From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mout.gmx.net ([212.227.17.22]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hdBvS-0001wZ-Fn for barebox@lists.infradead.org; Tue, 18 Jun 2019 11:05:20 +0000 References: <20190618093833.2005-1-antonynpavlov@gmail.com> <20190618093833.2005-3-antonynpavlov@gmail.com> From: Oleksij Rempel Message-ID: <408c4d4f-154c-f6e8-83b1-ad19d3f01319@rempel-privat.de> Date: Tue, 18 Jun 2019 13:05:06 +0200 MIME-Version: 1.0 In-Reply-To: <20190618093833.2005-3-antonynpavlov@gmail.com> Content-Language: en-US List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: Re: [RFC 2/2] MIPS: relocate_code: fix barebox image memcpy() size To: Antony Pavlov , barebox@lists.infradead.org Cc: Oleksij Rempel Am 18.06.19 um 11:38 schrieb Antony Pavlov: > In this relocate_code() piece 'length' is greater than 'barebox_image_size': > > #define MAX_BSS_SIZE SZ_1M > ... > length = barebox_image_size + MAX_BSS_SIZE; > relocaddr = ALIGN_DOWN(ram_size - barebox_image_size, SZ_64K); > ... > memcpy((void *)relocaddr, __image_start, length); > > so 'ram_size' overflow occurs during memcpy(). > > Signed-off-by: Antony Pavlov Thenk you! This patch is fixing relocatable barebox for malta-qemu and ihas no regressions on ar9331 DPT-Module! Tested-by: Oleksij Rempel > --- > arch/mips/lib/reloc.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/arch/mips/lib/reloc.c b/arch/mips/lib/reloc.c > index 9756d61666..14ba6167dd 100644 > --- a/arch/mips/lib/reloc.c > +++ b/arch/mips/lib/reloc.c > @@ -40,8 +40,6 @@ > #include > #include > > -#define MAX_BSS_SIZE SZ_1M > - > void main_entry(void *fdt, u32 fdt_size); > void relocate_code(void *fdt, u32 fdt_size, u32 relocaddr); > > @@ -127,8 +125,10 @@ void relocate_code(void *fdt, u32 fdt_size, u32 ram_size) > unsigned int type; > long off; > > - length = barebox_image_size + MAX_BSS_SIZE; > - relocaddr = ALIGN_DOWN(ram_size - barebox_image_size, SZ_64K); > + bss_len = (unsigned long)&__bss_stop - (unsigned long)__bss_start; > + > + length = barebox_image_size + bss_len; > + relocaddr = ALIGN_DOWN(ram_size - length, SZ_64K); > relocaddr = KSEG0ADDR(relocaddr); > new_stack = relocaddr - MALLOC_SIZE - 16; > > @@ -143,7 +143,7 @@ void relocate_code(void *fdt, u32 fdt_size, u32 ram_size) > panic("Mis-aligned relocation\n"); > > /* Copy Barebox to RAM */ > - memcpy((void *)relocaddr, __image_start, length); > + memcpy((void *)relocaddr, __image_start, barebox_image_size); > > /* Now apply relocations to the copy in RAM */ > buf = __rel_start; > @@ -162,7 +162,6 @@ void relocate_code(void *fdt, u32 fdt_size, u32 ram_size) > > /* Clear the .bss section */ > bss_start = (uint8_t *)((unsigned long)__bss_start + off); > - bss_len = (unsigned long)&__bss_stop - (unsigned long)__bss_start; > memset(bss_start, 0, bss_len); > > __asm__ __volatile__ ( > -- Regards, Oleksij _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox