When a gpio is exported by writing in /sys/class/gpio/export, the
corresponding gpio control files appear immediately in sysfs but
with default access permission for root user only. The daemon udev
requires some time to get notified of the new files before it can
change the permissions to allow access to unprivileged users.
Due to this race condition, sysfsgpio can fail with EACCES error
if OpenOCD is executed by any unprivileged user.
Give 0.5 seconds to udev to identify the new files and change the
permission.
Tested with udev rules:
SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c 'find -L /sys/class/gpio/ -maxdepth 2 -exec chown root:uucp {} \; -exec chmod g=u {} \; || true'"
Change-Id: I1316c66ff103ffe23e5e4720f33372dc272a3766
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5302
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
The flag extended_protocol is currently a single static variable
thus, in case of multiple targets, it is shared among all the gdb
connections. This is an issue if the gdb connections are not all
using extended protocol, but also when one connection get closed
because the code sets the flag to zero impacting the other
connections still open.
Move the flag extended_protocol in the per-connection struct
gdb_connection.
Change-Id: I19d565f925df6a31767fd8d392242f60867109f2
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5310
Tested-by: jenkins
Reviewed-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
The GDB file-I/O remote protocol extension, used for implementing
the semihosting file I/O, requires the length of strings to
include the trailing zero character, as explicitly stated inside a
comment in GDB source code [1]:
/* 1. Parameter: Ptr to pathname / length incl. trailing zero. */
ARM specification for semihosting [2] requires the string length
to not include the trailing zero character, e.g. in SYS_OPEN
specifications:
"field 3: An integer that gives the length of the string
pointed to by field 1. The length does not include the
terminating null character that must be present."
The mismatch above requires OpenOCD to add "one" to the string
length before passing it to GDB. Such conversion is missing
either in the generic semihosting provider of the data, the
function semihosting_common(), and in the consumer of the data,
the gdb_server function gdb_fileio_reply().
The conversion is already implemented in the target specific
function nds32_get_gdb_fileio_info(), but it's not the preferred
place for such GDB specific requirement.
This issue affects the semihosting calls "open", "unlink",
"rename" and "system".
Remove the "+1" conversion from nds32_get_gdb_fileio_info().
Add the "+1" conversion in gdb_fileio_reply().
[1] http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;f=gdb/remote-fileio.c;h=11c141e42c4d#l381
[2] "Semihosting for AArch32 and AArch64, Release 2.0"
https://static.docs.arm.com/100863/0200/semihosting.pdf
Change-Id: I35461bcb30f734fe2d51f7f0d418e3d04b4af506
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5322
Tested-by: jenkins
Reviewed-by: Steven Stallion <sstallion@gmail.com>
Reviewed-by: Muhammad Omair Javaid <omair.javaid@linaro.org>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Using a signed variable as a parameter of FLASH_SNB() macro
generated "warning: The result of the left shift is undefined
because the left operand is negative"
Change-Id: I8b3fe840f9308962460906097df6ddd848c07b25
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/5356
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Made sure that size and endianness of jtag_vpi structures sent
over the network is the same, regardless of the platform.
Little endian chosen to maintain as much compatibility
with existing OpenOCD builds as possible.
Matching change in the original jtag_vpi server:
https://github.com/fjullien/jtag_vpi/pull/4
Change-Id: Ib839fea9bb2d5190b5643c970b89333b286dce71
Signed-off-by: Jan Matyas <matyas@codasip.com>
Reviewed-on: http://openocd.zylin.com/5152
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Tested-by: jenkins
The new "Access control list" flash protection scheme used in nRF52840
is not yet supported. Do not prevent sector erase if protection
state is unknown.
Change-Id: Iae9a869a54ffbdc888fb3ec478dafb5c942d9ea0
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/5348
Tested-by: jenkins
The input buffer size is checked only after writing past its end.
Change-Id: I6a9651c5b7d82efe338468d67bf6caca41004b01
Signed-off-by: Jimmy <nhminus@gmail.com>
Reviewed-on: http://openocd.zylin.com/5352
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Due to lack of printf format check wrong specifier was used and it
actually broke operation on a 32-bit BE host.
So fix this and add the necessary function attributes so that the bugs
like that can be uncovered automaticaly.
Reported and pinpointed by Karl Palsson on IRC.
Change-Id: I254ec28fcd9bb30594d607f74a6dba5456c2c7a1
Tested-by: Karl Palsson <karlp@tweak.net.au>
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/5342
Tested-by: jenkins
Reviewed-by: Karl Palsson <karlp@tweak.net.au>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
STM32H7x7 and STM32H7x5 devices contains two cores : CM7 + CM4
The second core creation is only done when
* DUAL_CORE variable is set to true
* non HLA interface is used
A second check for the second core existence is done in cpu1 examine-end
Once the second core is detected it gets examined.
Furthermore, the script provides a configurable CTI usage in order to halt
the cores simultaneously.
Tested on Rev X and V devices.
PS: the indentation was a mix of spaces and tabs, all changed to tabs.
Change-Id: Iad9c30826965ddb9be5dee628bc2e63f953bbcb8
Signed-off-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-on: http://openocd.zylin.com/5130
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
The STM32H7 has three access ports. The DBGMCU component is available
through AP0 at 0x5C001000 and through AP2 at 0xE00E1000. Using the
latter is preferable for early configuration because it works in all
power states and while SRST is asserted, whereas the former does not.
Change-Id: Iaf8f01d769efb6655040060a8e1e951e1f7e50ab
Signed-off-by: Christopher Head <chead@zaber.com>
Signed-off-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-on: http://openocd.zylin.com/4742
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
functions managing option bytes cache (stm32x_read/write_options)
have bee removed, and a new functions to modify a single option byte
have been introduced (stm32x_write/modify_option).
by the way, some helpers have been introduced to access flash registers:
- stm32x_read_flash_reg(bank, offset, *value): int
- stm32x_write_flash_reg(bank, offset, value): int
and a new commands to read and write a single flash option register:
- stm32h7x option_read <bank> <option_reg offset>
- stm32h7x option_write <bank> <option_reg offset> <value> [mask]
also lock and unlock handlers' have been reduced by using the same routine
(stm32x_set_rdp) and have been optimized to not write options unless
there is a change in RDP level.
finally, several functions have been fixed to lock flash / options in case
of failure.
Change-Id: I75057949ab9f5b4e0f602bafb76f9f80d53a522b
Signed-off-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-on: http://openocd.zylin.com/5293
Tested-by: jenkins
Reviewed-by: Christopher Head <chead@zaber.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
To achieve that we need to avoid using FLASH_REG_BASE_B0, and use
bank registers instead:
For dual bank devices, each option register is mapped in 2 addresses
at the same offset from flash_bank_reg_base.
This is true for OPTCR, OPTKEYR, OPTSR_CUR/PRG, OPTCCR according to
RM0433 Rev6 (refer to section 3.9: FLASH registers)
In stm32x_write_options, according to RM0433 Rev6, after OBL launch we
should wait for OPTSR_CUR.BSY bit instead of FLASH_SR.QW
Change-Id: Ie24a91f069d03c9233797390fc2e925c737dad90
Signed-off-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-on: http://openocd.zylin.com/5291
Tested-by: jenkins
Reviewed-by: Christopher Head <chead@zaber.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Each bank had to store its options only, there is no need for bank1
to sneak into bank2 options.
Furthermore, some variants do not have a second bank.
Change-Id: I9229eb8ab4b5860ba2b0c5dbe626a54a84bca4d6
Signed-off-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-on: http://openocd.zylin.com/5290
Tested-by: jenkins
Reviewed-by: Christopher Head <chead@zaber.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Drop static pointer to allocated struct nrf5_info, iterate over
the flash bank list to find previously allocated nrf5 instances.
nrf5 is swd only device, so static allocation makes no harm,
but we should avoid copying the wrong code to other flash drivers.
Free sector array before allocating it to avoid memory leak on
re-probing device.
Change-Id: I781d8f4418a91c043f2393e5ecc5278fc6df3566
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4910
Tested-by: jenkins
Also refuse 'flash protect' on any nRF52.
Fail protection check on nRF52840 until ACL protection is implemented.
Change-Id: I84fcf117427e4894147c3ad92e2a3597566b4fcf
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4864
Tested-by: jenkins
nrf5 flash driver detected devices by looking up the HWID in the table
of known devices. Unfortunately chips are produced with many different
HWIDs for each type.
All nRF52 devices have FICR INFO field suitable for device identification
without need of HWID lookup.
Some newer nRF51 devices have FICR INFO too although undocumented.
Use this information to identify the device.
nrf5_info() is reworked to show just concise info.
Decoding FICR and UICR registers was moved from nrf5_info()
to a new command 'nrf5 info' without functional changes.
The flash bank for UICR page has the same size as program flash sector.
Change-Id: I900095b9ae23ee995f8e2bef8539b75d00300da5
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4848
Tested-by: jenkins
nRF5 flash controller can write a word at a time. Ask flash
infrastructure to handle alignment and padding.
Fix mixing of offset and address in nrf5_ll_flash_write()
- the original code worked just because NRF5_FLASH_BASE is 0
Change-Id: Ibe8bdf899a1764cf4117b2deda1a4618eeb16697
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4819
Tested-by: jenkins
Starting from glibc 2.30, the header file sys/sysctl.h gets
deprecated on Linux, after the commit 744e82963716 ("Linux:
Deprecate <sys/sysctl.h> and sysctl")
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=744e82963716
The associated NEWS reports
The Linux-specific <sys/sysctl.h> header and the sysctl
function have been deprecated and will be removed from a
future version of glibc.
