Message ID | 7eb007e7698f5a1775410bef5765b627744ee9a7.1598289245.git.baruch@tkos.co.il |
---|---|
State | Accepted |
Commit | 7f98b4eeee3278419e901e209d1ffebbc7573d0e |
Delegated to: | Tom Rini |
Headers | show |
Series | image: don't exceed gd->ram_top in bootm_size | expand |
On Mon, Aug 24, 2020 at 08:14:05PM +0300, Baruch Siach wrote: > When board_get_usable_ram_top() limits gd->ram_top, env_get_bootm_size() > must not exceed that limit. Otherwise, boot_relocate_fdt() might put fdt > out of the allowed RAM range. > > The similar commit 8ce1f10cf2b1 ("ARM: bootm: take into account > gd->ram_top") exposed this bug. > > This fixes boot on Armada 8040 based Clearfog GT-8K where ram_top is set > to 0x80000000 (2GB), but bi_dram[0].size might be up to 0xc0000000 > (3GB). Note the relocated fdt address (0xbfff4000) in the console output > listed below: > > Found /extlinux/extlinux.conf > Retrieving file: /extlinux/extlinux.conf > 62 bytes read in 21 ms (2 KiB/s) > 1: linux > Retrieving file: /extlinux/Image > 13740544 bytes read in 1266 ms (10.4 MiB/s) > Retrieving file: /extlinux/armada-8040-clearfog-gt-8k.dtb > 33368 bytes read in 31 ms (1 MiB/s) > Booting using the fdt blob at 0x4f00000 > Loading Device Tree to 00000000bfff4000, end 00000000bffff257 ... "Synchronous Abort" handler, esr 0x96000045 > elr: 000000000006e1cc lr : 0000000000068fd8 (reloc) > elr: 000000007ffa91cc lr : 000000007ffa3fd8 > x0 : ffffffffffffffff x1 : 00000000bfffc258 > x2 : 0000000000000000 x3 : ffffffffffff7da7 > x4 : 0000000004f08258 x5 : 00000000bfff4000 > x6 : 00000000bfff4000 x7 : 000000000000000f > x8 : 000000007fb23bf8 x9 : 0000000000000008 > x10: 00000000bffff257 x11: 00000000bffff257 > x12: 0000000000000000 x13: fffffffffffff000 > x14: 00000000bfff4000 x15: 0000000000000021 > x16: 000000007ff7bc38 x17: 0000000000000000 > x18: 000000007fb2add0 x19: 00000000bfff4000 > x20: 0000000004f00000 x21: 000000000000b258 > x22: 0000000058820000 x23: 0000000000000010 > x24: 000000007ffe3c40 x25: 000000007fb23cb8 > x26: 00000000c0000000 x27: 0000000000000000 > x28: 000000007fc3fd50 x29: 000000007fb23bd0 > > Code: 54000061 aa0603e0 d65f03c0 38606882 (38206822) > Resetting CPU ... > > Thanks to Patrice CHOTARD who directed me to the right way. > > Signed-off-by: Baruch Siach <baruch@tkos.co.il> Applied to u-boot/master, thanks!
diff --git a/common/image.c b/common/image.c index 9d7d5c17d122..da8bccd400dd 100644 --- a/common/image.c +++ b/common/image.c @@ -694,6 +694,9 @@ phys_size_t env_get_bootm_size(void) size = gd->bd->bi_memsize; #endif + if (start + size > gd->ram_top) + size = gd->ram_top - start; + s = env_get("bootm_low"); if (s) tmp = (phys_size_t)simple_strtoull(s, NULL, 16);
When board_get_usable_ram_top() limits gd->ram_top, env_get_bootm_size() must not exceed that limit. Otherwise, boot_relocate_fdt() might put fdt out of the allowed RAM range. The similar commit 8ce1f10cf2b1 ("ARM: bootm: take into account gd->ram_top") exposed this bug. This fixes boot on Armada 8040 based Clearfog GT-8K where ram_top is set to 0x80000000 (2GB), but bi_dram[0].size might be up to 0xc0000000 (3GB). Note the relocated fdt address (0xbfff4000) in the console output listed below: Found /extlinux/extlinux.conf Retrieving file: /extlinux/extlinux.conf 62 bytes read in 21 ms (2 KiB/s) 1: linux Retrieving file: /extlinux/Image 13740544 bytes read in 1266 ms (10.4 MiB/s) Retrieving file: /extlinux/armada-8040-clearfog-gt-8k.dtb 33368 bytes read in 31 ms (1 MiB/s) Booting using the fdt blob at 0x4f00000 Loading Device Tree to 00000000bfff4000, end 00000000bffff257 ... "Synchronous Abort" handler, esr 0x96000045 elr: 000000000006e1cc lr : 0000000000068fd8 (reloc) elr: 000000007ffa91cc lr : 000000007ffa3fd8 x0 : ffffffffffffffff x1 : 00000000bfffc258 x2 : 0000000000000000 x3 : ffffffffffff7da7 x4 : 0000000004f08258 x5 : 00000000bfff4000 x6 : 00000000bfff4000 x7 : 000000000000000f x8 : 000000007fb23bf8 x9 : 0000000000000008 x10: 00000000bffff257 x11: 00000000bffff257 x12: 0000000000000000 x13: fffffffffffff000 x14: 00000000bfff4000 x15: 0000000000000021 x16: 000000007ff7bc38 x17: 0000000000000000 x18: 000000007fb2add0 x19: 00000000bfff4000 x20: 0000000004f00000 x21: 000000000000b258 x22: 0000000058820000 x23: 0000000000000010 x24: 000000007ffe3c40 x25: 000000007fb23cb8 x26: 00000000c0000000 x27: 0000000000000000 x28: 000000007fc3fd50 x29: 000000007fb23bd0 Code: 54000061 aa0603e0 d65f03c0 38606882 (38206822) Resetting CPU ... Thanks to Patrice CHOTARD who directed me to the right way. Signed-off-by: Baruch Siach <baruch@tkos.co.il> --- common/image.c | 3 +++ 1 file changed, 3 insertions(+)