Add-Configure-Self-support-for-Event-Subscriptions.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0015-Add-Configure-Self-support-for-Event-Subscriptions.patch new file mode 100644 index 000000000..ee62f1cbe --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0015-Add-Configure-Self-support-for-Event-Subscriptions.patch @@ -0,0 +1,220 @@ +From fdc4667e34cb8ede4529e116b35ed4d411328e08 Mon Sep 17 00:00:00 2001 +From: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> +Date: Fri, 11 Feb 2022 05:26:19 +0530 +Subject: [PATCH] Add Configure Self support for Event Subscriptions + +As per DTMF redfish schema privilege registry PATCH and DELETE operations +on event subscriptions require ConfigureManager or ConfigureSelf +privilege. +Currently, only ConfigureManager support was enabled, which implies only +Admin user will be able to PATCH and DELETE any given subscription. +This commits adds the support to enable ConfigureSelf, which implies, an +Operator user will be able to PATCH or DELETE self created subscription. +This support is enabled by adding SubscriptionOwner field to the +Subscriptions class, so that the Owner of the subscription will be +stored when a subscription is created. +This Commit also ensures backward compatibility by not mandating the +SubscriptionOwner field. Which implies, the older subscriptions which do +not have a SubscriptionOwner will not be force removed, but can only be +PATCHED or DELETED by Administrator. + +Tested: + - Created 2 Operator level users - Operator1 and Operator2 + - Created subscription by POST to + /redfish/v1/EventService/Subscriptions using Operator1 + - PATCH and DELETE on the subscription failed successfully when using + Operator2 user. + - PATCH and DELETE was successfull when using Operator1 user. + +Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> +--- + include/event_service_store.hpp | 11 +++ + include/persistent_data.hpp | 1 + + .../include/event_service_manager.hpp | 2 + + redfish-core/lib/event_service.hpp | 80 ++++++++++++++++--- + 4 files changed, 81 insertions(+), 13 deletions(-) + +diff --git a/include/event_service_store.hpp b/include/event_service_store.hpp +index dcc99f1..6997136 100644 +--- a/include/event_service_store.hpp ++++ b/include/event_service_store.hpp +@@ -22,6 +22,7 @@ struct UserSubscription + std::vector<std::string> resourceTypes; + boost::beast::http::fields httpHeaders; + std::vector<std::string> metricReportDefinitions; ++ std::string subscriptionOwner; + + static std::shared_ptr<UserSubscription> + fromJson(const nlohmann::json& j, const bool loadFromOldConfig = false) +@@ -172,6 +173,16 @@ struct UserSubscription + subvalue->metricReportDefinitions.emplace_back(*value); + } + } ++ else if (element.key() == "SubscriptionOwner") ++ { ++ const std::string* value = ++ element.value().get_ptr<const std::string*>(); ++ if (value == nullptr) ++ { ++ continue; ++ } ++ subvalue->subscriptionOwner = *value; ++ } + else + { + BMCWEB_LOG_ERROR +diff --git a/include/persistent_data.hpp b/include/persistent_data.hpp +index dbd3618..48855ec 100644 +--- a/include/persistent_data.hpp ++++ b/include/persistent_data.hpp +@@ -305,6 +305,7 @@ class ConfigFile + {"ResourceTypes", subValue->resourceTypes}, + {"SubscriptionType", subValue->subscriptionType}, + {"MetricReportDefinitions", subValue->metricReportDefinitions}, ++ {"SubscriptionOwner", subValue->subscriptionOwner}, + }); + } + persistentFile << data; +diff --git a/redfish-core/include/event_service_manager.hpp b/redfish-core/include/event_service_manager.hpp +index 1ba9f21..a1b8921 100644 +--- a/redfish-core/include/event_service_manager.hpp ++++ b/redfish-core/include/event_service_manager.hpp +@@ -692,6 +692,7 @@ class EventServiceManager + subValue->resourceTypes = newSub->resourceTypes; + subValue->httpHeaders = newSub->httpHeaders; + subValue->metricReportDefinitions = newSub->metricReportDefinitions; ++ subValue->subscriptionOwner = newSub->subscriptionOwner; + + if (subValue->id.empty()) + { +@@ -1008,6 +1009,7 @@ class EventServiceManager + newSub->resourceTypes = subValue->resourceTypes; + newSub->httpHeaders = subValue->httpHeaders; + newSub->metricReportDefinitions = subValue->metricReportDefinitions; ++ newSub->subscriptionOwner = subValue->subscriptionOwner; + persistent_data::EventServiceStore::getInstance() + .subscriptionsConfigMap.emplace(newSub->id, newSub); + +diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp +index 9eb845c..2fb2ab1 100644 +--- a/redfish-core/lib/event_service.hpp ++++ b/redfish-core/lib/event_service.hpp +@@ -296,6 +296,7 @@ inline void requestRoutesEventDestinationCollection(App& app) + std::make_shared<Subscription>(host, port, path, uriProto); + + subValue->destinationUrl = destUrl; ++ subValue->subscriptionOwner = req.session->username; + + if (subscriptionType) + { +@@ -577,11 +578,7 @@ inline void requestRoutesEventDestination(App& app) + mrdJsonArray; + }); + BMCWEB_ROUTE(app, "/redfish/v1/EventService/Subscriptions/<str>/") +- // The below privilege is wrong, it should be ConfigureManager OR +- // ConfigureSelf +- // https://github.com/openbmc/bmcweb/issues/220 +- //.privileges(redfish::privileges::patchEventDestination) +- .privileges({{"ConfigureManager"}}) ++ .privileges(redfish::privileges::patchEventDestination) + .methods(boost::beast::http::verb::patch)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, +@@ -595,6 +592,36 @@ inline void requestRoutesEventDestination(App& app) + return; + } + ++ Privileges effectiveUserPrivileges = ++ redfish::getUserPrivileges(req.userRole); ++ bool isConfigureManager = ++ effectiveUserPrivileges.isSupersetOf({"ConfigureManager"}); ++ ++ if (!isConfigureManager) ++ { ++ // If the user does not have Configure manager privilege ++ // then the user must be an Operator (i.e. Configure ++ // Components and Self) ++ // We need to ensure that the User is the actual owner of the ++ // Subscription being patched ++ // This also supports backward compatibility as subscription ++ // owner would be empty which would not be equal to current ++ // user, enabling only Admin to be able to patch the ++ // Subscription ++ ++ if (subValue->subscriptionOwner == "") ++ { ++ messages::insufficientPrivilege(asyncResp->res); ++ return; ++ } ++ ++ if (subValue->subscriptionOwner != req.session->username) ++ { ++ messages::insufficientPrivilege(asyncResp->res); ++ return; ++ } ++ } ++ + std::optional<std::string> context; + std::optional<std::string> retryPolicy; + std::optional<std::vector<nlohmann::json>> headers; +@@ -653,22 +680,49 @@ inline void requestRoutesEventDestination(App& app) + EventServiceManager::getInstance().updateSubscription(param); + }); + BMCWEB_ROUTE(app, "/redfish/v1/EventService/Subscriptions/<str>/") +- // The below privilege is wrong, it should be ConfigureManager OR +- // ConfigureSelf +- // https://github.com/openbmc/bmcweb/issues/220 +- //.privileges(redfish::privileges::deleteEventDestination) +- .privileges({{"ConfigureManager"}}) ++ .privileges(redfish::privileges::deleteEventDestination) + .methods(boost::beast::http::verb::delete_)( +- [](const crow::Request&, ++ [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string& param) { +- if (!EventServiceManager::getInstance().isSubscriptionExist( +- param)) ++ std::shared_ptr<Subscription> subValue = ++ EventServiceManager::getInstance().getSubscription(param); ++ if (subValue == nullptr) + { + asyncResp->res.result( + boost::beast::http::status::not_found); + return; + } ++ ++ Privileges effectiveUserPrivileges = ++ redfish::getUserPrivileges(req.userRole); ++ bool isConfigureManager = ++ effectiveUserPrivileges.isSupersetOf({"ConfigureManager"}); ++ ++ if (!isConfigureManager) ++ { ++ // If the user does not have Configure manager privilege ++ // then the user must be an Operator (i.e. Configure ++ // Components and Self) ++ // We need to ensure that the User is the actual owner of the ++ // Subscription being deleted ++ // This also supports backward compatibility as subscription ++ // owner would be empty which would not be equal to current ++ // user, enabling only Admin to be able to patch the ++ // Subscription ++ ++ if (subValue->subscriptionOwner == "") ++ { ++ messages::insufficientPrivilege(asyncResp->res); ++ return; ++ } ++ ++ if (subValue->subscriptionOwner != req.session->username) ++ { ++ messages::insufficientPrivilege(asyncResp->res); ++ return; ++ } ++ } + EventServiceManager::getInstance().deleteSubscription(param); + }); + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend index f7154bda1..45622be30 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend @@ -27,6 +27,10 @@ SRC_URI += "file://0001-Firmware-update-configuration-changes.patch \ file://0029-Fix-Property-PhysicalContext-is-invalid-none.patch \ file://0030-Change-Severity-for-ServiceFailure-redfish-event.patch \ file://0031-Change-PcieType-to-PCIeType.patch \ + file://0032-Remove-chassis-from-the-odata-id-of-the-PSU.patch \ + file://0033-Add-message-registry-entry-for-Memhot-event.patch \ + file://0034-Update-odata.type-version-of-redfish-v1-AccountService.patch \ + file://0035-Add-MemoryMetrics-schema-file.patch \ " # OOB Bios Config: @@ -37,6 +41,7 @@ SRC_URI += "file://biosconfig/0001-Define-Redfish-interface-Registries-Bios.patc file://biosconfig/0005-Fix-remove-bios-user-pwd-change-option-via-Redfish.patch \ file://biosconfig/0006-Add-fix-for-broken-feature-Pending-Attributes.patch \ file://biosconfig/0007-Add-BiosAttributeRegistry-node-under-Registries.patch \ + file://biosconfig/0008-Add-BIOSAttributesChanged-message-entry.patch \ " # Virtual Media: Backend code is not upstreamed so downstream only patches. @@ -64,6 +69,7 @@ SRC_URI += "file://eventservice/0001-Add-unmerged-changes-for-http-retry-support file://eventservice/0012-Add-support-for-deleting-terminated-subscriptions.patch \ file://eventservice/0013-event-service-fix-added-Context-field-to-response.patch \ file://eventservice/0014-Fix-Event-Subscription-URI.patch \ + file://eventservice/0015-Add-Configure-Self-support-for-Event-Subscriptions.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpd.bb b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpd.bb index 687a71caf..bdc85913f 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpd.bb +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpd.bb @@ -4,8 +4,8 @@ DESCRIPTION = "Implementation of MCTP (DTMF DSP0236)" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" -SRC_URI = "git://git@github.com/Intel-BMC/mctpd.git;protocol=ssh;branch=main" -SRCREV = "1d8974fda04b2888032b99fdcc8022353cab52f3" +SRC_URI = "git://git@github.com/Intel-BMC/mctpd.git;protocol=ssh;branch=1-release" +SRCREV = "4aa697fba21a2d0d0770358a8c9493bf5d8d5741" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpwplus.bb b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpwplus.bb index 2c84eb697..10435f6f0 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpwplus.bb +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/mctpwplus.bb @@ -5,7 +5,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=615045c30a05cde5c0e924854d43c327" SRC_URI = "git://git@github.com/Intel-BMC/mctpwplus.git;protocol=ssh;branch=main" -SRCREV = "7a7425ce324497d1199af2cc9ce0e948cc226307" +SRCREV = "4a59172db42e6bc55ea00b8c41adb54894a4f9b5" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/nvmemi-daemon.bb