From e0d055002bb720caca90e84acc4c13aa29135cae Mon Sep 17 00:00:00 2001 From: "Jason M. Bills" Date: Mon, 22 Feb 2021 13:16:32 -0800 Subject: Update to internal 1.00-70 Signed-off-by: Jason M. Bills --- meta-openbmc-mods/conf/machine/include/intel.inc | 2 + ...andomness-of-uuid-values-on-RANDOM_UUID-y.patch | 160 +++++++++++ .../recipes-bsp/u-boot/u-boot-aspeed_%.bbappend | 1 + .../configuration/entity-manager/WC-Chassis.json | 10 +- ...l-threshold-timer-in-adcsensor-destructor.patch | 152 ++++++++++ ...ensor-Fix-SMBus-configuration-for-VR-Temp.patch | 152 ++++++++++ ...hold-assertion-events-for-cpu-adc-sensors.patch | 317 +++++++++++++++++++++ ...boundary-checking-in-Texitair-calculation.patch | 237 +++++++++++++++ ...or-use-tmp-power-state-file-for-threshold.patch | 50 ++++ .../sensors/dbus-sensors_%.bbappend | 5 + .../recipes-connectivity/openssl/openssl_1.1.1g.bb | 211 -------------- .../recipes-connectivity/openssl/openssl_1.1.1i.bb | 211 ++++++++++++++ ...incorrect-UCS4-inner-loop-bounds-BZ-26923.patch | 151 ++++++++++ ...rrun-in-EUC-KR-conversion-module-BZ-24973.patch | 133 +++++++++ .../recipes-core/glibc/glibc_%.bbappend | 5 + .../0001-disable-PSU-cold-redundancy.patch | 73 ----- .../recipes-intel/smbios/smbios-mdrv2.bb | 2 +- .../0126-Adjust-soc-modules-probing-order.patch | 39 +++ .../1002-Filter-erroneous-adc-readings.patch | 2 +- ...03-Die_CPU-filter-first-zero-from-GetTemp.patch | 60 ++++ ...CPU-filter-first-zero-from-RdPkgConfig-10.patch | 64 +++++ ...re-Correctly-handle-ReportSize-being-zero.patch | 65 +++++ ...a-reference-on-files-added-to-the-check-l.patch | 68 +++++ ...-race-in-trace_open-and-buffer-resize-cal.patch | 60 ++++ ...t-ring-xenblkd-to-null-after-kthread-stop.patch | 54 ++++ .../recipes-kernel/linux/linux-aspeed_%.bbappend | 27 ++ ...r-pid-control-crash-when-fail-to-create-p.patch | 122 ++++++++ .../fans/phosphor-pid-control_%.bbappend | 1 + ...001-Avoid-negated-postcode-write-to-D-Bus.patch | 55 ++++ .../host/phosphor-host-postd_%.bbappend | 6 + .../host/phosphor-host-postd_git.bbappend | 1 - .../0039-Return-InternalError-on-DBus-error.patch | 41 +++ .../0040-Add-boundary-check-to-avoid-crash.patch | 58 ++++ ...mp-Redfish-Event-Log-Unique-ID-Generation.patch | 225 +++++++++++++++ .../recipes-phosphor/interfaces/bmcweb_%.bbappend | 3 + ...001-Fix-for-intrusionsensor-service-crash.patch | 41 +++ .../sensors/dbus-sensors_%.bbappend | 1 + .../0008-Remove-ldap-dependencies.patch | 29 ++ .../users/phosphor-user-manager_%.bbappend | 3 + .../webui/phosphor-webui_%.bbappend | 2 +- .../0001-replace-krb5-config-with-pkg-config.patch | 44 +++ .../recipes-support/curl/curl_7.74.0.bb | 81 ++++++ ...0002-save-current-power-state-in-tmp-file.patch | 86 ++++++ .../chassis/x86-power-control_%.bbappend | 1 + 44 files changed, 2818 insertions(+), 293 deletions(-) create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0014-Cancel-threshold-timer-in-adcsensor-destructor.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0015-IpmbSensor-Fix-SMBus-configuration-for-VR-Temp.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0017-Add-more-boundary-checking-in-Texitair-calculation.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1g.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend delete mode 100644 meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0126-Adjust-soc-modules-probing-order.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1003-Die_CPU-filter-first-zero-from-GetTemp.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1004-DTS_CPU-filter-first-zero-from-RdPkgConfig-10.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0465/0001-HID-core-Correctly-handle-ReportSize-being-zero.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0466/0001-epoll-Keep-a-reference-on-files-added-to-the-check-l.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-29569/0001-xen-blkback-set-ring-xenblkd-to-null-after-kthread-stop.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control/0003-fix-phosphor-pid-control-crash-when-fail-to-create-p.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0001-Avoid-negated-postcode-write-to-D-Bus.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend delete mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_git.bbappend create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0039-Return-InternalError-on-DBus-error.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0040-Add-boundary-check-to-avoid-crash.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0001-Fix-for-intrusionsensor-service-crash.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager/0008-Remove-ldap-dependencies.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0002-save-current-power-state-in-tmp-file.patch diff --git a/meta-openbmc-mods/conf/machine/include/intel.inc b/meta-openbmc-mods/conf/machine/include/intel.inc index 8f1c9403e..166f458ec 100644 --- a/meta-openbmc-mods/conf/machine/include/intel.inc +++ b/meta-openbmc-mods/conf/machine/include/intel.inc @@ -27,3 +27,5 @@ PREFERRED_PROVIDER_virtual/phosphor-led-manager-config-native ?= "intel-led-mana # add all the upstream intel override fixes OVERRIDES .= ":intel" +DISTRO_FEATURES_remove = "ldap" +DISTRO_FEATURES_DEFAULT_remove = "ldap" \ No newline at end of file diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch new file mode 100644 index 000000000..2e960ae58 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch @@ -0,0 +1,160 @@ +From patchwork Tue Apr 30 02:53:47 2019 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Eugeniu Rosca +X-Patchwork-Id: 1092945 +X-Patchwork-Delegate: xypron.glpk@gmx.de +Return-Path: +X-Original-To: incoming@patchwork.ozlabs.org +Delivered-To: patchwork-incoming@bilbo.ozlabs.org +Authentication-Results: ozlabs.org; + spf=none (mailfrom) smtp.mailfrom=lists.denx.de + (client-ip=81.169.180.215; helo=lists.denx.de; + envelope-from=u-boot-bounces@lists.denx.de; + receiver=) +Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) + header.from=de.adit-jv.com +Received: from lists.denx.de (dione.denx.de [81.169.180.215]) + by ozlabs.org (Postfix) with ESMTP id 44tR5425wgz9s9N + for ; + Tue, 30 Apr 2019 12:56:56 +1000 (AEST) +Received: by lists.denx.de (Postfix, from userid 105) + id 0D1ECC21E13; Tue, 30 Apr 2019 02:55:52 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de +X-Spam-Level: +X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable + autolearn_force=no version=3.4.0 +Received: from lists.denx.de (localhost [IPv6:::1]) + by lists.denx.de (Postfix) with ESMTP id C6B77C21DFB; + Tue, 30 Apr 2019 02:55:49 +0000 (UTC) +Received: by lists.denx.de (Postfix, from userid 105) + id 8E8ADC21DFA; Tue, 30 Apr 2019 02:55:25 +0000 (UTC) +Received: from smtp1.de.adit-jv.com (smtp1.de.adit-jv.com [93.241.18.167]) + by lists.denx.de (Postfix) with ESMTPS id A4EF5C21DA1 + for ; Tue, 30 Apr 2019 02:55:24 +0000 (UTC) +Received: from localhost (smtp1.de.adit-jv.com [127.0.0.1]) + by smtp1.de.adit-jv.com (Postfix) with ESMTP id 838C73C013A; + Tue, 30 Apr 2019 04:55:24 +0200 (CEST) +Received: from smtp1.de.adit-jv.com ([127.0.0.1]) + by localhost (smtp1.de.adit-jv.com [127.0.0.1]) (amavisd-new, + port 10024) + with ESMTP id ek0voy46TSnZ; Tue, 30 Apr 2019 04:55:17 +0200 (CEST) +Received: from HI2EXCH01.adit-jv.com (hi2exch01.adit-jv.com [10.72.92.24]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) + (No client certificate requested) + by smtp1.de.adit-jv.com (Postfix) with ESMTPS id D04A33C00DD; + Tue, 30 Apr 2019 04:55:17 +0200 (CEST) +Received: from vmlxhi-102.adit-jv.com (10.72.93.184) by HI2EXCH01.adit-jv.com + (10.72.92.24) with Microsoft SMTP Server (TLS) id 14.3.439.0; + Tue, 30 Apr 2019 04:55:17 +0200 +From: Eugeniu Rosca +To: Lukasz Majewski , Heinrich Schuchardt , + Simon Glass , Marek Vasut , + Stephen Warren , Roman Stratiienko + , +Date: Tue, 30 Apr 2019 04:53:47 +0200 +Message-ID: <20190430025347.3097-5-erosca@de.adit-jv.com> +X-Mailer: git-send-email 2.21.0 +In-Reply-To: <20190430025347.3097-1-erosca@de.adit-jv.com> +References: <20190430025347.3097-1-erosca@de.adit-jv.com> +MIME-Version: 1.0 +X-Originating-IP: [10.72.93.184] +Cc: Eugeniu Rosca , + Eugeniu Rosca +Subject: [U-Boot] [PATCH 4/4] lib: uuid: Improve randomness of uuid values + on RANDOM_UUID=y +X-BeenThere: u-boot@lists.denx.de +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: U-Boot discussion +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Errors-To: u-boot-bounces@lists.denx.de +Sender: "U-Boot" + +The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our +platform are always the same. Below is consistent on each cold boot: + + => ### interrupt autoboot + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2 + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3 + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4 + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d + => env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc + ... + uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7 + +While the uuids do change on every 'gpt write' command, the values +appear to be taken from the same pool, in the same order. + +As a user, I expect a trully random uuid value in the above example. +Otherwise, system/RFS designers and OS people might assume they have +a reliable/consistent uuid passed by the bootloader, while the truth +is U-Boot simply lacks entropy to generate a random string. + +In its first attempt [1] to improve the uuid randomness, this patch +updated the seed based on the output of get_timer(), similar to [2]. + +There are two problems with this approach: + - get_timer() has a poor _ms_ resolution + - when gen_rand_uuid() is called in a loop, get_timer() returns the + same result, leading to the same seed being passed to srand(), + leading to the same uuid being generated for several partitions + with different names + +This second patch addresses both drawbacks. + +My R-Car3 testing [3] consists of running 'gpt write mmc 1 $partitions' +in a loop for several minutes collecting 8844 randomly generated UUIDS. +Two consecutive cold boots are concatenated in the log. As a result, +all uuid values are unique (scripted check). + +Thanks to Roman, who reported the issue and provided support in fixing. + +[1] https://patchwork.ozlabs.org/patch/1091802/ +[2] commit da384a9d7628 ("net: rename and refactor eth_rand_ethaddr() function") +[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca + => while true; do \ + env default -a; \ + gpt write mmc 1 $partitions; \ + print; done + +Reported-by: Roman Stratiienko +Signed-off-by: Eugeniu Rosca +--- +v2: + - Replaced get_timer(0) with get_ticks() and added rand() to seed value + - Performed extensive testing on R-Car3 (ARMv8) +v1: + - https://patchwork.ozlabs.org/patch/1091802/ +--- + lib/uuid.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/uuid.c b/lib/uuid.c +index fa20ee39fc32..2d4d6ef7e461 100644 +--- a/lib/uuid.c ++++ b/lib/uuid.c +@@ -238,6 +238,8 @@ void gen_rand_uuid(unsigned char *uuid_bin) + unsigned int *ptr = (unsigned int *)&uuid; + int i; + ++ srand(get_ticks() + rand()); ++ + /* Set all fields randomly */ + for (i = 0; i < sizeof(struct uuid) / sizeof(*ptr); i++) + *(ptr + i) = cpu_to_be32(rand()); diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend index 6cc1e960c..f5dd88f7a 100644 --- a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend @@ -50,6 +50,7 @@ SRC_URI_append_intel-ast2500 = " \ file://0051-Add-Aspeed-DRAM-stress-test-command.patch \ file://0052-Fix-issue-on-host-console-is-broken-due-to-BMC-reset.patch \ file://0053-Disable-SoC-debug-feature.patch \ + file://0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch \ " # CVE-2020-10648 vulnerability fix SRC_URI_append_intel-ast2500 = " \ diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/configuration/entity-manager/WC-Chassis.json b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/configuration/entity-manager/WC-Chassis.json index ad10d87a4..b0207db97 100644 --- a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/configuration/entity-manager/WC-Chassis.json +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/configuration/entity-manager/WC-Chassis.json @@ -127,9 +127,9 @@ "Type": "AspeedFan" }, { - "C1": 92.16, - "C2": 107.52, - "MaxCFM": 17.5, + "C1": 60.0, + "C2": 66.0, + "MaxCFM": 71.3, "Name": "System Airflow", "TachMaxPercent": 100, "TachMinPercent": 20, @@ -180,8 +180,8 @@ "Name": "Exit Air Temp", "PowerFactorMax": 1.2, "PowerFactorMin": 0.9, - "QMax": 165, - "QMin": 31, + "QMax": 280, + "QMin": 60, "Thresholds": [ { "Direction": "greater than", diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0014-Cancel-threshold-timer-in-adcsensor-destructor.