Latest automake 1.16.1 still does not handle this case.
Current OpenOCD build fails with warning and requires configure
with "--disable-werror" to build.
Prevent including sys/sysctl.h on Linux build.
Change-Id: I5310976573352a96e5aef123352f73475f0c35fe
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5317
Tested-by: jenkins
Reviewed-by: Moritz Fischer <moritz.fischer.private@gmail.com>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
OpenOCD can be targeted by a Cross Protocol Scripting attack from
a web browser running malicious code, such as the following PoC:
var x = new XMLHttpRequest();
x.open("POST", "http://127.0.0.1:4444", true);
x.send("exec xcalc\r\n");
This mitigation should provide some protection from browser-based
attacks and is based on the corresponding fix in Redis:
8075572207/src/networking.c (L1758)
Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reported-by: Josef Gajdusek <atx@atx.name>
Reviewed-on: http://openocd.zylin.com/4335
Tested-by: jenkins
Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
If a new JTAG command is added, then GCC will complain that
enumeration value not handled in switch. This is the only driver not
to have a default case, so add it.
Change-Id: Icb838087bb7525d057a911bd256300e256da1668
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-on: http://openocd.zylin.com/5333
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
If a new JTAG command is added, then GCC will complain that
enumeration value not handled in switch. Make this consistent with
other drivers, and add a 'default' case.
Change-Id: I66d6d0db3fcae93ea246f2d4882ffff5dec14693
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-on: http://openocd.zylin.com/5340
Tested-by: jenkins
Reviewed-by: Jan Matyas <matyas@codasip.com>
Reviewed-by: Franck Jullien <franck.jullien@gmail.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
This version adds two new USB PIDs and fixes a build issue under MSYS2.
Change-Id: I753fab827783ea64e55e59d833742c9f70a28a2b
Signed-off-by: Marc Schink <openocd-dev@marcschink.de>
Reviewed-on: http://openocd.zylin.com/5309
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
In preparation for supporting the ARM MCRR and MRRC commands which will
require using two 32-bit registers to read/write a 64-bit internal
register, extract the common logic to read/write from/to a register
to/from DCC and make that parameterized such that we can do this through
not just r0.
Change-Id: Iadb73f5cde8cf5961b5a18ddd198bf39d791e610
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-on: http://openocd.zylin.com/5227
Tested-by: jenkins
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
The variable gw16012_port is of type uint16_t.
There is no need for a cast to print it.
Change the format modifier to PRIx16
Change-Id: I16fe688b9d235bae46525635d07849a00fba9548
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5195
Tested-by: jenkins
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
GDB uses the vRun packet if available to restart a running process in
extended remote mode. Support this like the R packet and set the
semihosting command-line to allow it to be specified from GDB.
Change-Id: I9cb812b22170630f782113c9927e46e0cd5b1f0f
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/5186
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
As it is mentioned here [1] type's ID is unique name within containing feature.
That said if regs of the same type located in different features it's required
to insert type definition at least in each feature.
See more details in discussion here [2].
[1] https://sourceware.org/gdb/onlinedocs/gdb/Target-Description-Format.html#Types
[2] 2a5f5125ac (r33460077)
Change-Id: Id92b061cfbf47d5c032a02c2c406b28affd0b02a
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-on: http://openocd.zylin.com/5179
Tested-by: jenkins
Reviewed-by: Muhammad Omair Javaid <omair.javaid@linaro.org>
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
Armv7a is able to read and write memory at un-aligned address, but
only when bit SCTLR.A (Alignment check enable) is zero and the
address belongs to a memory space with attribute "Normal" (see [1]
chapter A3.2.1 "Unaligned data access"). In all the other cases
the memory access will trigger an alignment fault data abort
exception.
Memory attributes are explained in [1] chapter A3.5 "Memory types
and attributes and the memory order model".
Disabling the MMU cause a change in memory attribute, as explained
in [1] chapter B3.2 "The effects of disabling MMUs on VMSA
behavior".
This can cause several issues. e.g. a SW breakpoint on un-aligned
4-byte Thumb instruction, set when MMU is on, can be impossible to
remove when MMU turns off.
While is possible to check all the possible conditions before an
un-aligned memory access, it's clearly more maintainable to skip
such complexity and only perform aligned accesses.
Check the alignment and eventually modify the data size before
calling the functions cortex_a_{read,write}_cpu_memory_slow().
Change the comment in the two functions above to comply with the
new behaviour.
