[SLOF] [PATCH 2/9] obp-tftp: Make sure to not overwrite paflof in memory
Thomas Huth
thuth at redhat.com
Sat May 19 01:20:46 AEST 2018
On 18.05.2018 16:37, Greg Kurz wrote:
> On Thu, 17 May 2018 19:40:49 +0200
> Thomas Huth <thuth at redhat.com> wrote:
>
>> The obp-tftp package is currently using an arbitrary large value
>> as maximal load size. If the downloaded file is big enough, we
>> can easily erase Paflof in memory this way. Let's make sure that
>> this can not happen by limiting the size to the amount of memory
>> below the Paflof binary (which is close to the end of the RAM).
>>
>> Signed-off-by: Thomas Huth <thuth at redhat.com>
>> ---
>> slof/fs/packages/obp-tftp.fs | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/slof/fs/packages/obp-tftp.fs b/slof/fs/packages/obp-tftp.fs
>> index 19c11e1..7be56ed 100644
>> --- a/slof/fs/packages/obp-tftp.fs
>> +++ b/slof/fs/packages/obp-tftp.fs
>> @@ -24,7 +24,7 @@ s" obp-tftp" device-name
>> my-parent ihandle>phandle node>path encode-string
>> s" bootpath" set-chosen
>>
>> - 60000000 ( addr maxlen )
>> + paflof-start over - ( addr maxlen )
>>
>
> Default load-base is 0x4000 with qemu, but it is 0x10000000 for js2x.
>
> Are we sure that paflof-start > load-base for js2x ?
Oh, you've got a point here. If I get board-js2x/llfw/stage2.c and
slof/OF.lds right, Paflof is loaded to 0x0E100100 there. So it seems
like I've got to rework this, I guess something like this should do the job:
( addr )
dup paflof-start < IF
paflof-start over -
ELSE
MIN-RAM-SIZE over -
THEN
Thomas
More information about the SLOF
mailing list