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0014-Cancel-threshold-timer-in-adcsensor-destructor.patch new file mode 100644 index 000000000..50802ecd9 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0014-Cancel-threshold-timer-in-adcsensor-destructor.patch @@ -0,0 +1,152 @@ +From f932b8213b30fd5c4b4ee080b3829b1262698286 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Tue, 29 Dec 2020 14:58:35 -0800 +Subject: [PATCH] Cancel threshold timer in adcsensor destructor + +Before this change, threshold timer gets cancelled when adcsensor member +variables are destructed. Cancel the timers earlier by clear the timers +explicitly in the destructor function. +This may not be a full proof fix, but it would reduce the time window for the +race condition between timer call back and sensor destruction. +Also use weak pointer for Sensor may be a more robust fix, but it is a bigger change. + +Tested: +Ran more than 1000 dc cycles without adcsensor crash. + +Signed-off-by: Zhikui Ren +--- + include/CPUSensor.hpp | 2 +- + include/Thresholds.hpp | 51 ++++++++++++++++++++++++++++-------------- + src/ADCSensor.cpp | 4 +++- + src/CPUSensor.cpp | 2 +- + 4 files changed, 39 insertions(+), 20 deletions(-) + +diff --git a/include/CPUSensor.hpp b/include/CPUSensor.hpp +index 4f8f52c..cc16337 100644 +--- a/include/CPUSensor.hpp ++++ b/include/CPUSensor.hpp +@@ -17,7 +17,7 @@ + #include + #include + +-class CPUSensor : public Sensor ++class CPUSensor : public Sensor, public std::enable_shared_from_this + { + public: + CPUSensor(const std::string& path, const std::string& objectType, +diff --git a/include/Thresholds.hpp b/include/Thresholds.hpp +index 1d1b1b5..94c9c01 100644 +--- a/include/Thresholds.hpp ++++ b/include/Thresholds.hpp +@@ -63,10 +63,21 @@ using TimerPair = std::pair; + struct ThresholdTimer + { + +- ThresholdTimer(boost::asio::io_service& ioService, Sensor* sensor) : +- io(ioService), sensor(sensor) ++ ThresholdTimer(boost::asio::io_service& ioService, ++ std::weak_ptr sensor) : ++ io(ioService), ++ sensor(sensor) + {} + ++ void stopAll() ++ { ++ for (TimerPair& timer : timers) ++ { ++ if (timer.first.used) ++ timer.second.cancel(); ++ } ++ } ++ + bool hasActiveTimer(const Threshold& threshold, bool assert) + { + for (TimerPair& timer : timers) +@@ -129,28 +140,34 @@ struct ThresholdTimer + pair->second.expires_from_now(boost::posix_time::seconds(waitTime)); + pair->second.async_wait([this, pair, threshold, assert, + assertValue](boost::system::error_code ec) { +- pair->first.used = false; +- +- if (ec == boost::asio::error::operation_aborted) +- { +- return; // we're being canceled +- } +- else if (ec) ++ auto sptrSensor = sensor.lock(); ++ if (sptrSensor) + { +- std::cerr << "timer error: " << ec.message() << "\n"; +- return; +- } +- if (isPowerOn()) +- { +- assertThresholds(sensor, assertValue, threshold.level, +- threshold.direction, assert); ++ ++ pair->first.used = false; ++ ++ if (ec == boost::asio::error::operation_aborted) ++ { ++ return; // we're being canceled ++ } ++ else if (ec) ++ { ++ std::cerr << "timer error: " << ec.message() << "\n"; ++ return; ++ } ++ if (isPowerOn()) ++ { ++ assertThresholds(sptrSensor.get(), assertValue, ++ threshold.level, threshold.direction, ++ assert); ++ } + } + }); + } + + boost::asio::io_service& io; + std::list timers; +- Sensor* sensor; ++ std::weak_ptr sensor; + }; + + bool parseThresholdsFromConfig( +diff --git a/src/ADCSensor.cpp b/src/ADCSensor.cpp +index 5592672..ba97ffa 100644 +--- a/src/ADCSensor.cpp ++++ b/src/ADCSensor.cpp +@@ -60,7 +60,7 @@ ADCSensor::ADCSensor(const std::string& path, + std::enable_shared_from_this(), objServer(objectServer), + inputDev(io, open(path.c_str(), O_RDONLY)), waitTimer(io), path(path), + scaleFactor(scaleFactor), bridgeGpio(std::move(bridgeGpio)), +- thresholdTimer(io, this) ++ thresholdTimer(io, weak_from_this()) + { + sensorInterface = objectServer.add_interface( + "/xyz/openbmc_project/sensors/voltage/" + name, +@@ -99,6 +99,8 @@ ADCSensor::~ADCSensor() + // close the input dev to cancel async operations + inputDev.close(); + waitTimer.cancel(); ++ // cancel all threshold timers ++ thresholdTimer.stopAll(); + + objServer.remove_interface(thresholdInterfaceWarning); + objServer.remove_interface(thresholdInterfaceCritical); +diff --git a/src/CPUSensor.cpp b/src/CPUSensor.cpp +index 52d2a32..ad08dcf 100644 +--- a/src/CPUSensor.cpp ++++ b/src/CPUSensor.cpp +@@ -48,7 +48,7 @@ CPUSensor::CPUSensor(const std::string& path, const std::string& objectType, + objServer(objectServer), busConn(conn), inputDev(io), waitTimer(io), + path(path), privTcontrol(std::numeric_limits::quiet_NaN()), + dtsOffset(dtsOffset), show(show), pollTime(CPUSensor::sensorPollMs), +- thresholdTimer(io, this) ++ thresholdTimer(io, weak_from_this()) + { + nameTcontrol = labelTcontrol; + nameTcontrol += " CPU" + std::to_string(cpuId); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0015-IpmbSensor-Fix-SMBus-configuration-for-VR-Temp.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0015-IpmbSensor-Fix-SMBus-configuration-for-VR-Temp.patch new file mode 100644 index 000000000..bac61d016 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0015-IpmbSensor-Fix-SMBus-configuration-for-VR-Temp.patch @@ -0,0 +1,152 @@ +From 21a623e55e9861c2167d2eb7d4cec02a95b9215f Mon Sep 17 00:00:00 2001 +From: Anoop S +Date: Fri, 20 Nov 2020 19:21:22 +0000 +Subject: [PATCH] IpmbSensor:Fix SMBus configuration for VR Temp. + +The SMBus index configuration for VR Temp sensor is different +for some platforms. +Hence, SMBus index in which these sensors are connected +is made as D-Bus property, read from xx_baseboard.json file. +Also, sensor read request commands modified to use this value. + +Tested : + 1.Dediprog and redfish flash the different platforms, + with[SMBus index read from json file] and + without[default SMBus index =3] this configuration change. + - System up and running. + - VR Temp sensor and other sensor readings shows + correctly in 'ipmitool sensor list' output. + +Signed-off-by: Anoop S +Change-Id: Ia106f1c699f5f1515c90585309a65ede37906f18 +--- + include/IpmbSensor.hpp | 4 +++- + src/IpmbSensor.cpp | 42 ++++++++++++++++++++++++++++-------------- + 2 files changed, 31 insertions(+), 15 deletions(-) + +diff --git a/include/IpmbSensor.hpp b/include/IpmbSensor.hpp +index 3b3ee15..efc728a 100644 +--- a/include/IpmbSensor.hpp ++++ b/include/IpmbSensor.hpp +@@ -80,7 +80,8 @@ struct IpmbSensor : public Sensor + const std::string& sensorConfiguration, + sdbusplus::asio::object_server& objectServer, + std::vector&& thresholds, +- uint8_t deviceAddress, std::string& sensorTypeName); ++ uint8_t deviceAddress, uint8_t hostSMbusIndex, ++ std::string& sensorTypeName); + ~IpmbSensor(); + + void checkThresholds(void) override; +@@ -99,6 +100,7 @@ struct IpmbSensor : public Sensor + uint8_t command; + uint8_t deviceAddress; + uint8_t errorCount; ++ uint8_t hostSMbusIndex; + std::vector commandData; + std::optional initCommand; + std::vector initData; +diff --git a/src/IpmbSensor.cpp b/src/IpmbSensor.cpp +index 983e6d4..557cc2e 100644 +--- a/src/IpmbSensor.cpp ++++ b/src/IpmbSensor.cpp +@@ -49,6 +49,7 @@ static constexpr double ipmbMinReading = 0; + + static constexpr uint8_t meAddress = 1; + static constexpr uint8_t lun = 0; ++static constexpr uint8_t hostSMbusIndexDefault = 0x03; + + static constexpr const char* sensorPathPrefix = "/xyz/openbmc_project/sensors/"; + +@@ -65,13 +66,14 @@ IpmbSensor::IpmbSensor(std::shared_ptr& conn, + const std::string& sensorConfiguration, + sdbusplus::asio::object_server& objectServer, + std::vector&& thresholdData, +- uint8_t deviceAddress, std::string& sensorTypeName) : ++ uint8_t deviceAddress, uint8_t hostSMbusIndex, ++ std::string& sensorTypeName) : + Sensor(boost::replace_all_copy(sensorName, " ", "_"), + std::move(thresholdData), sensorConfiguration, + "xyz.openbmc_project.Configuration.ExitAirTemp", ipmbMaxReading, + ipmbMinReading, PowerState::on), +- deviceAddress(deviceAddress), objectServer(objectServer), +- dbusConnection(conn), waitTimer(io) ++ deviceAddress(deviceAddress), hostSMbusIndex(hostSMbusIndex), ++ objectServer(objectServer), dbusConnection(conn), waitTimer(io) + { + std::string dbusPath = sensorPathPrefix + sensorTypeName + "/" + name; + +@@ -150,11 +152,13 @@ void IpmbSensor::loadDefaults() + command = ipmi::me_bridge::sendRawPmbus; + initCommand = ipmi::me_bridge::sendRawPmbus; + // pmbus read temp +- commandData = {0x57, 0x01, 0x00, 0x16, 0x3, deviceAddress, 0x00, +- 0x00, 0x00, 0x00, 0x01, 0x02, 0x8d}; ++ commandData = {0x57, 0x01, 0x00, 0x16, hostSMbusIndex, ++ deviceAddress, 0x00, 0x00, 0x00, 0x00, ++ 0x01, 0x02, 0x8d}; + // goto page 0 +- initData = {0x57, 0x01, 0x00, 0x14, 0x03, deviceAddress, 0x00, +- 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00}; ++ initData = {0x57, 0x01, 0x00, 0x14, hostSMbusIndex, ++ deviceAddress, 0x00, 0x00, 0x00, 0x00, ++ 0x02, 0x00, 0x00, 0x00}; + readingFormat = ReadingFormat::elevenBit; + } + else if (type == IpmbType::IR38363VR) +@@ -163,8 +167,9 @@ void IpmbSensor::loadDefaults() + netfn = ipmi::me_bridge::netFn; + command = ipmi::me_bridge::sendRawPmbus; + // pmbus read temp +- commandData = {0x57, 0x01, 0x00, 0x16, 0x03, deviceAddress, 00, +- 0x00, 0x00, 0x00, 0x01, 0x02, 0x8D}; ++ commandData = {0x57, 0x01, 0x00, 0x16, hostSMbusIndex, ++ deviceAddress, 00, 0x00, 0x00, 0x00, ++ 0x01, 0x02, 0x8D}; + readingFormat = ReadingFormat::elevenBitShift; + } + else if (type == IpmbType::ADM1278HSC) +@@ -203,11 +208,13 @@ void IpmbSensor::loadDefaults() + command = ipmi::me_bridge::sendRawPmbus; + initCommand = ipmi::me_bridge::sendRawPmbus; + // pmbus read temp +- commandData = {0x57, 0x01, 0x00, 0x16, 0x3, deviceAddress, 0x00, +- 0x00, 0x00, 0x00, 0x01, 0x02, 0x8d}; ++ commandData = {0x57, 0x01, 0x00, 0x16, hostSMbusIndex, ++ deviceAddress, 0x00, 0x00, 0x00, 0x00, ++ 0x01, 0x02, 0x8d}; + // goto page 0 +- initData = {0x57, 0x01, 0x00, 0x14, 0x03, deviceAddress, 0x00, +- 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00}; ++ initData = {0x57, 0x01, 0x00, 0x14, hostSMbusIndex, ++ deviceAddress, 0x00, 0x00, 0x00, 0x00, ++ 0x02, 0x00, 0x00, 0x00}; + readingFormat = ReadingFormat::byte3; + } + else +@@ -413,6 +420,13 @@ void createSensors( + + std::string sensorClass = + loadVariant(entry.second, "Class"); ++ uint8_t hostSMbusIndex = hostSMbusIndexDefault; ++ auto findSmType = entry.second.find("HostSMbusIndex"); ++ if (findSmType != entry.second.end()) ++ { ++ hostSMbusIndex = std::visit( ++ VariantToUnsignedIntVisitor(), findSmType->second); ++ } + + /* Default sensor type is "temperature" */ + std::string sensorTypeName = "temperature"; +@@ -427,7 +441,7 @@ void createSensors( + sensor = std::make_unique( + dbusConnection, io, name, pathPair.first, objectServer, + std::move(sensorThresholds), deviceAddress, +- sensorTypeName); ++ hostSMbusIndex, sensorTypeName); + + /* Initialize scale and offset value */ + sensor->scaleVal = 1; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch new file mode 100644 index 000000000..2a9f0736f --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch @@ -0,0 +1,317 @@ +From 0ad5c0e1f045b632f6edd0445d531c3f224bd481 Mon Sep 17 00:00:00 2001 +From: AppaRao Puli +Date: Thu, 14 Jan 2021 12:45:01 +0530 +Subject: [PATCH] Fix threshold assertion events for cpu/adc sensors + +This commit fixes the missing threshold assertion +or deassertion events. Using "weak_from_this()" in +constructor is not advisable as this makes the pointer +with empty object. + +Tested: + - Thresholds are getting logged properly for both threshold + changes and sensor value overrides. + +Change-Id: I2c7a64bd2da7b21b912d7e7f24bc99ffef2bb325 +Signed-off-by: AppaRao Puli +--- + include/ADCSensor.hpp | 4 +++- + include/CPUSensor.hpp | 6 ++++-- + include/Thresholds.hpp | 34 +++++++++++++++++++++------------- + src/ADCSensor.cpp | 17 ++++++++++++----- + src/ADCSensorMain.cpp | 1 + + src/CPUSensor.cpp | 18 ++++++++++++++---- + src/CPUSensorMain.cpp | 5 +++-- + src/Thresholds.cpp | 11 ++++++----- + 8 files changed, 64 insertions(+), 32 deletions(-) + +diff --git a/include/ADCSensor.hpp b/include/ADCSensor.hpp +index 800e1fc..c8e989e 100644 +--- a/include/ADCSensor.hpp ++++ b/include/ADCSensor.hpp +@@ -72,8 +72,10 @@ class ADCSensor : public Sensor, public std::enable_shared_from_this + std::optional&& bridgeGpio); + ~ADCSensor(); + void setupRead(void); ++ void setupThresholdTimer(void); + + private: ++ boost::asio::io_service& ioService; + sdbusplus::asio::object_server& objServer; + boost::asio::posix::stream_descriptor inputDev; + boost::asio::deadline_timer waitTimer; +@@ -81,7 +83,7 @@ class ADCSensor : public Sensor, public std::enable_shared_from_this + std::string path; + double scaleFactor; + std::optional bridgeGpio; +- thresholds::ThresholdTimer thresholdTimer; ++ std::shared_ptr thresholdTimer; + void handleResponse(const boost::system::error_code& err); + void checkThresholds(void) override; + }; +diff --git a/include/CPUSensor.hpp b/include/CPUSensor.hpp +index cc16337..603ee90 100644 +--- a/include/CPUSensor.hpp ++++ b/include/CPUSensor.hpp +@@ -28,6 +28,7 @@ class CPUSensor : public Sensor, public std::enable_shared_from_this + const std::string& configuration, int cpuId, bool show, + double dtsOffset); + ~CPUSensor(); ++ void setupThresholdTimer(void); + static constexpr unsigned int sensorScaleFactor = 1000; + static constexpr unsigned int sensorPollMs = 1000; + static constexpr size_t warnAfterErrorCount = 10; +@@ -37,6 +38,7 @@ class CPUSensor : public Sensor, public std::enable_shared_from_this + + private: + sdbusplus::asio::object_server& objServer; ++ boost::asio::io_service& ioService; + std::shared_ptr& busConn; + boost::asio::posix::stream_descriptor inputDev; + boost::asio::deadline_timer waitTimer; +@@ -50,12 +52,12 @@ class CPUSensor : public Sensor, public std::enable_shared_from_this + bool loggedInterfaceDown = false; + void setupRead(void); + void handleResponse(const boost::system::error_code& err); +- thresholds::ThresholdTimer thresholdTimer; ++ std::shared_ptr thresholdTimer; + void checkThresholds(void) override; + void updateMinMaxValues(void); + }; + +-extern boost::container::flat_map> ++extern boost::container::flat_map> + gCpuSensors; + + // this is added to cpusensor.hpp to avoid having every sensor have to link +diff --git a/include/Thresholds.hpp b/include/Thresholds.hpp +index 94c9c01..1c649a9 100644 +--- a/include/Thresholds.hpp ++++ b/include/Thresholds.hpp +@@ -60,13 +60,13 @@ struct TimerUsed + + using TimerPair = std::pair; + +-struct ThresholdTimer ++struct ThresholdTimer : public std::enable_shared_from_this + { + + ThresholdTimer(boost::asio::io_service& ioService, + std::weak_ptr sensor) : +- io(ioService), +- sensor(sensor) ++ std::enable_shared_from_this(), ++ io(ioService), sensor(sensor) + {} + + void stopAll() +@@ -138,13 +138,16 @@ struct ThresholdTimer + pair->first.direction = threshold.direction; + pair->first.assert = assert; + pair->second.expires_from_now(boost::posix_time::seconds(waitTime)); +- pair->second.async_wait([this, pair, threshold, assert, ++ auto weakRef = weak_from_this(); ++ pair->second.async_wait([weakRef, pair, threshold, assert, + assertValue](boost::system::error_code ec) { +- auto sptrSensor = sensor.lock(); +- if (sptrSensor) ++ auto self = weakRef.lock(); ++ if (self) + { +- +- pair->first.used = false; ++ if (pair != nullptr) ++ { ++ pair->first.used = false; ++ } + + if (ec == boost::asio::error::operation_aborted) + { +@@ -155,11 +158,15 @@ struct ThresholdTimer + std::cerr << "timer error: " << ec.message() << "\n"; + return; + } +- if (isPowerOn()) ++ auto sensorPtr = self->sensor.lock(); ++ if (sensorPtr) + { +- assertThresholds(sptrSensor.get(), assertValue, +- threshold.level, threshold.direction, +- assert); ++ if (isPowerOn()) ++ { ++ assertThresholds(sensorPtr.get(), assertValue, ++ threshold.level, threshold.direction, ++ assert); ++ } + } + } + }); +@@ -193,6 +200,7 @@ void persistThreshold(const std::string& baseInterface, const std::string& path, + void updateThresholds(Sensor* sensor); + // returns false if a critical threshold has been crossed, true otherwise + bool checkThresholds(Sensor* sensor); +-void checkThresholdsPowerDelay(Sensor* sensor, ThresholdTimer& thresholdTimer); ++void checkThresholdsPowerDelay(Sensor* sensor, ++ std::shared_ptr thresholdTimer); + + } // namespace thresholds +diff --git a/src/ADCSensor.cpp b/src/ADCSensor.cpp +index ba97ffa..865368f 100644 +--- a/src/ADCSensor.cpp ++++ b/src/ADCSensor.cpp +@@ -57,10 +57,10 @@ ADCSensor::ADCSensor(const std::string& path, + std::move(_thresholds), sensorConfiguration, + "xyz.openbmc_project.Configuration.ADC", maxReading / scaleFactor, + minReading / scaleFactor, readState), +- std::enable_shared_from_this(), objServer(objectServer), +- inputDev(io, open(path.c_str(), O_RDONLY)), waitTimer(io), path(path), +- scaleFactor(scaleFactor), bridgeGpio(std::move(bridgeGpio)), +- thresholdTimer(io, weak_from_this()) ++ std::enable_shared_from_this(), ioService(io), ++ objServer(objectServer), inputDev(io, open(path.c_str(), O_RDONLY)), ++ waitTimer(io), path(path), scaleFactor(scaleFactor), ++ bridgeGpio(std::move(bridgeGpio)) + { + sensorInterface = objectServer.add_interface( + "/xyz/openbmc_project/sensors/voltage/" + name, +@@ -100,7 +100,8 @@ ADCSensor::~ADCSensor() + inputDev.close(); + waitTimer.cancel(); + // cancel all threshold timers +- thresholdTimer.stopAll(); ++ thresholdTimer->stopAll(); ++ thresholdTimer.reset(); + + objServer.remove_interface(thresholdInterfaceWarning); + objServer.remove_interface(thresholdInterfaceCritical); +@@ -108,6 +109,12 @@ ADCSensor::~ADCSensor() + objServer.remove_interface(association); + } + ++void ADCSensor::setupThresholdTimer(void) ++{ ++ thresholdTimer = std::make_shared( ++ ioService, weak_from_this()); ++} ++ + void ADCSensor::setupRead(void) + { + std::shared_ptr buffer = +diff --git a/src/ADCSensorMain.cpp b/src/ADCSensorMain.cpp +index 9024eb9..0bc7bb2 100644 +--- a/src/ADCSensorMain.cpp ++++ b/src/ADCSensorMain.cpp +@@ -275,6 +275,7 @@ void createSensors( + path.string(), objectServer, dbusConnection, io, sensorName, + std::move(sensorThresholds), scaleFactor, readState, + *interfacePath, std::move(bridgeGpio)); ++ sensor->setupThresholdTimer(); + sensor->setupRead(); + } + })); +diff --git a/src/CPUSensor.cpp b/src/CPUSensor.cpp +index ad08dcf..f96b178 100644 +--- a/src/CPUSensor.cpp ++++ b/src/CPUSensor.cpp +@@ -45,10 +45,10 @@ CPUSensor::CPUSensor(const std::string& path, const std::string& objectType, + Sensor(boost::replace_all_copy(sensorName, " ", "_"), + std::move(_thresholds), sensorConfiguration, objectType, maxReading, + minReading, PowerState::on), +- objServer(objectServer), busConn(conn), inputDev(io), waitTimer(io), +- path(path), privTcontrol(std::numeric_limits::quiet_NaN()), +- dtsOffset(dtsOffset), show(show), pollTime(CPUSensor::sensorPollMs), +- thresholdTimer(io, weak_from_this()) ++ std::enable_shared_from_this(), objServer(objectServer), ++ ioService(io), busConn(conn), inputDev(io), waitTimer(io), path(path), ++ privTcontrol(std::numeric_limits::quiet_NaN()), ++ dtsOffset(dtsOffset), show(show), pollTime(CPUSensor::sensorPollMs) + { + nameTcontrol = labelTcontrol; + nameTcontrol += " CPU" + std::to_string(cpuId); +@@ -99,6 +99,10 @@ CPUSensor::~CPUSensor() + // close the input dev to cancel async operations + inputDev.close(); + waitTimer.cancel(); ++ // cancel all threshold timers ++ thresholdTimer->stopAll(); ++ thresholdTimer.reset(); ++ + if (show) + { + objServer.remove_interface(thresholdInterfaceWarning); +@@ -108,6 +112,12 @@ CPUSensor::~CPUSensor() + } + } + ++void CPUSensor::setupThresholdTimer(void) ++{ ++ thresholdTimer = std::make_shared( ++ ioService, weak_from_this()); ++} ++ + void CPUSensor::setupRead(void) + { + if (readingStateGood()) +diff --git a/src/CPUSensorMain.cpp b/src/CPUSensorMain.cpp +index 2261af7..427065a 100644 +--- a/src/CPUSensorMain.cpp ++++ b/src/CPUSensorMain.cpp +@@ -53,7 +53,7 @@ + + static constexpr bool DEBUG = false; + +-boost::container::flat_map> gCpuSensors; ++boost::container::flat_map> gCpuSensors; + boost::container::flat_map> + inventoryIfaces; +@@ -383,10 +383,11 @@ bool createSensors(boost::asio::io_service& io, + auto& sensorPtr = gCpuSensors[sensorName]; + // make sure destructor fires before creating a new one + sensorPtr = nullptr; +- sensorPtr = std::make_unique( ++ sensorPtr = std::make_shared( + inputPathStr, sensorType, objectServer, dbusConnection, io, + sensorName, std::move(sensorThresholds), *interfacePath, cpuId, + show, dtsOffset); ++ sensorPtr->setupThresholdTimer(); + createdSensors.insert(sensorName); + if (DEBUG) + { +diff --git a/src/Thresholds.cpp b/src/Thresholds.cpp +index bf90c22..26081d4 100644 +--- a/src/Thresholds.cpp ++++ b/src/Thresholds.cpp +@@ -367,7 +367,8 @@ bool checkThresholds(Sensor* sensor) + return status; + } + +-void checkThresholdsPowerDelay(Sensor* sensor, ThresholdTimer& thresholdTimer) ++void checkThresholdsPowerDelay(Sensor* sensor, ++ std::shared_ptr thresholdTimer) + { + + std::vector changes = checkThresholds(sensor, sensor->value); +@@ -387,14 +388,14 @@ void checkThresholdsPowerDelay(Sensor* sensor, ThresholdTimer& thresholdTimer) + // This would ensure that any "pulse" event is logged and + // last log represents the latest reading + +- if (thresholdTimer.hasActiveTimer(change.threshold, change.asserted) && +- !thresholdTimer.hasActiveTimer(change.threshold, !change.asserted)) ++ if (thresholdTimer->hasActiveTimer(change.threshold, change.asserted) && ++ !thresholdTimer->hasActiveTimer(change.threshold, !change.asserted)) + { + continue; // case 1 + } + +- thresholdTimer.startTimer(change.threshold, change.asserted, +- change.assertValue); ++ thresholdTimer->startTimer(change.threshold, change.asserted, ++ change.assertValue); + } + } + +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0017-Add-more-boundary-checking-in-Texitair-calculation.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0017-Add-more-boundary-checking-in-Texitair-calculation.patch new file mode 100644 index 000000000..08f26b642 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0017-Add-more-boundary-checking-in-Texitair-calculation.patch @@ -0,0 +1,237 @@ +From 5c2981d14b00b510f123bbde3805f4b0c96ee735 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Thu, 4 Feb 2021 13:54:33 -0800 +Subject: [PATCH 1/3] Add more boundary checking in ExitAir calculation + +There are sightings that exitair temp calculation can produce +extreme result, for example 3000+ degrees or negative degrees. +Additional boundary checks are added to prevent these results: +1. totalCFM limit to greater than minimum CFM from a fan (Qmin) +2. ensure alphaDT is greater than 0, which is used as: +Tavg = T * alphaDT + T * (1-alphaDT) (It has already limited to be <= 1.0) +3. additional debug logging if Texit exceeds 100 degrees, which is not expected +4. adjust CFM reading max limit base on new thermal data + +Effciency improvements: +1. Add tolerance in equality check with double value +2. Use current CFM sensor value when calculating Texit to avoid circular +dependency + +Signed-off-by: Zhikui Ren + +exit air update +--- + src/ExitAirTempSensor.cpp | 75 +++++++++++++++++++++++++++++++-------- + 1 file changed, 61 insertions(+), 14 deletions(-) + +diff --git a/src/ExitAirTempSensor.cpp b/src/ExitAirTempSensor.cpp +index d27aa06..9f7afe0 100644 +--- a/src/ExitAirTempSensor.cpp ++++ b/src/ExitAirTempSensor.cpp +@@ -42,6 +42,7 @@ + #include + + constexpr const float altitudeFactor = 1.14; ++static constexpr double exitAirTempResolution = 0.5; + constexpr const char* exitAirIface = + "xyz.openbmc_project.Configuration.ExitAirTempSensor"; + constexpr const char* cfmIface = "xyz.openbmc_project.Configuration.CFMSensor"; +@@ -56,7 +57,8 @@ constexpr const char* cfmSettingIface = "xyz.openbmc_project.Control.CFMLimit"; + + static constexpr bool DEBUG = false; + +-static constexpr double cfmMaxReading = 255; ++static constexpr double cfmMaxReading = ++ 6 * 255; // currently there 6 fans-need better strategy LGTM + static constexpr double cfmMinReading = 0; + + static constexpr size_t minSystemCfm = 50; +@@ -304,6 +306,7 @@ void CFMSensor::addTachRanges(const std::string& serviceName, + if (ec) + { + std::cerr << "Error getting properties from " << path << "\n"; ++ std::cerr << ec.message() << "\n"; + return; + } + +@@ -326,13 +329,18 @@ void CFMSensor::updateReading(void) + double val = 0.0; + if (calculate(val)) + { +- if (value != val && parent) ++ if (!std::isfinite(value) || ++ (fabs(value - val) > exitAirTempResolution)) + { +- parent->updateReading(); ++ updateValue(val); ++ if (parent) ++ { ++ parent->updateReading(); ++ } + } +- updateValue(val); ++ return; + } +- else ++ if (!std::isnan(value)) + { + updateValue(std::numeric_limits::quiet_NaN()); + } +@@ -483,6 +491,7 @@ bool CFMSensor::calculate(double& value) + { + std::cerr << "cfm value = " << value << "\n"; + } ++ + return true; + } + +@@ -588,6 +597,7 @@ void ExitAirTempSensor::setupMatches(void) + if (ec) + { + std::cerr << "Error contacting mapper\n"; ++ std::cerr << ec.message() << "\n"; + return; + } + for (const auto& item : subtree) +@@ -610,6 +620,7 @@ void ExitAirTempSensor::setupMatches(void) + { + std::cerr << "Error getting value from " << path + << "\n"; ++ std::cerr << ec.message() << "\n"; + } + + double reading = +@@ -641,6 +652,7 @@ void ExitAirTempSensor::addPowerRanges(const std::string& serviceName, + if (ec) + { + std::cerr << "Error getting properties from " << path << "\n"; ++ std::cerr << ec.message() << "\n"; + return; + } + +@@ -660,9 +672,13 @@ void ExitAirTempSensor::updateReading(void) + if (calculate(val)) + { + val = std::floor(val + 0.5); +- updateValue(val); ++ if (!std::isfinite(value) || value != val) ++ { ++ updateValue(val); ++ } ++ return; + } +- else ++ if (!std::isnan(value)) + { + updateValue(std::numeric_limits::quiet_NaN()); + } +@@ -674,7 +690,10 @@ double