All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] image: don't exceed gd->ram_top in bootm_size
@ 2020-08-24 17:14 Baruch Siach
  2020-08-28 12:54 ` Tom Rini
  0 siblings, 1 reply; 2+ messages in thread
From: Baruch Siach @ 2020-08-24 17:14 UTC (permalink / raw)
  To: u-boot

When board_get_usable_ram_top() limits gd->ram_top, env_get_bootm_size()
must not exceed that limit. Otherwise, boot_relocate_fdt() might put fdt
out of the allowed RAM range.

The similar commit 8ce1f10cf2b1 ("ARM: bootm: take into account
gd->ram_top") exposed this bug.

This fixes boot on Armada 8040 based Clearfog GT-8K where ram_top is set
to 0x80000000 (2GB), but bi_dram[0].size might be up to 0xc0000000
(3GB). Note the relocated fdt address (0xbfff4000) in the console output
listed below:

Found /extlinux/extlinux.conf
Retrieving file: /extlinux/extlinux.conf
62 bytes read in 21 ms (2 KiB/s)
1:	linux
Retrieving file: /extlinux/Image
13740544 bytes read in 1266 ms (10.4 MiB/s)
Retrieving file: /extlinux/armada-8040-clearfog-gt-8k.dtb
33368 bytes read in 31 ms (1 MiB/s)
   Booting using the fdt blob at 0x4f00000
   Loading Device Tree to 00000000bfff4000, end 00000000bffff257 ... "Synchronous Abort" handler, esr 0x96000045
elr: 000000000006e1cc lr : 0000000000068fd8 (reloc)
elr: 000000007ffa91cc lr : 000000007ffa3fd8
x0 : ffffffffffffffff x1 : 00000000bfffc258
x2 : 0000000000000000 x3 : ffffffffffff7da7
x4 : 0000000004f08258 x5 : 00000000bfff4000
x6 : 00000000bfff4000 x7 : 000000000000000f
x8 : 000000007fb23bf8 x9 : 0000000000000008
x10: 00000000bffff257 x11: 00000000bffff257
x12: 0000000000000000 x13: fffffffffffff000
x14: 00000000bfff4000 x15: 0000000000000021
x16: 000000007ff7bc38 x17: 0000000000000000
x18: 000000007fb2add0 x19: 00000000bfff4000
x20: 0000000004f00000 x21: 000000000000b258
x22: 0000000058820000 x23: 0000000000000010
x24: 000000007ffe3c40 x25: 000000007fb23cb8
x26: 00000000c0000000 x27: 0000000000000000
x28: 000000007fc3fd50 x29: 000000007fb23bd0

Code: 54000061 aa0603e0 d65f03c0 38606882 (38206822)
Resetting CPU ...

Thanks to Patrice CHOTARD who directed me to the right way.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 common/image.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/image.c b/common/image.c
index 9d7d5c17d122..da8bccd400dd 100644
--- a/common/image.c
+++ b/common/image.c
@@ -694,6 +694,9 @@ phys_size_t env_get_bootm_size(void)
 	size = gd->bd->bi_memsize;
 #endif
 
+	if (start + size > gd->ram_top)
+		size = gd->ram_top - start;
+
 	s = env_get("bootm_low");
 	if (s)
 		tmp = (phys_size_t)simple_strtoull(s, NULL, 16);
-- 
2.28.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH] image: don't exceed gd->ram_top in bootm_size
  2020-08-24 17:14 [PATCH] image: don't exceed gd->ram_top in bootm_size Baruch Siach
@ 2020-08-28 12:54 ` Tom Rini
  0 siblings, 0 replies; 2+ messages in thread
From: Tom Rini @ 2020-08-28 12:54 UTC (permalink / raw)
  To: u-boot

On Mon, Aug 24, 2020 at 08:14:05PM +0300, Baruch Siach wrote:

> When board_get_usable_ram_top() limits gd->ram_top, env_get_bootm_size()
> must not exceed that limit. Otherwise, boot_relocate_fdt() might put fdt
> out of the allowed RAM range.
> 
> The similar commit 8ce1f10cf2b1 ("ARM: bootm: take into account
> gd->ram_top") exposed this bug.
> 
> This fixes boot on Armada 8040 based Clearfog GT-8K where ram_top is set
> to 0x80000000 (2GB), but bi_dram[0].size might be up to 0xc0000000
> (3GB). Note the relocated fdt address (0xbfff4000) in the console output
> listed below:
> 
> Found /extlinux/extlinux.conf
> Retrieving file: /extlinux/extlinux.conf
> 62 bytes read in 21 ms (2 KiB/s)
> 1:	linux
> Retrieving file: /extlinux/Image
> 13740544 bytes read in 1266 ms (10.4 MiB/s)
> Retrieving file: /extlinux/armada-8040-clearfog-gt-8k.dtb
> 33368 bytes read in 31 ms (1 MiB/s)
>    Booting using the fdt blob at 0x4f00000
>    Loading Device Tree to 00000000bfff4000, end 00000000bffff257 ... "Synchronous Abort" handler, esr 0x96000045
> elr: 000000000006e1cc lr : 0000000000068fd8 (reloc)
> elr: 000000007ffa91cc lr : 000000007ffa3fd8
> x0 : ffffffffffffffff x1 : 00000000bfffc258
> x2 : 0000000000000000 x3 : ffffffffffff7da7
> x4 : 0000000004f08258 x5 : 00000000bfff4000
> x6 : 00000000bfff4000 x7 : 000000000000000f
> x8 : 000000007fb23bf8 x9 : 0000000000000008
> x10: 00000000bffff257 x11: 00000000bffff257
> x12: 0000000000000000 x13: fffffffffffff000
> x14: 00000000bfff4000 x15: 0000000000000021
> x16: 000000007ff7bc38 x17: 0000000000000000
> x18: 000000007fb2add0 x19: 00000000bfff4000
> x20: 0000000004f00000 x21: 000000000000b258
> x22: 0000000058820000 x23: 0000000000000010
> x24: 000000007ffe3c40 x25: 000000007fb23cb8
> x26: 00000000c0000000 x27: 0000000000000000
> x28: 000000007fc3fd50 x29: 000000007fb23bd0
> 
> Code: 54000061 aa0603e0 d65f03c0 38606882 (38206822)
> Resetting CPU ...
> 
> Thanks to Patrice CHOTARD who directed me to the right way.
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200828/bde83f99/attachment.sig>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-08-28 12:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-24 17:14 [PATCH] image: don't exceed gd->ram_top in bootm_size Baruch Siach
2020-08-28 12:54 ` Tom Rini

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.