b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/nvmemi-daemon.bb index 97168e8a9..1573b5347 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/nvmemi-daemon.bb +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/nvmemi-daemon.bb @@ -5,7 +5,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" SRC_URI = "git://git@github.com/Intel-BMC/nvme-mi.git;protocol=ssh;branch=master" -SRCREV = "f33407cec7dd1f5702402d9dea05d6a141f34d4d" +SRCREV = "8bcc5ef307ac4445d9589d0c866d13455c46b811" S = "${WORKDIR}/git" PV = "1.0+git${SRCPV}" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb index c641132be..fccf18cb9 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb @@ -4,8 +4,8 @@ DESCRIPTION = "Implementation of PLDM specifications" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI += "git://git@github.com/Intel-BMC/pldmd.git;protocol=ssh;branch=main" -SRCREV = "5a698ca08b8159d935f8ccbc09a84960cf201896" +SRC_URI += "git://git@github.com/Intel-BMC/pldmd.git;protocol=ssh;branch=1-release" +SRCREV = "dd493b97dd7b243738e2d00c983a82a8a6d05db0" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0008-CPUSensor-additional-debug-message.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0008-CPUSensor-additional-debug-message.patch deleted file mode 100644 index be2f7fa9a..000000000 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0008-CPUSensor-additional-debug-message.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 805ae6679f49d0d7a3a6448af97f3cb639b9634f Mon Sep 17 00:00:00 2001 -From: Zhikui Ren <zhikui.ren@intel.com> -Date: Tue, 22 Jun 2021 14:49:44 -0700 -Subject: [PATCH] CPUSensor: additional debug message - -Add debug message to capture more information on threshold changes. - -Example output - DTS threshold changes when Tcontrol was first read - Jan 01 00:06:06 intel-obmc cpusensor[461]: Core_16_CPU1: Tcontrol changed from nan to 92 - Jan 01 00:06:06 intel-obmc cpusensor[461]: Core_22_CPU1: Tcontrol changed from nan to 92 - Jan 01 00:06:06 intel-obmc cpusensor[461]: Core_24_CPU1: Tcontrol changed from nan to 92 - Jan 01 00:06:06 intel-obmc cpusensor[461]: DTS_CPU1: Tcontrol changed from nan to 92 - Jan 01 00:06:06 intel-obmc cpusensor[461]: Threshold: /sys/bus/peci/devices/peci-0/0-30/peci-cputemp.0/hwmon/hwmon12/temp2_max: 92 - Jan 01 00:06:06 intel-obmc cpusensor[461]: Threshold: /sys/bus/peci/devices/peci-0/0-30/peci-cputemp.0/hwmon/hwmon12/temp2_crit: 100 - Jan 01 00:06:06 intel-obmc cpusensor[461]: DTS_CPU1: new threshold value 92 - Jan 01 00:06:06 intel-obmc cpusensor[461]: DTS_CPU1: new threshold value 100 - -The above message will be logged when BMC reset or host resets. - -Signed-off-by: Zhikui Ren <zhikui.ren@intel.com> ---- - src/CPUSensor.cpp | 5 +++++ - src/Thresholds.cpp | 7 ++----- - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/src/CPUSensor.cpp b/src/CPUSensor.cpp -index fefd89a..de33f9b 100644 ---- a/src/CPUSensor.cpp -+++ b/src/CPUSensor.cpp -@@ -315,6 +315,7 @@ void CPUSensor::handleResponse(const boost::system::error_code& err) - : std::numeric_limits<double>::quiet_NaN(); - if (gTcontrol != privTcontrol) - { -+ std::cout << name << ": Tcontrol changed from " << privTcontrol << " to " << gTcontrol << "\n"; - privTcontrol = gTcontrol; - - if (!thresholds.empty()) -@@ -333,6 +334,10 @@ void CPUSensor::handleResponse(const boost::system::error_code& err) - thresholds::updateThresholds(this); - } - } -+ for (auto& threshold : thresholds) -+ { -+ std::cout << name << ": new threshold value " << threshold.value << "\n"; -+ } - } - else - { -diff --git a/src/Thresholds.cpp b/src/Thresholds.cpp -index 84df7cf..d1e04eb 100644 ---- a/src/Thresholds.cpp -+++ b/src/Thresholds.cpp -@@ -592,11 +592,8 @@ bool parseThresholdsFromAttr( - if (auto val = readFile(attrPath, scaleFactor)) - { - *val += offset; -- if (debug) -- { -- std::cout << "Threshold: " << attrPath << ": " << *val -- << "\n"; -- } -+ std::cout << "Threshold: " << attrPath << ": " << *val -+ << "\n"; - thresholdVector.emplace_back(level, direction, *val); - } - } --- -2.17.1 - diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0008-CPUSensor-update-threshold-when-Tcontrol-changes.