ExitAirTempSensor::getTotalCFM(void) + for (auto& sensor : cfmSensors) + { + double reading = 0; +- if (!sensor->calculate(reading)) ++ // cfmSensors match on fan tach value changes and calculate new CFM ++ // use the CFM sensor value directly without recalculate ++ reading = sensor->value; ++ if (!std::isfinite(reading)) + { + return -1; + } +@@ -687,11 +706,11 @@ double ExitAirTempSensor::getTotalCFM(void) + bool ExitAirTempSensor::calculate(double& val) + { + constexpr size_t maxErrorPrint = 5; +- static bool firstRead = false; ++ static bool firstRead = true; + static size_t errorPrint = maxErrorPrint; + + double cfm = getTotalCFM(); +- if (cfm <= 0 || cfm > cfmMaxReading) ++ if (cfm <= cfmMinReading || cfm > cfmMaxReading) + { + if (errorPrint > 0) + { +@@ -765,6 +784,10 @@ bool ExitAirTempSensor::calculate(double& val) + float powerFactor = 0.0; + if (cfm <= qMin) + { ++ // limit lower bound of cfm to prevent reporting extreme high ++ // exit air temp. fan failures or error in reading fan sensors ++ // are expected to be caught by sensor threshold. ++ cfm = qMin; + powerFactor = powerFactorMin; + } + else if (cfm >= qMax) +@@ -793,6 +816,7 @@ bool ExitAirTempSensor::calculate(double& val) + + if constexpr (DEBUG) + { ++ std::cout << "totalCFM " << cfm << "\n"; + std::cout << "Power Factor " << powerFactor << "\n"; + std::cout << "Inlet Temp " << inletTemp << "\n"; + std::cout << "Total Power" << totalPower << "\n"; +@@ -814,7 +838,7 @@ bool ExitAirTempSensor::calculate(double& val) + // Ai = As + (Af - As)/(QMax - QMin) * (CFM - QMin) + + double alpha = 0.0; +- if (cfm < qMin) ++ if (cfm <= qMin) + { + alpha = alphaS; + } +@@ -828,9 +852,9 @@ bool ExitAirTempSensor::calculate(double& val) + } + + auto time = std::chrono::system_clock::now(); +- if (!firstRead) ++ if (firstRead) + { +- firstRead = true; ++ firstRead = false; + lastTime = time; + lastReading = reading; + } +@@ -844,6 +868,10 @@ bool ExitAirTempSensor::calculate(double& val) + { + alphaDT = 1.0; + } ++ else if (alphaDT < 0.0) ++ { ++ alphaDT = 0.0; ++ } + + if constexpr (DEBUG) + { +@@ -858,9 +886,28 @@ bool ExitAirTempSensor::calculate(double& val) + } + + val = reading; ++ if (val > 90) ++ { ++ if (errorPrint > 0) ++ { ++ errorPrint--; ++ std::cerr << "Inlet Temp " << inletTemp << "\n"; ++ std::cerr << "Total Power " << totalPower << "\n"; ++ std::cerr << "powerFactor " << powerFactor << "\n"; ++ std::cerr << "pOffset " << pOffset << "\n"; ++ std::cerr << "totalCFM " << cfm << "\n"; ++ std::cerr << "lastReading " << lastReading << "\n"; ++ std::cerr << "alphaDT " << alphaDT << "\n"; ++ } ++ } ++ else ++ { ++ errorPrint = maxErrorPrint; ++ } ++ + lastReading = reading; + lastTime = time; +- errorPrint = maxErrorPrint; ++ + return true; + } + +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch new file mode 100644 index 000000000..d21525aa5 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch @@ -0,0 +1,50 @@ +From 4130233bb36c9b289bb837a405ea264ed99d35de Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Wed, 10 Feb 2021 14:05:56 -0800 +Subject: [PATCH] ADCSensor: use tmp power state file for threshold + +Current power state is captured in tmp host power state file. +If current power state is not ON, Skip checkthreshold for +ADC sensors that requires host power to be on. + +Signed-off-by: Zhikui Ren +--- + src/ADCSensor.cpp | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/src/ADCSensor.cpp b/src/ADCSensor.cpp +index 865368f..4de2b1f 100644 +--- a/src/ADCSensor.cpp ++++ b/src/ADCSensor.cpp +@@ -244,9 +244,27 @@ void ADCSensor::handleResponse(const boost::system::error_code& err) + }); + } + ++const static std::filesystem::path tmpHostStateFileDir = "/tmp"; ++const static constexpr std::string_view hostStateFile = "host-state"; ++ ++static bool isPowerCurrentlyOn() ++{ ++ std::ifstream hostStateStream(tmpHostStateFileDir / hostStateFile); ++ if (!hostStateStream.is_open()) ++ { ++ std::cerr << "Failed to open tmp host state file\n"; ++ return false; ++ } ++ ++ std::string state; ++ std::getline(hostStateStream, state); ++ return state == "xyz.openbmc_project.State.Host.HostState.Running"; ++} ++ + void ADCSensor::checkThresholds(void) + { +- if (!readingStateGood()) ++ if (readState != PowerState::always && ++ (!readingStateGood() || !isPowerCurrentlyOn())) + { + return; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend index c9dcae795..8e2126d9d 100644 --- a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend @@ -13,4 +13,9 @@ SRC_URI += "file://0001-Only-allow-drive-sensors-on-bus-2-for-ast2500.patch \ file://0011-Check-readingStateGood-before-updating-thresholds-pr.patch \ file://0012-PSUSensors-Move-to-GetSensorConfiguration.patch \ file://0013-Fix-ExitAirTempSensor-calculation.patch \ + file://0014-Cancel-threshold-timer-in-adcsensor-destructor.patch \ + file://0015-IpmbSensor-Fix-SMBus-configuration-for-VR-Temp.patch \ + file://0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch \ + file://0017-Add-more-boundary-checking-in-Texitair-calculation.patch \ + file://0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1g.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1g.bb deleted file mode 100644 index 66fa8f7d0..000000000 --- a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1g.bb +++ /dev/null @@ -1,211 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ - file://reproducible.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" - -inherit lib_package multilib_header multilib_script ptest -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" - -PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-powerpc64le) - target=linux-ppc64le - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target - perl ${B}/configdata.pm --dump -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest () { - # Prune the build tree - rm -f ${B}/fuzz/*.* ${B}/test/*.* - - cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} - - # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "openssl:openssl" - -# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 -# Apache in meta-webserver is already recent enough -CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb new file mode 100644 index 000000000..a9120d136 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb @@ -0,0 +1,211 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl" here actually means both OpenSSL and SSLeay licenses apply +# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-skip-test_symbol_presence.patch \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://afalg.patch \ + file://reproducible.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" + +inherit lib_package multilib_header multilib_script ptest +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " no-async" +EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-1.1 +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch new file mode 100644 index 000000000..708c481e3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch @@ -0,0 +1,151 @@ +From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001 +From: Michael Colavita +Date: Thu, 19 Nov 2020 11:44:40 -0500 +Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) + +Previously, in UCS4 conversion routines we limit the number of +characters we examine to the minimum of the number of characters in the +input and the number of characters in the output. This is not the +correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume +an output character when we skip a code unit. Instead, track the input +and output pointers and terminate the loop when either reaches its +limit. + +This resolves assertion failures when resetting the input buffer in a step of +iconv, which assumes that the input will be fully consumed given sufficient +output space. +--- + iconv/Makefile | 2 +- + iconv/gconv_simple.c | 16 ++++---------- + iconv/tst-iconv8.c | 50 ++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 55 insertions(+), 13 deletions(-) + create mode 100644 iconv/tst-iconv8.c + +diff --git a/iconv/Makefile b/iconv/Makefile +index 30bf996d3a..f9b51e23ec 100644 +--- a/iconv/Makefile ++++ b/iconv/Makefile +@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION + CFLAGS-simple-hash.c += -I../locale + + tests = tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \ +- tst-iconv7 tst-iconv-mt ++ tst-iconv7 tst-iconv8 tst-iconv-mt + + others = iconv_prog iconvconfig + install-others-programs = $(inst_bindir)/iconv +diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c +index d4797fba17..963b29f246 100644 +--- a/iconv/gconv_simple.c ++++ b/iconv/gconv_simple.c +@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step, + int flags = step_data->__flags; + const unsigned char *inptr = *inptrp; + unsigned char *outptr = *outptrp; +- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; + int result; +- size_t cnt; + +- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) ++ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) + { + uint32_t inval; + +@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step, + int flags = step_data->__flags; + const unsigned char *inptr = *inptrp; + unsigned char *outptr = *outptrp; +- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; + int result; +- size_t cnt; + +- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) ++ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) + { + if (__glibc_unlikely (inptr[0] > 0x80)) + { +@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step, + int flags = step_data->__flags; + const unsigned char *inptr = *inptrp; + unsigned char *outptr = *outptrp; +- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; + int result; +- size_t cnt; + +- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) ++ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) + { + uint32_t inval; + +@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step, + int flags = step_data->__flags; + const unsigned char *inptr = *inptrp; + unsigned char *outptr = *outptrp; +- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; + int result; +- size_t cnt; + +- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) ++ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) + { + if (__glibc_unlikely (inptr[3] > 0x80)) + { +diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c +new file mode 100644 +index 0000000000..0b92b19f66 +--- /dev/null ++++ b/iconv/tst-iconv8.c +@@ -0,0 +1,50 @@ ++/* Test iconv behavior on UCS4 conversions with //IGNORE. ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* Derived from BZ #26923 */ ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/"); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ /* ++ * Convert sequence beginning with an irreversible character into buffer that ++ * is too small. ++ */ ++ char input[12] = "\xe1\x80\xa1" "AAAAAAAAA"; ++ char *inptr = input; ++ size_t insize = sizeof (input); ++ char output[6]; ++ char *outptr = output; ++ size_t outsize = sizeof (output); ++ ++ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1); ++ TEST_VERIFY (errno == E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) != -1); ++ ++ return 0; ++} ++ ++#include +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch new file mode 100644 index 000000000..bc012e290 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch @@ -0,0 +1,133 @@ +From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Mon, 21 Dec 2020 08:56:43 +0530 +Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973) + +The byte 0xfe as input to the EUC-KR conversion denotes a user-defined +area and is not allowed. The from_euc_kr function used to skip two bytes +when told to skip over the unknown designation, potentially running over +the buffer end. +--- + iconvdata/Makefile | 3 ++- + iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++ + iconvdata/euc-kr.c | 6 +---- + iconvdata/ksc5601.h | 6 ++--- + 4 files changed, 59 insertions(+), 9 deletions(-) + create mode 100644 iconvdata/bug-iconv13.c + +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index 4ec2741cdc..85009f3390 100644 +--- a/iconvdata/Makefile ++++ b/iconvdata/Makefile +@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules)) + ifeq (yes,$(build-shared)) + tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ +- bug-iconv10 bug-iconv11 bug-iconv12 ++ bug-iconv10 bug-iconv11 bug-iconv12 \ ++ bug-iconv13 + ifeq ($(have-thread-library),yes) + tests += bug-iconv3 + endif +diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c +new file mode 100644 +index 0000000000..87aaff398e +--- /dev/null ++++ b/iconvdata/bug-iconv13.c +@@ -0,0 +1,53 @@ ++/* bug 24973: Test EUC-KR module ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR"); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined ++ areas, which are not allowed and should be skipped over due to ++ //IGNORE. The trailing 0xfe also is an incomplete sequence, which ++ should be checked first. */ ++ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' }; ++ char *inptr = input; ++ size_t insize = sizeof (input); ++ char output[4]; ++ char *outptr = output; ++ size_t outsize = sizeof (output); ++ ++ /* This used to crash due to buffer overrun. */ ++ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1); ++ TEST_VERIFY (errno == EINVAL); ++ /* The conversion should produce one character, the converted null ++ character. */ ++ TEST_VERIFY (sizeof (output) - outsize == 1); ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) != -1); ++ ++ return 0; ++} ++ ++#include +diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c +index b0d56cf3ee..1045bae926 100644 +--- a/iconvdata/euc-kr.c ++++ b/iconvdata/euc-kr.c +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) + \ + if (ch <= 0x9f) \ + ++inptr; \ +- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \ +- user-defined areas. */ \ +- else if (__builtin_expect (ch == 0xa0, 0) \ +- || __builtin_expect (ch > 0xfe, 0) \ +- || __builtin_expect (ch == 0xc9, 0)) \ ++ else if (__glibc_unlikely (ch == 0xa0)) \ + { \ + /* This is illegal. */ \ + STANDARD_FROM_LOOP_ERR_HANDLER (1); \ +diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h +index d3eb3a4ff8..f5cdc72797 100644 +--- a/iconvdata/ksc5601.h ++++ b/iconvdata/ksc5601.h +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) + unsigned char ch2; + int idx; + ++ if (avail < 2) ++ return 0; ++ + /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ + + if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e + || (ch - offset) == 0x49) + return __UNKNOWN_10646_CHAR; + +- if (avail < 2) +- return 0; +- + ch2 = (*s)[1]; + if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) + return __UNKNOWN_10646_CHAR; +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend new file mode 100644 index 000000000..3fa99af0a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch \ + file://0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch b/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch deleted file mode 100644 index 23b805b87..000000000 --- a/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 5829d9e6e1956ebb34ed8a723b0758146529459f Mon Sep 17 00:00:00 2001 -From: AppaRao Puli -Date: Wed, 7 Oct 2020 22:42:26 +0530 -Subject: [PATCH] disable PSU cold redundancy - -In RP platforms, single PSU also considered as -valid configuration. We don't have user configuration -option to enable/disable PSU cold redundancy. So -it should be disabled by default to avoid issues in -Rp platforms. -Also make sure if persistent config already set this -to true, make it to false. - -This avoids unwanted critical event logs and -unexpected LED status for RP platforms where -single PSU also considered as valid config. - -Tested: - - Rebooted BMC and observed no CR event logs and - no amber blocking of status LED. - - Set the persistent store to true, rebooted - BMC and value changed back to disabled. - -Change-Id: Ie0f1f3f8daa95593af6db698d65ea804cebfee87 -Signed-off-by: AppaRao Puli ---- - src/cold_redundancy.cpp | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/src/cold_redundancy.cpp b/src/cold_redundancy.cpp -index d64a9e3..3bfd37f 100644 ---- a/src/cold_redundancy.cpp -+++ b/src/cold_redundancy.cpp -@@ -76,8 +76,9 @@ ColdRedundancy::ColdRedundancy( - std::cerr << "error initializing assoc interface\n"; - } - -+ // For RP platforms, default cold redundancy should be disabled. -+ powerSupplyRedundancyEnabled(false); - // set default configuration -- powerSupplyRedundancyEnabled(true); - rotationEnabled(true); - periodOfRotation(7 * oneDay); - rotationAlgorithm(Algo::bmcSpecific); -@@ -109,6 +110,14 @@ ColdRedundancy::ColdRedundancy( - return; - } - -+ // For RP platforms, cold redundancy should be disabled. -+ // If its already set to true in persistent area, Lets -+ // override to false during bootup. -+ if (*redundancyEnabled) -+ { -+ *redundancyEnabled = false; -+ } -+ - if (*period >= minRotationPeriod && *period <= maxRotationPeriod) - { - periodOfRotation(*period); -@@ -867,6 +876,10 @@ void ColdRedundancy::readPmbus(uint8_t bus, uint8_t slaveAddr, int& value) - - void ColdRedundancy::checkRedundancyEvent() - { -+ if (!crSupported || !powerSupplyRedundancyEnabled()) -+ { -+ return; -+ } - puRedundantTimer.expires_after(std::chrono::seconds(2)); - puRedundantTimer.async_wait([this](const boost::system::error_code& ec) { - if (ec == boost::asio::error::operation_aborted) --- -2.7.4 - diff --git a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb index df38debfa..5a5604524 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb +++ b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb @@ -2,7 +2,7 @@ SUMMARY = "SMBIOS MDR version 2 service for Intel based platform" DESCRIPTION = "SMBIOS MDR version 2 service for Intel based platfrom" SRC_URI = "git://github.com/Intel-BMC/mdrv2.git;protocol=ssh" -SRCREV = "1573995f8949bbd76a17fb34bb6de056e81f391c" +SRCREV = "4478c25423287575ebe2c579aea3da0150f2b735" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0126-Adjust-soc-modules-probing-order.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0126-Adjust-soc-modules-probing-order.patch new file mode 100644 index 000000000..b9c1a2341 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/0126-Adjust-soc-modules-probing-order.patch @@ -0,0 +1,39 @@ +From dcdfa13b5a5dd43a6e40c0f6091ac6b70f856450 Mon Sep 17 00:00:00 2001 +From: Jae Hyun Yoo +Date: Mon, 4 Jan 2021 13:29:49 -0800 +Subject: [PATCH] Adjust soc modules probing order + +This commit moves object adding order for modules under soc to +adjust module probing order. + +Don't updtream it. It should be a downstream patch. + +Signed-off-by: Jae Hyun Yoo +--- + drivers/Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/Makefile b/drivers/Makefile +index 297047d4ed9b..854e82d87727 100644 +--- a/drivers/Makefile ++++ b/drivers/Makefile +@@ -38,9 +38,6 @@ obj-y += clk/ + # really early. + obj-$(CONFIG_DMADEVICES) += dma/ + +-# SOC specific infrastructure drivers. +-obj-y += soc/ +- + obj-$(CONFIG_VIRTIO) += virtio/ + obj-$(CONFIG_XEN) += xen/ + +@@ -188,3 +185,6 @@ obj-$(CONFIG_INTERCONNECT) += interconnect/ + obj-$(CONFIG_COUNTER) += counter/ + obj-$(CONFIG_PECI) += peci/ + obj-$(CONFIG_JTAG_ASPEED) += jtag/ ++ ++# SOC specific infrastructure drivers. ++obj-y += soc/ +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1002-Filter-erroneous-adc-readings.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1002-Filter-erroneous-adc-readings.patch index 9306ca9e2..34fd66e69 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1002-Filter-erroneous-adc-readings.patch +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1002-Filter-erroneous-adc-readings.patch @@ -36,7 +36,7 @@ index c115797c4cc5..c1e775e764ca 100644 #define ASPEED_ADC_CHANNELS_MAX 16 #define ASPEED_ADC_RAW_VALUE_MAX 0x3ff -+#define ASPEED_ADC_RAW_VALUE_DELTA_THRESHOLD 80 ++#define ASPEED_ADC_RAW_VALUE_DELTA_THRESHOLD 40 struct aspeed_adc_model_data { const char *model_name; diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1003-Die_CPU-filter-first-zero-from-GetTemp.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1003-Die_CPU-filter-first-zero-from-GetTemp.patch new file mode 100644 index 000000000..b7823ce14 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1003-Die_CPU-filter-first-zero-from-GetTemp.patch @@ -0,0 +1,60 @@ +From 0d202fb06b873c5e258658462ac4fc01a673fd83 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Mon, 11 Jan 2021 16:31:36 -0800 +Subject: [PATCH] Die_CPU: filter first zero from GetTemp + +Peci command GetTemp can return 0 during CPU reset. +It does not have a have completion code either. +Discard the first zero reading and return -ENODATA. +Consecutive zeros will be returned so that real hot +condition will still be detected and logged but possibly delayed +by the sensor polling period, which is normally 500ms-1s. + +Signed-off-by: Zhikui Ren +--- + drivers/hwmon/peci-cputemp.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/drivers/hwmon/peci-cputemp.c b/drivers/hwmon/peci-cputemp.c +index b633ea545644..19002f02bd91 100644 +--- a/drivers/hwmon/peci-cputemp.c ++++ b/drivers/hwmon/peci-cputemp.c +@@ -15,6 +15,7 @@ + + struct temp_group { + struct peci_sensor_data die; ++ u32 die_raw_prev; + struct peci_sensor_data dts; + struct peci_sensor_data tcontrol; + struct peci_sensor_data tthrottle; +@@ -129,6 +130,7 @@ static int get_die_temp(struct peci_cputemp *priv) + { + struct peci_get_temp_msg msg; + int ret; ++ bool discard = false; + + if (!peci_sensor_need_update(&priv->temp.die)) + return 0; +@@ -139,6 +141,19 @@ static int get_die_temp(struct peci_cputemp *priv) + if (ret) + return ret; + ++ /* GET_TEMP command does not have cc and can return zero during ++ * cpu reset. Treat the first zero reading as data not available. ++ * Consecutive zeros will be returned so true hot condition ++ * is not be missed. ++ */ ++ if (msg.temp_raw == 0 && priv->temp.die_raw_prev != 0) { ++ pr_err("peci-cputemp_die: discard first 0 reading from GetTemp\n"); ++ discard = true; ++ } ++ priv->temp.die_raw_prev = msg.temp_raw; ++ if (discard) ++ return -ENODATA; ++ + /* Note that the tjmax should be available before calling it */ + priv->temp.die.value = priv->temp.tjmax.value + + (msg.temp_raw * 1000 / 64); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1004-DTS_CPU-filter-first-zero-from-RdPkgConfig-10.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1004-DTS_CPU-filter-first-zero-from-RdPkgConfig-10.patch new file mode 100644 index 000000000..aab6c3cea --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/1004-DTS_CPU-filter-first-zero-from-RdPkgConfig-10.patch @@ -0,0 +1,64 @@ +From 68db4c74c43d4042b0b32bcd133121ab39b9b310 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Tue, 2 Feb 2021 14:49:28 -0800 +Subject: [PATCH] DTS_CPU: filter first zero from RdPkgConfig 10 + +Peci command GetPkgConfig 10 can return 0 (hot) with cc 0x40 +after cpu reset. Once pcode run time image is loaded +and it returns 0x8000 as DTS margin data not ready +Discard the first zero reading and return -ENODATA. +Consecutive zeros will be returned so that real hot +condition will still be detected and logged but possibly delayed +by the sensor polling period, which is normally one second. + +Signed-off-by: Zhikui Ren +--- + drivers/hwmon/peci-cputemp.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/drivers/hwmon/peci-cputemp.c b/drivers/hwmon/peci-cputemp.c +index 19002f02bd91..e1860779aa66 100644 +--- a/drivers/hwmon/peci-cputemp.c ++++ b/drivers/hwmon/peci-cputemp.c +@@ -17,6 +17,7 @@ struct temp_group { + struct peci_sensor_data die; + u32 die_raw_prev; + struct peci_sensor_data dts; ++ u32 dts_raw_prev; + struct peci_sensor_data tcontrol; + struct peci_sensor_data tthrottle; + struct peci_sensor_data tjmax; +@@ -168,6 +169,7 @@ static int get_dts(struct peci_cputemp *priv) + s32 dts_margin; + u8 pkg_cfg[4]; + int ret; ++ bool discard = false; + + if (!peci_sensor_need_update(&priv->temp.dts)) + return 0; +@@ -181,6 +183,22 @@ static int get_dts(struct peci_cputemp *priv) + + dts_margin = le16_to_cpup((__le16 *)pkg_cfg); + ++ /* There is a small window (500us) for read dts_margin (RdPkgConfig 10) ++ * to return cc 0x40, and dts_margin of 0 after cpu reset, before runtime ++ * image is loaded to set it to 0x8000 (dts reading not ready). ++ * DTS sensor is polled by user application at a slower rate than this window. ++ * Treat the first zero reading as data not available. ++ * Consecutive zeros will be returned so true hot condition ++ * is not be missed. ++ */ ++ if (dts_margin == 0 && priv->temp.dts_raw_prev != 0) { ++ pr_err("peci-cputemp_dts: discard first 0 reading from RdPkgConfig 10\n"); ++ discard = true; ++ } ++ priv->temp.dts_raw_prev = dts_margin; ++ if (discard) ++ return -ENODATA; ++ + /** + * Processors return a value of DTS reading in 10.6 format + * (10 bits signed decimal, 6 bits fractional). +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0465/0001-HID-core-Correctly-handle-ReportSize-being-zero.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0465/0001-HID-core-Correctly-handle-ReportSize-being-zero.patch new file mode 100644 index 000000000..d6550383b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0465/0001-HID-core-Correctly-handle-ReportSize-being-zero.patch @@ -0,0 +1,65 @@ +From 667514df10a08e4a65cb88f5fd5ffeccd027c4af Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Sat, 29 Aug 2020 12:26:01 +0100 +Subject: [PATCH] HID: core: Correctly handle ReportSize being zero + +commit bce1305c0ece3dc549663605e567655dd701752c upstream. + +It appears that a ReportSize value of zero is legal, even if a bit +non-sensical. Most of the HID code seems to handle that gracefully, +except when computing the total size in bytes. When fed as input to +memset, this leads to some funky outcomes. + +Detect the corner case and correctly compute the size. + +Cc: stable@vger.kernel.org +Signed-off-by: Marc Zyngier +Signed-off-by: Benjamin Tissoires +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/hid-core.