[1] ARM DDI 0406C.d - "ARM Architecture Reference Manual, ARMv7-A
and ARMv7-R edition"
Change-Id: I57b4c11e7fa7e78aaaaee4406a5734b48db740ae
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5138
Tested-by: jenkins
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
Issue has been found when I tried to read 64 MiB QSPI flash bank.
Bank is memory mapped, default_flash_read() is used for 'flash read_bank'
command. OpenOCD consumed as much as 6.8 GiB of RAM during this
process. Investigation showed that this happens because JTAG queue
is not limited in any way. OpenOCD queues 16 millions of AP reads
allocating all corresponding data structures.
Most of this memory is allocated in:
cmd_queue_alloc (commands.c) - 4.2 GiB
dap_cmd_new (adi_v5_jtag.c) - 2.25GiB
This patch implements a pool of "struct dap_cmd" objects using
linked list. Objects are taken from a pool in "dap_cmd_new()" and
returned to the pool when they are not needed. Size of the pool
is limited to 64K of objects, JTAG queue is forcibly executed
when this limit is reached.
Checked with Valgrind and Clang analyzer - no new warnings.
Change-Id: I5aaaecce5ed71414f7965a2598f49742f6a6b2b5
Signed-off-by: Bohdan Tymkiv <bhdt@cypress.com>
Reviewed-on: http://openocd.zylin.com/4948
Tested-by: jenkins
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
Correct check for end-of-region is:
$BASE + $LEN > $ADDRESS
And it is currently (wrongly) calculated as:
$ADDRESS > $BASE - $LEN
Change-Id: If10bfee19b0c7dbc085731ac1eda943f5d8a36a3
Signed-off-by: Piotr Kasprzyk <ciri@ciri.pl>
Reviewed-on: http://openocd.zylin.com/4798
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Make driver_priv point directly into the corresponding chip bank structure
and add a pointer to it to get back to its chip when it's needed. This
removes the need to keep track of any bank number, either global or chip-
local.
In addition, it simplifies the cases where the chip structure was just used
to access the chip bank fields; now they are directly accessible.
Change-Id: Iaa353cd4fa7d8ff94c2ef69028c7cb32fade0420
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/4775
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
The current code checks the count to determine whether to read bytes or
words. However it fails to consider whether the base address is suitably
aligned.
Instead use the target_read_buffer() function which is for exactly this
purpose and generates optimal accesses with natural alignment.
Change-Id: I32ab5417890ee2219902df1529bc220fe353b4c7
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/3217
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
The preverify option allows to check whether flashing is necessary.
If the target is flashed often/automatically this can save time and
preserve the flash. This is expecially helpful in CI environments.
Change-Id: Iead0a269e1a772b751d4dd9e8b53b2fecc874624
Signed-off-by: Moritz 'Morty' Strübe <moritz.struebe@redheads.de>
Reviewed-on: http://openocd.zylin.com/5292
Tested-by: jenkins
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Reviewed-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
I think that libusb_handle_events_timeout_completed is supposed to make
progress or time out, but sometimes we hit a case where it makes no
progress, and mpsse_flush() loops forever. This wall clock timeout
notifies the user that this is going on.
When I wrote this code, this bug would reproduce every hour or two, but
right now it's not happening for me.
Change-Id: I7eb66f43462298e263a48048aa0c8769095661eb
Signed-off-by: Tim Newsome <tim@sifive.com>
Reviewed-on: http://openocd.zylin.com/4767
Tested-by: jenkins
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
According to the reference manual it should be 0x40000000. Flashing (and
booting) a firmware with this MSC base was successful.
Change-Id: I739e67d36555b8170a3b8e26f54cf1c09ce8424b
Signed-off-by: Christian Meusel <christian.meusel@posteo.de>
Reviewed-on: http://openocd.zylin.com/5263
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Fix expression "(pin_status | 0x4)" which was always true rather than
testing a bit. Untested - was clearly not expressing the intent of the
author by inspection. Found by automated tooling and rtrieu@google.com.
Signed-off-by: Seth LaForge <sethml@google.com>
Change-Id: I4bb91e60e8ce9757bf21976cc48de6f85a39c68d
Reviewed-on: http://openocd.zylin.com/5301
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
The C standard says that errno is set to ERANGE if an out-of-range value
is returned by strtol, strtoul, et. al., but it does not say that errno
is cleared if the function is successful (and, indeed, it is not on
glibc). This means that, if errno is ERANGE before strtol is called, and
if the value to be converted is exactly the maximum (or, for a signed
conversion, the minimum) legal value, COMMAND_PARSE_NUMBER will
erroneously indicate that the value is out of range.
Change-Id: I8a8b50a815b408a38235968f1c1d70297ea1a6aa
Signed-off-by: Christopher Head <chead@zaber.com>
Reviewed-on: http://openocd.zylin.com/5298
Tested-by: jenkins
Reviewed-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>