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0008-CPUSensor-update-threshold-when-Tcontrol-changes.patch new file mode 100644 index 000000000..17fd0436e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0008-CPUSensor-update-threshold-when-Tcontrol-changes.patch @@ -0,0 +1,170 @@ +From 0f38d31ab5812e3791b4394b7e8adae44a2c2fb1 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren <zhikui.ren@intel.com> +Date: Tue, 22 Jun 2021 14:49:44 -0700 +Subject: [PATCH] CPUSensor: update threshold when Tcontrol changes + +CPUSensor threshold values are derived from thermal target Tcontrol. +When a new Tcontrol value is returned from PECI, thresholds values are +updated by reading from tempx_crit and tempx_max in hwmon directory. +The issue is that if the read fails, thresholds can get deleted and +they don't get added back. Fix the issue by only update the thresholds +when new threshold values are read successfully. + +Another issue is that, currently, thresholds interfaces do not get +created if the read from the limit file fails because resource is +unavailable at the init time. Thresholds interfaces do not get added +even after resource become available. Create the thresholds interfaces +with NaN as the value if the limit files exist. Values get updated when +resources gets available. This is a workaround until dbus-sensors is +refactored to support dynamically create threshold interfaces. + +Add debug message to capture more information on threshold changes. + +Example output - DTS threshold changes when Tcontrol was first read + Jan 01 00:06:06 intel-obmc cpusensor[461]: DTS_CPU1: Tcontrol changed from nan to 92 + Jan 01 00:06:06 intel-obmc cpusensor[461]: Threshold: /sys/bus/peci/devices/peci-0/0-30/peci-cputemp.0/hwmon/hwmon12/temp2_max: 92 + Jan 01 00:06:06 intel-obmc cpusensor[461]: Threshold: /sys/bus/peci/devices/peci-0/0-30/peci-cputemp.0/hwmon/hwmon12/temp2_crit: 100 + Jan 01 00:06:06 intel-obmc cpusensor[461]: DTS_CPU1: new threshold value 92 + Jan 01 00:06:06 intel-obmc cpusensor[461]: DTS_CPU1: new threshold value 100 + +The above message will be logged when BMC reset or host resets. + +Signed-off-by: Zhikui Ren <zhikui.ren@intel.com> +Change-Id: I24ade7751a6b2802c8eaef9a52d2578fff11da75 + +--- + include/Utils.hpp | 2 +- + src/CPUSensor.cpp | 39 +++++++++++++++++++++++++-------------- + src/Thresholds.cpp | 13 +++++++------ + src/Utils.cpp | 7 ++++++- + 4 files changed, 39 insertions(+), 22 deletions(-) + +diff --git a/include/Utils.hpp b/include/Utils.hpp +index 0a89d13..f5939c7 100644 +--- a/include/Utils.hpp ++++ b/include/Utils.hpp +@@ -324,6 +324,6 @@ struct GetSensorConfiguration : + std::optional<std::tuple<std::string, std::string, std::string>> + splitFileName(const std::filesystem::path& filePath); + std::optional<double> readFile(const std::string& thresholdFile, +- const double& scaleFactor); ++ const double& scaleFactor, bool nanOk = false); + void setupManufacturingModeMatch(sdbusplus::asio::connection& conn); + bool getManufacturingMode(); +diff --git a/src/CPUSensor.cpp b/src/CPUSensor.cpp +index fefd89a..4671e6a 100644 +--- a/src/CPUSensor.cpp ++++ b/src/CPUSensor.cpp +@@ -313,19 +313,21 @@ void CPUSensor::handleResponse(const boost::system::error_code& err) + double gTcontrol = gCpuSensors[nameTcontrol] + ? gCpuSensors[nameTcontrol]->value + : std::numeric_limits<double>::quiet_NaN(); +- if (gTcontrol != privTcontrol) ++ if (std::isfinite(gTcontrol) && (gTcontrol != privTcontrol)) + { +- privTcontrol = gTcontrol; +- +- if (!thresholds.empty()) ++ // update thresholds when ++ // 1) A different valid Tcontrol value is received ++ // 2) New threshold values have been read successfully ++ // Note: current thresholds can be empty if hwmon attr was not ++ // ready when sensor was first created ++ std::vector<thresholds::Threshold> newThresholds; ++ if (parseThresholdsFromAttr(newThresholds, path, scaleFactor, ++ dtsOffset)) + { +- std::vector<thresholds::Threshold> newThresholds; +- if (parseThresholdsFromAttr(newThresholds, path, +- scaleFactor, dtsOffset)) ++ if (!std::equal(thresholds.begin(), thresholds.end(), ++ newThresholds.begin(), newThresholds.end())) + { +- if (!std::equal(thresholds.begin(), thresholds.end(), +- newThresholds.begin(), +- newThresholds.end())) ++ if (!newThresholds.empty()) + { + thresholds = newThresholds; + if (show) +@@ -333,13 +335,22 @@ void CPUSensor::handleResponse(const boost::system::error_code& err) + thresholds::updateThresholds(this); + } + } +- } +- else +- { +- std::cerr << "Failure to update thresholds for " << name ++ std::cout << name << ": Tcontrol changed from " ++ << privTcontrol << " to " << gTcontrol + << "\n"; ++ for (auto& threshold : thresholds) ++ { ++ std::cout << name << ": new threshold value " ++ << threshold.value << "\n"; ++ } + } + } ++ else ++ { ++ std::cerr << "Failure to update thresholds for " << name ++ << "\n"; ++ } ++ privTcontrol = gTcontrol; + } + } + catch (const std::invalid_argument&) +diff --git a/src/Thresholds.cpp b/src/Thresholds.cpp +index 84df7cf..aef084e 100644 +--- a/src/Thresholds.cpp ++++ b/src/Thresholds.cpp +@@ -589,14 +589,15 @@ bool parseThresholdsFromAttr( + auto& [suffix, level, direction, offset] = t; + auto attrPath = + boost::replace_all_copy(inputPath, item, suffix); +- if (auto val = readFile(attrPath, scaleFactor)) ++ //create threshold with value NaN if file exists ++ //read can fail because resource is busy ++ //This allows thresholds interfaces created during init ++ //values will be updated when resource is available later. ++ if (auto val = readFile(attrPath, scaleFactor, true)) + { + *val += offset; +- if (debug) +- { +- std::cout << "Threshold: " << attrPath << ": " << *val +- << "\n"; +- } ++ std::cout << "Threshold: " << attrPath << ": " << *val ++ << "\n"; + thresholdVector.emplace_back(level, direction, *val); + } + } +diff --git a/src/Utils.cpp b/src/Utils.cpp +index 6d017ec..ef709f6 100644 +--- a/src/Utils.cpp ++++ b/src/Utils.cpp +@@ -554,7 +554,7 @@ void createInventoryAssoc( + } + + std::optional<double> readFile(const std::string& thresholdFile, +- const double& scaleFactor) ++ const double& scaleFactor, bool nanOk) + { + std::string line; + std::ifstream labelFile(thresholdFile); +@@ -569,6 +569,11 @@ std::optional<double> readFile(const std::string& thresholdFile, + } + catch (const std::invalid_argument&) + { ++ if (nanOk) ++ { ++ //indicate file exists, but read failed ++ return std::numeric_limits<double>::quiet_NaN(); ++ } + return std::nullopt; + } + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend index 09a2a50ed..8f7440120 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend @@ -13,7 +13,7 @@ SRC_URI += "\ file://0005-Fix-PECI-ioctl-number.patch \ file://0006-CPUSensor-create-RequirediTempSensor-if-defined.patch \ file://0007-Add-support-for-the-energy-hwmon-type.patch \ - file://0008-CPUSensor-additional-debug-message.patch \ + file://0008-CPUSensor-update-threshold-when-Tcontrol-changes.patch \ file://0009-CPUSensor-Create-CPUConfig-for-each-PECI-adapter.patch \ file://0010-Add-support-for-Get-PMBUS-Readings-method.patch \ file://0011-Fix-for-cpusensor-going-into-D-state.patch \ |