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c +index 359616e3efbb..d2ecc9c45255 100644 +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -1597,6 +1597,17 @@ static void hid_output_field(const struct hid_device *hid, + } + } + ++/* ++ * Compute the size of a report. ++ */ ++static size_t hid_compute_report_size(struct hid_report *report) ++{ ++ if (report->size) ++ return ((report->size - 1) >> 3) + 1; ++ ++ return 0; ++} ++ + /* + * Create a report. 'data' has to be allocated using + * hid_alloc_report_buf() so that it has proper size. +@@ -1609,7 +1620,7 @@ void hid_output_report(struct hid_report *report, __u8 *data) + if (report->id > 0) + *data++ = report->id; + +- memset(data, 0, ((report->size - 1) >> 3) + 1); ++ memset(data, 0, hid_compute_report_size(report)); + for (n = 0; n < report->maxfield; n++) + hid_output_field(report->device, report->field[n], data); + } +@@ -1739,7 +1750,7 @@ int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size, + csize--; + } + +- rsize = ((report->size - 1) >> 3) + 1; ++ rsize = hid_compute_report_size(report); + + if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE) + rsize = HID_MAX_BUFFER_SIZE - 1; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0466/0001-epoll-Keep-a-reference-on-files-added-to-the-check-l.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0466/0001-epoll-Keep-a-reference-on-files-added-to-the-check-l.patch new file mode 100644 index 000000000..0e2d0c53f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-0466/0001-epoll-Keep-a-reference-on-files-added-to-the-check-l.patch @@ -0,0 +1,68 @@ +From b158e91610c76c5d9c61c4e990d56405b62bf05a Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Wed, 19 Aug 2020 17:12:17 +0100 +Subject: [PATCH] epoll: Keep a reference on files added to the check list + +commit a9ed4a6560b8562b7e2e2bed9527e88001f7b682 upstream. + +When adding a new fd to an epoll, and that this new fd is an +epoll fd itself, we recursively scan the fds attached to it +to detect cycles, and add non-epool files to a "check list" +that gets subsequently parsed. + +However, this check list isn't completely safe when deletions +can happen concurrently. To sidestep the issue, make sure that +a struct file placed on the check list sees its f_count increased, +ensuring that a concurrent deletion won't result in the file +disapearing from under our feet. + +Cc: stable@vger.kernel.org +Signed-off-by: Marc Zyngier +Signed-off-by: Al Viro +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman +--- + fs/eventpoll.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/fs/eventpoll.c b/fs/eventpoll.c +index 6307c1d883e0..b53ae571f064 100644 +--- a/fs/eventpoll.c ++++ b/fs/eventpoll.c +@@ -1991,9 +1991,11 @@ static int ep_loop_check_proc(void *priv, void *cookie, int call_nests) + * not already there, and calling reverse_path_check() + * during ep_insert(). + */ +- if (list_empty(&epi->ffd.file->f_tfile_llink)) ++ if (list_empty(&epi->ffd.file->f_tfile_llink)) { ++ get_file(epi->ffd.file); + list_add(&epi->ffd.file->f_tfile_llink, + &tfile_check_list); ++ } + } + } + mutex_unlock(&ep->mtx); +@@ -2037,6 +2039,7 @@ static void clear_tfile_check_list(void) + file = list_first_entry(&tfile_check_list, struct file, + f_tfile_llink); + list_del_init(&file->f_tfile_llink); ++ fput(file); + } + INIT_LIST_HEAD(&tfile_check_list); + } +@@ -2196,9 +2199,11 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd, + clear_tfile_check_list(); + goto error_tgt_fput; + } +- } else ++ } else { ++ get_file(tf.file); + list_add(&tf.file->f_tfile_llink, + &tfile_check_list); ++ } + mutex_lock_nested(&ep->mtx, 0); + if (is_file_epoll(tf.file)) { + tep = tf.file->private_data; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch new file mode 100644 index 000000000..8313c0533 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch @@ -0,0 +1,60 @@ +From d8fb64e4164d3f4c89eb58c27b2472a052359823 Mon Sep 17 00:00:00 2001 +From: Gaurav Kohli +Date: Tue, 6 Oct 2020 15:03:53 +0530 +Subject: [PATCH] tracing: Fix race in trace_open and buffer resize call + +Below race can come, if trace_open and resize of +cpu buffer is running parallely on different cpus +CPUX CPUY + ring_buffer_resize + atomic_read(&buffer->resize_disabled) +tracing_open +tracing_reset_online_cpus +ring_buffer_reset_cpu +rb_reset_cpu + rb_update_pages + remove/insert pages +resetting pointer + +This race can cause data abort or some times infinte loop in +rb_remove_pages and rb_insert_pages while checking pages +for sanity. + +Take buffer lock to fix this. + +Link: https://lkml.kernel.org/r/1601976833-24377-1-git-send-email-gkohli@codeaurora.org + +Cc: stable@vger.kernel.org +Fixes: b23d7a5f4a07a ("ring-buffer: speed up buffer resets by avoiding synchronize_rcu for each CPU") +Signed-off-by: Gaurav Kohli +Signed-off-by: Steven Rostedt (VMware) +--- + kernel/trace/ring_buffer.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 4bf050fcfe3b..6a790901270f 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -4406,6 +4406,9 @@ void ring_buffer_reset_cpu(struct ring_buffer *buffer, int cpu) + if (!cpumask_test_cpu(cpu, buffer->cpumask)) + return; + ++ /* prevent another thread from changing buffer sizes */ ++ mutex_lock(&buffer->mutex); ++ + atomic_inc(&buffer->resize_disabled); + atomic_inc(&cpu_buffer->record_disabled); + +@@ -4428,6 +4431,8 @@ void ring_buffer_reset_cpu(struct ring_buffer *buffer, int cpu) + + atomic_dec(&cpu_buffer->record_disabled); + atomic_dec(&buffer->resize_disabled); ++ ++ mutex_unlock(&buffer->mutex); + } + EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); + +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-29569/0001-xen-blkback-set-ring-xenblkd-to-null-after-kthread-stop.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-29569/0001-xen-blkback-set-ring-xenblkd-to-null-after-kthread-stop.patch new file mode 100644 index 000000000..2c55e4f46 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-29569/0001-xen-blkback-set-ring-xenblkd-to-null-after-kthread-stop.patch @@ -0,0 +1,54 @@ +From 1c728719a4da6e654afb9cc047164755072ed7c9 Mon Sep 17 00:00:00 2001 +From: Pawel Wieczorkiewicz +Date: Mon, 14 Dec 2020 10:25:57 +0100 +Subject: xen-blkback: set ring->xenblkd to NULL after kthread_stop() + +CVE-2020-29569 fix: This is XSA-350 +commit id: 1c728719a4da6e654afb9cc047164755072ed7c9 + +When xen_blkif_disconnect() is called, the kernel thread behind the +block interface is stopped by calling kthread_stop(ring->xenblkd). +The ring->xenblkd thread pointer being non-NULL determines if the +thread has been already stopped. +Normally, the thread's function xen_blkif_schedule() sets the +ring->xenblkd to NULL, when the thread's main loop ends. + +However, when the thread has not been started yet (i.e. +wake_up_process() has not been called on it), the xen_blkif_schedule() +function would not be called yet. + +In such case the kthread_stop() call returns -EINTR and the +ring->xenblkd remains dangling. +When this happens, any consecutive call to xen_blkif_disconnect (for +example in frontend_changed() callback) leads to a kernel crash in +kthread_stop() (e.g. NULL pointer dereference in exit_creds()). + +This is XSA-350. + +Cc: # 4.12 +Fixes: a24fa22ce22a ("xen/blkback: don't use xen_blkif_get() in xen-blkback kthread") +Reported-by: Olivier Benjamin +Reported-by: Pawel Wieczorkiewicz +Signed-off-by: Pawel Wieczorkiewicz +Reviewed-by: Julien Grall +Reviewed-by: Juergen Gross +Signed-off-by: Juergen Gross +--- + drivers/block/xen-blkback/xenbus.c | 1 + + 1 file changed, 1 insertion(+) + +(limited to 'drivers/block/xen-blkback/xenbus.c') + +diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c +index 1d8b8d24496c3..9860d4842f36c 100644 +--- a/drivers/block/xen-blkback/xenbus.c ++++ b/drivers/block/xen-blkback/xenbus.c +@@ -274,6 +274,7 @@ static int xen_blkif_disconnect(struct xen_blkif *blkif) + + if (ring->xenblkd) { + kthread_stop(ring->xenblkd); ++ ring->xenblkd = NULL; + wake_up(&ring->shutdown_wq); + } + +-- diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend index c2e2343dc..0186ee5f4 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend @@ -99,6 +99,9 @@ SRC_URI += " \ file://1002-Filter-erroneous-adc-readings.patch \ file://0121-Add-a-WA-to-defer-flash-writes-on-PS_ALERT_N-asserti.patch \ file://0125-i2c-aspeed-clear-slave-addresses-in-probe.patch \ + file://0126-Adjust-soc-modules-probing-order.patch \ + file://1003-Die_CPU-filter-first-zero-from-GetTemp.patch \ + file://1004-DTS_CPU-filter-first-zero-from-RdPkgConfig-10.patch \ " # CVE-2020-16166 vulnerability fix @@ -180,5 +183,29 @@ SRC_URI += " \ file://0001-tty-Fix-session-locking.patch \ " +# CVE-2020-29569 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-29569:" +SRC_URI += " \ + file://0001-xen-blkback-set-ring-xenblkd-to-null-after-kthread-stop.patch \ + " + +# CVE-2020-0465 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-0465:" +SRC_URI += " \ + file://0001-HID-core-Correctly-handle-ReportSize-being-zero.patch \ + " + +# CVE-2020-0466 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-0466:" +SRC_URI += " \ + file://0001-epoll-Keep-a-reference-on-files-added-to-the-check-l.patch \ + " + +# CVE-2020-27825 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-27825:" +SRC_URI += " \ + file://0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch \ + " + SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'file://0005-128MB-flashmap-for-PFR.patch', '', d)}" SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', 'file://debug.cfg', '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control/0003-fix-phosphor-pid-control-crash-when-fail-to-create-p.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control/0003-fix-phosphor-pid-control-crash-when-fail-to-create-p.patch new file mode 100644 index 000000000..8ba880440 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control/0003-fix-phosphor-pid-control-crash-when-fail-to-create-p.patch @@ -0,0 +1,122 @@ +From 15db42de295b0d38fdd4a3b6bdd8bb9dfe75eba9 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Mon, 4 Jan 2021 23:31:37 -0800 +Subject: [PATCH] fix phosphor-pid-control crash when fail to create passive + sensor + +When creation of a passive dbus sensor that monitors an existing sensor +object fails, try to create the passive sensor in the failed state, +and mark it non-functional. The failed sensor state may set the fan to +boosted state. If this attempt fails also, something is wrong, +throw the exception. + +This change prevents phosphor-pid-control to crash if some dependent +sensor service is in a bad state. This patch tries to only change the +behavior for this corner case, which is observed for +exitairtempsensor during dc-cyle testing. +Added a logging message to gather information on why it fails. + +This is temporary workaround. When rootcause is understood, +rework maybe needed for a better long term fix.. + +Tested: +Faked a failure in passive sensor creation and verified that the failed +Sensor was created. +Ran dc cycle 1000 times, phosphor-pid-control did not crash + +Signed-off-by: Zhikui Ren +--- + dbus/dbuspassive.cpp | 27 +++++++++++++++++++++++++++ + dbus/dbuspassive.hpp | 6 ++++++ + sensors/builder.cpp | 13 ++++++++++--- + 3 files changed, 43 insertions(+), 3 deletions(-) + +diff --git a/dbus/dbuspassive.cpp b/dbus/dbuspassive.cpp +index 4c6e405..de64711 100644 +--- a/dbus/dbuspassive.cpp ++++ b/dbus/dbuspassive.cpp +@@ -58,6 +58,8 @@ std::unique_ptr DbusPassive::createDbusPassive( + } + catch (const std::exception& e) + { ++ std::cerr << __func__ << " line:" << __LINE__ << e.what() << "\n"; ++ std::cerr << "type: " << type << " id:" << id << "\n"; + return nullptr; + } + +@@ -72,6 +74,31 @@ std::unique_ptr DbusPassive::createDbusPassive( + failed, path, redundancy); + } + ++std::unique_ptr DbusPassive::createFailedDbusPassive( ++ sdbusplus::bus::bus& bus, const std::string& type, const std::string& id, ++ DbusHelperInterface* helper, const conf::SensorConfig* info, ++ const std::shared_ptr& redundancy) ++{ ++ if (helper == nullptr) ++ { ++ return nullptr; ++ } ++ if (!validType(type)) ++ { ++ return nullptr; ++ } ++ ++ /* service == busname */ ++ std::string path = getSensorPath(type, id); ++ ++ struct SensorProperties settings; ++ //mark sensor failed ++ auto failedSensor = std::make_unique(bus, type, id, helper, settings, ++ true, path, redundancy); ++ failedSensor->setFunctional (false); ++ return failedSensor; ++} ++ + DbusPassive::DbusPassive( + sdbusplus::bus::bus& bus, const std::string& type, const std::string& id, + DbusHelperInterface* helper, const struct SensorProperties& settings, +diff --git a/dbus/dbuspassive.hpp b/dbus/dbuspassive.hpp +index 91733e9..d104e47 100644 +--- a/dbus/dbuspassive.hpp ++++ b/dbus/dbuspassive.hpp +@@ -41,6 +41,12 @@ class DbusPassive : public ReadInterface + const conf::SensorConfig* info, + const std::shared_ptr& redundancy); + ++ static std::unique_ptr createFailedDbusPassive( ++ sdbusplus::bus::bus& bus, const std::string& type, ++ const std::string& id, DbusHelperInterface* helper, ++ const conf::SensorConfig* info, ++ const std::shared_ptr& redundancy); ++ + DbusPassive(sdbusplus::bus::bus& bus, const std::string& type, + const std::string& id, DbusHelperInterface* helper, + const struct SensorProperties& settings, bool failed, +diff --git a/sensors/builder.cpp b/sensors/builder.cpp +index 4da1cf2..72fa3cb 100644 +--- a/sensors/builder.cpp ++++ b/sensors/builder.cpp +@@ -87,9 +87,16 @@ SensorManager + } + if (ri == nullptr) + { +- throw SensorBuildException( +- "Failed to create dbus passive sensor: " + name + +- " of type: " + info->type); ++ ri = DbusPassive::createFailedDbusPassive(passiveListeningBus, ++ info->type, name, ++ &helper, info, nullptr); ++ if (ri == nullptr) { ++ throw SensorBuildException( ++ "Failed to create dbus passive sensor: " + name + ++ " of type: " + info->type); ++ } else { ++ std::cerr << "set failed dbus passive sensor to non-function\n"; ++ } + } + break; + case IOInterfaceType::EXTERNAL: +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control_%.bbappend index 7d717a01d..8f65609d7 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/fans/phosphor-pid-control_%.bbappend @@ -11,4 +11,5 @@ FILES_${PN} = "${bindir}/swampd ${bindir}/setsensor" SRC_URI += "file://0001-Eliminate-swampd-core-dump-after-D-Bus-updates-senso.patch \ file://0002-Prevent-run-away-memory-consumption-from-swamped.patch \ + file://0003-fix-phosphor-pid-control-crash-when-fail-to-create-p.