diff options
| author | Julius Werner <jwerner@chromium.org> | 2020-02-04 16:39:21 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-02-11 13:44:19 +0000 |
| commit | 9df04f353c23a9a45cde0321e441e7dcddf5377f (patch) | |
| tree | b0eac8a126bb6e9619073f8f91fccbed63ba9005 | |
| parent | 79910141b5474cb9c4c64de2beb390432df150c5 (diff) | |
| download | vboot-9df04f353c23a9a45cde0321e441e7dcddf5377f.tar.gz | |
firmware: Add VB2_REC_OR_DIE() helper macro
After introducing VB2_DIE() recently, practical use has shown that we
pretty much always want to check for recovery mode first, and avoid a
hard abort in that case. This patch introduces a very similar macro that
includes that extra check so we don't have to open-code it all over the
place.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I16e744859ba7a5c68269e06c7e7d071f3bfae67e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2038244
Reviewed-by: Joel Kitching <kitching@chromium.org>
| -rw-r--r-- | firmware/2lib/2secdata_firmware.c | 8 | ||||
| -rw-r--r-- | firmware/2lib/2secdata_fwmp.c | 17 | ||||
| -rw-r--r-- | firmware/2lib/2secdata_kernel.c | 8 | ||||
| -rw-r--r-- | firmware/2lib/include/2common.h | 9 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 13 | ||||
| -rw-r--r-- | tests/vb2_misc_tests.c | 8 |
6 files changed, 31 insertions, 32 deletions
diff --git a/firmware/2lib/2secdata_firmware.c b/firmware/2lib/2secdata_firmware.c index 44cd9e74..98e65b05 100644 --- a/firmware/2lib/2secdata_firmware.c +++ b/firmware/2lib/2secdata_firmware.c @@ -97,9 +97,7 @@ uint32_t vb2_secdata_firmware_get(struct vb2_context *ctx, } fail: - if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) - VB2_DIE("%s\n", msg); - VB2_DEBUG("ERROR [%s] ignored in recovery mode\n", msg); + VB2_REC_OR_DIE(ctx, "%s\n", msg); return 0; } @@ -152,7 +150,5 @@ void vb2_secdata_firmware_set(struct vb2_context *ctx, return; fail: - if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) - VB2_DIE("%s\n", msg); - VB2_DEBUG("ERROR [%s] ignored in recovery mode\n", msg); + VB2_REC_OR_DIE(ctx, "%s\n", msg); } diff --git a/firmware/2lib/2secdata_fwmp.c b/firmware/2lib/2secdata_fwmp.c index 7d19fca4..170fc5c2 100644 --- a/firmware/2lib/2secdata_fwmp.c +++ b/firmware/2lib/2secdata_fwmp.c @@ -87,12 +87,8 @@ int vb2_secdata_fwmp_get_flag(struct vb2_context *ctx, (struct vb2_secdata_fwmp *)&ctx->secdata_fwmp; if (!(sd->status & VB2_SD_STATUS_SECDATA_FWMP_INIT)) { - if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) { - VB2_DEBUG("Assuming broken FWMP flag %d as 0\n", flag); - return 0; - } else { - VB2_DIE("Must init FWMP before retrieving flag\n"); - } + VB2_REC_OR_DIE(ctx, "Must init FWMP before retrieving flag\n"); + return 0; } if (ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP) @@ -108,13 +104,8 @@ uint8_t *vb2_secdata_fwmp_get_dev_key_hash(struct vb2_context *ctx) (struct vb2_secdata_fwmp *)&ctx->secdata_fwmp; if (!(sd->status & VB2_SD_STATUS_SECDATA_FWMP_INIT)) { - if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) { - VB2_DEBUG("Assuming broken FWMP dev_key_hash " - "as empty\n"); - return NULL; - } else { - VB2_DIE("Must init FWMP before getting dev key hash\n"); - } + VB2_REC_OR_DIE(ctx, "Must init FWMP before get dev key hash\n"); + return NULL; } if (ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP) diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c index 4764ace1..ca122ab5 100644 --- a/firmware/2lib/2secdata_kernel.c +++ b/firmware/2lib/2secdata_kernel.c @@ -99,9 +99,7 @@ uint32_t vb2_secdata_kernel_get(struct vb2_context *ctx, } fail: - if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) - VB2_DIE("%s\n", msg); - VB2_DEBUG("ERROR [%s] ignored in recovery mode\n", msg); + VB2_REC_OR_DIE(ctx, "%s\n", msg); return 0; } @@ -141,7 +139,5 @@ void vb2_secdata_kernel_set(struct vb2_context *ctx, return; fail: - if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) - VB2_DIE("%s\n", msg); - VB2_DEBUG("ERROR [%s] ignored in recovery mode\n", msg); + VB2_REC_OR_DIE(ctx, "%s\n", msg); } diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 5470d2a6..135beb96 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -59,6 +59,15 @@ struct vb2_public_key; for (;;); \ } while (0) +#define VB2_REC_OR_DIE(ctx, format, args...) do { \ + VB2_DEBUG(format, ## args); \ + if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) { \ + vb2ex_abort(); \ + for (;;); \ + } \ + VB2_DEBUG("IGNORING ABORT IN RECOVERY MODE!!!\n"); \ +} while (0) + /* * Define test_mockable and for mocking functions when compiled for Chrome OS * environment (that is, not for firmware). diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 0e2e8fb3..1c7d974c 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -321,13 +321,12 @@ vb2_error_t vb2_commit_data(struct vb2_context *ctx) __attribute__ ((fallthrough)); case VB2_ERROR_NV_WRITE: - if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) - /* - * We can't write to nvdata, so it's impossible to - * trigger recovery mode. Skip calling vb2api_fail - * and just die. - */ - VB2_DIE("write nvdata failed\n"); + /* + * We can't write to nvdata, so it's impossible to + * trigger recovery mode. Skip calling vb2api_fail + * and just die (unless already in recovery). + */ + VB2_REC_OR_DIE(ctx, "write nvdata failed\n"); break; } diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index 2a3f88dc..b3da6454 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -255,6 +255,14 @@ static void misc_tests(void) "vb_workbuf_from_ctx() buf"); TEST_EQ(wb.size, sd->workbuf_size - VB2_WORKBUF_ALIGN, "vb_workbuf_from_ctx() size"); + + reset_common_data(); + TEST_ABORT(VB2_REC_OR_DIE(ctx, "die\n"), "REC_OR_DIE in normal mode"); + + reset_common_data(); + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; + VB2_REC_OR_DIE(ctx, "VB2_REC_OR_DIE() test in recovery mode\n"); + /* Would exit here if it didn't work as intended. */ } static void gbb_tests(void) |