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0001-Avoid-negated-postcode-write-to-D-Bus.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0001-Avoid-negated-postcode-write-to-D-Bus.patch new file mode 100644 index 000000000..37b57fd11 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0001-Avoid-negated-postcode-write-to-D-Bus.patch @@ -0,0 +1,55 @@ +From c931dfac478b3ac045a399ca372ddef847bcf9dd Mon Sep 17 00:00:00 2001 +From: AppaRao Puli +Date: Mon, 21 Dec 2020 01:00:28 +0530 +Subject: [PATCH] Avoid negated postcode write to D-Bus + +This commit removes the code which writes the negated +postcode value to D-Bus object. This has some side effects +when bombarded data pushed to port 80. + +With this change, if same post code is written on LPC channel +it will be set but D-Bus will not emit the 'PropertiesChanged' +signal. Actually there is no need to emit the signal if actual +property value(postcode) is not changed. + +So if post code is changes, D-Bus will emit the signal as usual +with this code. Any client applications depends on this, still +can register for signal for knowing postcode change. + +Tested: + - Manually verified setting different post code emits the signal. + + busctl set-property xyz.openbmc_project.State.Boot.Raw + /xyz/openbmc_project/state/boot/raw xyz.openbmc_project.State.Boot.Raw + Value t 00 + + dbus-monitor --system "type='signal',member='PropertiesChanged', + interface='org.freedesktop.DBus.Properties', + path_namespace=/xyz/openbmc_project/state/boot/raw, + arg0=xyz.openbmc_project.State.Boot.Raw" + + - Verified functionality with real post code changes. + +Signed-off-by: AppaRao Puli +--- + main.cpp | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/main.cpp b/main.cpp +index 1094e43..5d5d923 100644 +--- a/main.cpp ++++ b/main.cpp +@@ -62,10 +62,6 @@ void PostCodeEventHandler(sdeventplus::source::IO& s, int postFd, uint32_t, + { + fprintf(stderr, "Code: 0x%" PRIx64 "\n", code); + } +- // HACK: Always send property changed signal even for the same code +- // since we are single threaded, external users will never see the +- // first value. +- reporter->value(~code, true); + reporter->value(code); + + // read depends on old data being cleared since it doens't always read +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend new file mode 100644 index 000000000..19142899d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +PROJECT_SRC_DIR := "${THISDIR}/${PN}" + +DEPENDS += " gtest" + +SRC_URI += "file://0001-Avoid-negated-postcode-write-to-D-Bus.patch" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_git.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_git.bbappend deleted file mode 100644 index 08d867de4..000000000 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_git.bbappend +++ /dev/null @@ -1 +0,0 @@ -DEPENDS += " gtest" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0039-Return-InternalError-on-DBus-error.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0039-Return-InternalError-on-DBus-error.patch new file mode 100644 index 000000000..f36ff76c8 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0039-Return-InternalError-on-DBus-error.patch @@ -0,0 +1,41 @@ +From 1a78cc35251621eec99f092fb39c8bb303681395 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Czarnowski +Date: Thu, 21 Jan 2021 14:41:15 +0100 +Subject: [PATCH] Return InternalError on DBus error + +Fixes returning empty response with 200 return code on GET request on +Virtual Media resource. +This happens when eg. dbus is highly occupied. Dbus call return timeout +error and response is silently dropped. +This update makes the response for such request more verbose, making +user aware that something went wrong. + +Tested: +Tested using Multiple_simultaneous_sessions.py. The one used to +reproduce this problem. + +Change-Id: I2c72684a2f4379ef32432895bdf0f412880790f2 +Signed-off-by: Przemyslaw Czarnowski +--- + redfish-core/lib/virtual_media.hpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp +index 5739204..70368eb 100644 +--- a/redfish-core/lib/virtual_media.hpp ++++ b/redfish-core/lib/virtual_media.hpp +@@ -223,7 +223,10 @@ static void getVmData(std::shared_ptr aResp, + ManagedObjectType& subtree) { + if (ec) + { +- BMCWEB_LOG_DEBUG << "DBUS response error"; ++ BMCWEB_LOG_ERROR ++ << "VirtualMedia::GetManagedObjects() D-Bus call error: " ++ << ec; ++ messages::internalError(aResp->res); + + return; + } +-- +2.26.2 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0040-Add-boundary-check-to-avoid-crash.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0040-Add-boundary-check-to-avoid-crash.patch new file mode 100644 index 000000000..ecb40c5b1 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0040-Add-boundary-check-to-avoid-crash.patch @@ -0,0 +1,58 @@ +From 87542156191bbfbc4f40a62ca4d8e67dc4f7d173 Mon Sep 17 00:00:00 2001 +From: AppaRao Puli +Date: Fri, 22 Jan 2021 13:31:20 +0530 +Subject: [PATCH] Add boundary check to avoid crash + +While stressing the firmware updates, its found +that bmcweb is crashing with below error. +Jan 06 21:38:40 intel-obmc bmcweb[388]: malloc(): unsorted double linked list corrupted +Jan 06 21:38:42 intel-obmc systemd[1]: bmcweb.service: Main process exited, code=dumped, status=6/ABRT +Jan 06 21:38:42 intel-obmc systemd[1]: bmcweb.service: Failed with result 'core-dump'. + +Further reviewing code, Its found that this could +be due to memory usage out of boundary. So change strcpy +to safe strncpy call. Also added return value check for +calloc failure. + +Tested: + - Performed some redfish stress with basic auth. + - Performed firmware updates stressing and no issues + found afterwards. + +Change-Id: I43767ec294c0de08047f4108adbda950bf84007a +Signed-off-by: AppaRao Puli +--- + include/pam_authenticate.hpp | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/include/pam_authenticate.hpp b/include/pam_authenticate.hpp +index 912093a..12f19c0 100644 +--- a/include/pam_authenticate.hpp ++++ b/include/pam_authenticate.hpp +@@ -23,17 +23,18 @@ inline int pamFunctionConversation(int numMsg, const struct pam_message** msg, + return PAM_AUTH_ERR; + } + +- std::strcpy(pass, appPass); ++ std::strncpy(pass, appPass, appPassSize + 1); + +- *resp = reinterpret_cast( +- calloc(static_cast(numMsg), sizeof(struct pam_response))); +- +- if (resp == nullptr) ++ void* ptr = ++ calloc(static_cast(numMsg), sizeof(struct pam_response)); ++ if (ptr == nullptr) + { + free(pass); + return PAM_AUTH_ERR; + } + ++ *resp = reinterpret_cast(ptr); ++ + for (int i = 0; i < numMsg; ++i) + { + /* Ignore all PAM messages except prompting for hidden input */ +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch new file mode 100644 index 000000000..8e61673e3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch @@ -0,0 +1,225 @@ +From 1c557e1d8bee8f66d97037b0dc8ae392c6ec45d3 Mon Sep 17 00:00:00 2001 +From: P Dheeraj Srujan Kumar +Date: Fri, 22 Jan 2021 17:00:21 +0530 +Subject: [PATCH] Revamp Redfish Event Log Unique ID Generation + +The unique ID for Redfish log events was generated using +the Timestamp of the log until seconds. This commit +allows the use of microseconds as well to create unique +Redfish Log ID, thereby improving the uniqueness of each +Log event ID + +Tested: +- GET of /redfish/v1/Systems/system/LogServices/EventLog/Entries + produces unique LogEvent Id's +- Verified Event ID's on Event listener. +- Redfish validator passed + +Change-Id: Ie2046a8ee7f9e7f6f14b05071b18a291c4313370 +Signed-off-by: P Dheeraj Srujan Kumar +--- + .../include/event_service_manager.hpp | 40 +++++------- + redfish-core/lib/log_services.hpp | 63 ++++++------------- + 2 files changed, 35 insertions(+), 68 deletions(-) + +diff --git a/redfish-core/include/event_service_manager.hpp b/redfish-core/include/event_service_manager.hpp +index afbf799..470636f 100644 +--- a/redfish-core/include/event_service_manager.hpp ++++ b/redfish-core/include/event_service_manager.hpp +@@ -142,38 +142,32 @@ static const Message* formatMessage(const std::string_view& messageID) + + namespace event_log + { +-bool getUniqueEntryID(const std::string& logEntry, std::string& entryID, +- const bool firstEntry = true) ++bool getUniqueEntryID(const std::string& logEntry, std::string& entryID) + { +- static time_t prevTs = 0; +- static int index = 0; +- if (firstEntry) +- { +- prevTs = 0; +- } +- + // Get the entry timestamp +- std::time_t curTs = 0; + std::tm timeStruct = {}; + std::istringstream entryStream(logEntry); + if (entryStream >> std::get_time(&timeStruct, "%Y-%m-%dT%H:%M:%S")) + { +- curTs = std::mktime(&timeStruct); +- if (curTs == -1) ++ time_t seconds = std::mktime(&timeStruct); ++ if (seconds == -1) + { + return false; + } +- } +- // If the timestamp isn't unique, increment the index +- index = (curTs == prevTs) ? index + 1 : 0; +- +- // Save the timestamp +- prevTs = curTs; + +- entryID = std::to_string(curTs); +- if (index > 0) ++ size_t dot = logEntry.find_first_of("."); ++ if (dot == std::string::npos) ++ { ++ return false; ++ } ++ // 2015-10-24T06:54:38.383093 => 6 digits for microseconds ++ std::string microSec = logEntry.substr((dot + 1), 6); ++ entryID = std::to_string(seconds) + "_"; ++ entryID += microSec; ++ } ++ else + { +- entryID += "_" + std::to_string(index); ++ return false; + } + return true; + } +@@ -1131,7 +1125,6 @@ class EventServiceManager + std::vector eventRecords; + + bool startLogCollection = false; +- bool firstEntry = true; + + std::string logEntry; + while (std::getline(logStream, logEntry)) +@@ -1146,11 +1139,10 @@ class EventServiceManager + } + + std::string idStr; +- if (!event_log::getUniqueEntryID(logEntry, idStr, firstEntry)) ++ if (!event_log::getUniqueEntryID(logEntry, idStr)) + { + continue; + } +- firstEntry = false; + + std::string timestamp; + std::string messageID; +diff --git a/redfish-core/lib/log_services.hpp b/redfish-core/lib/log_services.hpp +index e6a9022..ee064ce 100644 +--- a/redfish-core/lib/log_services.hpp ++++ b/redfish-core/lib/log_services.hpp +@@ -306,41 +306,32 @@ static bool getUniqueEntryID(sd_journal* journal, std::string& entryID, + return true; + } + +-static bool getUniqueEntryID(const std::string& logEntry, std::string& entryID, +- const bool firstEntry = true) ++static bool getUniqueEntryID(const std::string& logEntry, std::string& entryID) + { +- static time_t prevTs = 0; +- static int index = 0; +- if (firstEntry) +- { +- prevTs = 0; +- } +- + // Get the entry timestamp +- std::time_t curTs = 0; + std::tm timeStruct = {}; + std::istringstream entryStream(logEntry); + if (entryStream >> std::get_time(&timeStruct, "%Y-%m-%dT%H:%M:%S")) + { +- curTs = std::mktime(&timeStruct); +- } +- // If the timestamp isn't unique, increment the index +- if (curTs == prevTs) +- { +- index++; ++ time_t seconds = std::mktime(&timeStruct); ++ if (seconds == -1) ++ { ++ return false; ++ } ++ ++ size_t dot = logEntry.find_first_of("."); ++ if (dot == std::string::npos) ++ { ++ return false; ++ } ++ // 2015-10-24T06:54:38.383093 => 6 digits for microseconds ++ std::string microSec = logEntry.substr((dot + 1), 6); ++ entryID = std::to_string(seconds) + "_"; ++ entryID += microSec; + } + else + { +- // Otherwise, reset it +- index = 0; +- } +- // Save the timestamp +- prevTs = curTs; +- +- entryID = std::to_string(curTs); +- if (index > 0) +- { +- entryID += "_" + std::to_string(index); ++ return false; + } + return true; + } +@@ -1265,9 +1256,6 @@ class JournalEventLogEntryCollection : public Node + uint64_t entryCount = 0; + std::string logEntry; + +- // Reset the unique ID on the first entry +- bool firstEntry = true; +- + // Oldest logs are in the last file, so start there and loop backwards + for (auto it = redfishLogFiles.rbegin(); it < redfishLogFiles.rend(); + it++) +@@ -1289,16 +1277,11 @@ class JournalEventLogEntryCollection : public Node + } + + std::string idStr; +- if (!getUniqueEntryID(logEntry, idStr, firstEntry)) ++ if (!getUniqueEntryID(logEntry, idStr)) + { + continue; + } + +- if (firstEntry) +- { +- firstEntry = false; +- } +- + logEntryArray.push_back({}); + nlohmann::json& bmcLogEntry = logEntryArray.back(); + if (fillEventLogEntryJson(idStr, logEntry, bmcLogEntry) != 0) +@@ -1354,9 +1337,6 @@ class JournalEventLogEntry : public Node + getRedfishLogFiles(redfishLogFiles); + std::string logEntry; + +- // Reset the unique ID on the first entry +- bool firstEntry = true; +- + // Oldest logs are in the last file, so start there and loop backwards + for (auto it = redfishLogFiles.rbegin(); it < redfishLogFiles.rend(); + it++) +@@ -1370,16 +1350,11 @@ class JournalEventLogEntry : public Node + while (std::getline(logStream, logEntry)) + { + std::string idStr; +- if (!getUniqueEntryID(logEntry, idStr, firstEntry)) ++ if (!getUniqueEntryID(logEntry, idStr)) + { + continue; + } + +- if (firstEntry) +- { +- firstEntry = false; +- } +- + if (idStr == targetID) + { + if (fillEventLogEntryJson(idStr, logEntry, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend index 279b8bec4..b409243a4 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend @@ -53,6 +53,9 @@ SRC_URI += "file://0001-Firmware-update-support-for-StandBySpare.patch \ file://0036-fix-bmcweb-crash-during-sol-communication.patch \ file://0037-Use-non-throw-version-of-remote_endpoint.patch \ file://0038-Change-Severity-for-ServiceFailure-redfish-event.patch \ + file://0039-Return-InternalError-on-DBus-error.patch \ + file://0040-Add-boundary-check-to-avoid-crash.patch \ + file://0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch \ " # Temporary downstream mirror of upstream patches, see telemetry\README for details diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0001-Fix-for-intrusionsensor-service-crash.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0001-Fix-for-intrusionsensor-service-crash.patch new file mode 100644 index 000000000..43a249f56 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0001-Fix-for-intrusionsensor-service-crash.patch @@ -0,0 +1,41 @@ +From d2aa20ed1a6358ed7db04088256fb8e59cd39669 Mon Sep 17 00:00:00 2001 +From: Jayaprakash Mutyala +Date: Tue, 29 Dec 2020 12:05:08 +0000 +Subject: [PATCH] Fix for intrusionsensor service crash + +Issue: Due to issuing of continuous Lan command on 2 ethernet LAN cables +connected BMC, intrusionsensor service is getting crashed. + +Fix: Add configuration unit "StartLimitBurst" to restart +intrusionsensor service. + +Tested: +Verified by issuing LAN commands continuously, Successfully +intrusionsensor service restarted. +Commands: +ipmitool lan set 1 ipsrc static +ipmitool lan set 3 ipsrc static +ipmitool lan set 1 ipsrc dhcp +ipmitool lan set 3 ipsrc dhcp + +Signed-off-by: Jayaprakash Mutyala +--- + service_files/xyz.openbmc_project.intrusionsensor.service | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/service_files/xyz.openbmc_project.intrusionsensor.service b/service_files/xyz.openbmc_project.intrusionsensor.service +index 1730b07..bccb4a1 100644 +--- a/service_files/xyz.openbmc_project.intrusionsensor.service ++++ b/service_files/xyz.openbmc_project.intrusionsensor.service +@@ -7,6 +7,8 @@ After=xyz.openbmc_project.EntityManager.service + [Service] + Restart=always + RestartSec=5 ++StartLimitIntervalSec=5 ++StartLimitBurst=5 + ExecStart=/usr/bin/env intrusionsensor + SyslogIdentifier=intrusion-sensor + +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend index ebb63ca19..5cdb6c525 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend @@ -6,6 +6,7 @@ SRCREV = "8aeffd91ff3434f7812e9fdb6b0b03c6119921dd" SRC_URI += "\ file://intrusionsensor-depend-on-networkd.conf \ + file://0001-Fix-for-intrusionsensor-service-crash.patch \ " DEPENDS_append = " libgpiod libmctp" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager/0008-Remove-ldap-dependencies.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager/0008-Remove-ldap-dependencies.patch new file mode 100644 index 000000000..f15659ba9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager/0008-Remove-ldap-dependencies.patch @@ -0,0 +1,29 @@ +From d6051890ba56327e1bc56cc7b02ad0ae5a44010c Mon Sep 17 00:00:00 2001 +From: P Dheeraj Srujan Kumar +Date: Fri, 8 Jan 2021 16:46:38 +0530 +Subject: [PATCH] Remove ldap dependencies + +The Makfile of phosphor-user-manager includes +phosphor-ldap-config and phosphor-ldap-mapper to be built. +Removing these Makefile path, as we do not use ldap. + +Change-Id: I649ece9b3105d28cf98d4e5bb1595b5cf6557f5d +Signed-off-by: P Dheeraj Srujan Kumar +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 58916b0..4a0ee31 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -23,5 +23,5 @@ phosphor_user_manager_CXXFLAGS = $(SYSTEMD_CFLAGS) \ + -DBOOST_SYSTEM_NO_DEPRECATED \ + -DBOOST_ERROR_CODE_HEADER_ONLY + +-SUBDIRS = . phosphor-ldap-mapper phosphor-ldap-config test ++SUBDIRS = . test + +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend index 8f6fbf760..415390149 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend @@ -8,4 +8,7 @@ SRC_URI += " \ file://0005-Added-suport-for-multiple-user-manager-services.patch \ file://0006-Use-groupmems-instead-of-getgrnam_r-due-to-overlay.patch \ file://0007-Treat-pwd-is-not-set-if-no-entry-in-shadow-for-usr.patch \ + file://0008-Remove-ldap-dependencies.patch \ " + +DEPENDS_remove = "nss-pam-ldapd" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend index 46f4a28a9..a0141f2b7 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend @@ -1,7 +1,7 @@ SRC_URI = "git://github.com/Intel-BMC/phosphor-webui;protocol=ssh;branch=intel2" FILESEXTRAPATHS_prepend_intel := "${THISDIR}/${PN}:" -SRCREV = "3b13f734a5f881b9b51346ba09fabea752b145f3" +SRCREV = "6313c9df615fd85a8617c46444f964b972abdebd" # Adding the code below as a workaround as # favicon gets corrupted during emit due to issue with html-webpack-plugin. diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch new file mode 100644 index 000000000..a7db1b3c9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch @@ -0,0 +1,44 @@ +From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001 +From: Roy Li +Date: Tue, 26 Apr 2016 13:13:01 +0800 +Subject: [PATCH] replace krb5-config with pkg-config + +Upstream-Status: Pending + +Signed-off-by: Roy Li + +--- + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5569a26..56b0380 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi, + fi + ]) + +-: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} ++KRB5CONFIG=`which pkg-config` + + save_CPPFLAGS="$CPPFLAGS" + AC_MSG_CHECKING([if GSS-API support is requested]) +@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then + if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then +- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` ++ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi` + elif test "$GSSAPI_ROOT" != "yes"; then + GSSAPI_INCS="-I$GSSAPI_ROOT/include" + fi +@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then + elif test -f "$KRB5CONFIG"; then + dnl krb5-config doesn't have --libs-only-L or similar, put everything + dnl into LIBS +- gss_libs=`$KRB5CONFIG --libs gssapi` ++ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi` + LIBS="$gss_libs $LIBS" + else + case $host in diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb new file mode 100644 index 000000000..73dbd853c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb @@ -0,0 +1,81 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +HOMEPAGE = "http://curl.haxx.se/" +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" +SECTION = "console/network" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531" + +SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ + file://0001-replace-krb5-config-with-pkg-config.patch \ +" + +SRC_URI[md5sum] = "646c71c7c9fdb71308032790d885ea00" +SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5" + +CVE_PRODUCT = "curl libcurl" +inherit autotools pkgconfig binconfig multilib_header + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" +PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib" +PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --disable-ntlm-wb \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libmetalink \ + --without-libpsl \ +" + +do_install_append_class-target() { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + ${D}${bindir}/curl-config +} + +PACKAGES =+ "lib${BPN}" + +FILES_lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS_lib${BPN} += "ca-certificates" + +FILES_${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0002-save-current-power-state-in-tmp-file.patch b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0002-save-current-power-state-in-tmp-file.patch new file mode 100644 index 000000000..a01a90c26 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0002-save-current-power-state-in-tmp-file.patch @@ -0,0 +1,86 @@ +From ee182e17b21b99dae7e1a57759558530f9081d78 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Wed, 10 Feb 2021 13:26:57 -0800 +Subject: [PATCH] save current power state in tmp file + +host power state is captured in dbus object properties. +But dbus latency can be many seconds or longer at times. +which is not meeting the realtime requirement for some +application like sensors. + +Capture current power state in a temp file as a way to share +the power state in realtime with other applications. + +Tested: +1. ipmitool power on + cat /tmp/host-state + xyz.openbmc_project.State.Host.HostState.Running + +2. ipmitool power off + cat /tmp/host-state + xyz.openbmc_project.State.Host.HostState.Off + +3. AC cycle with DC on and DC off + tmp file created correctly + +4. Reset BMC with DC on and DC off + tmp file created correctly + +5. After FW update and BMC restart + tmp file created correctly + +Signed-off-by: Zhikui Ren +--- + power-control-x86/src/power_control.cpp | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/power-control-x86/src/power_control.cpp b/power-control-x86/src/power_control.cpp +index bddb16e..9dc08ba 100644 +--- a/power-control-x86/src/power_control.cpp ++++ b/power-control-x86/src/power_control.cpp +@@ -62,6 +62,8 @@ const static constexpr int powerOffSaveTimeMs = 7000; + + const static std::filesystem::path powerControlDir = "/var/lib/power-control"; + const static constexpr std::string_view powerStateFile = "power-state"; ++const static std::filesystem::path tmpHostStateFileDir = "/tmp"; ++const static constexpr std::string_view hostStateFile = "host-state"; + + static bool nmiEnabled = true; + static constexpr const char* nmiOutName = "NMI_OUT"; +@@ -453,6 +455,11 @@ static void setPowerState(const PowerState state) + std::string(getChassisState(powerState))); + chassisIface->set_property("LastStateChangeTime", getCurrentTimeMs()); + ++ // dbus latency can be unpredictable sometime ++ // tmp file is used to share current power state ++ std::ofstream tmpHostStateStream(tmpHostStateFileDir / hostStateFile); ++ tmpHostStateStream << getHostState(state); ++ + // Save the power state for the restore policy + savePowerState(state); + } +@@ -628,6 +635,13 @@ static void nmiDiagIntLog() + + static int initializePowerStateStorage() + { ++ // Create tmp power state file if it doesn't exist ++ if (!std::filesystem::exists(tmpHostStateFileDir / hostStateFile)) ++ { ++ std::ofstream tmpHostStateStream(tmpHostStateFileDir / hostStateFile); ++ tmpHostStateStream << getHostState(powerState); ++ } ++ + // create the power control directory if it doesn't exist + std::error_code ec; + if (!(std::filesystem::create_directories(powerControlDir, ec))) +@@ -639,6 +653,7 @@ static int initializePowerStateStorage() + return -1; + } + } ++ + // Create the power state file if it doesn't exist + if (!std::filesystem::exists(powerControlDir / powerStateFile)) + { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend index d2d918404..ea6a65bb2 100755 --- a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend @@ -6,4 +6,5 @@ FILESEXTRAPATHS_append := "${THISDIR}/${PN}:" SRC_URI += " \ file://0001-Extend-VR-Watchdog-timeout.patch \ + file://0002-save-current-power-state-in-tmp-file.patch \ " -- cgit v1.2.3