[SLOF] [PATCH 2/9] obp-tftp: Make sure to not overwrite paflof in memory

Thomas Huth thuth at redhat.com
Sat May 19 01:20:46 AEST 2018


On 18.05.2018 16:37, Greg Kurz wrote:
> On Thu, 17 May 2018 19:40:49 +0200
> Thomas Huth <thuth at redhat.com> wrote:
> 
>> The obp-tftp package is currently using an arbitrary large value
>> as maximal load size. If the downloaded file is big enough, we
>> can easily erase Paflof in memory this way. Let's make sure that
>> this can not happen by limiting the size to the amount of memory
>> below the Paflof binary (which is close to the end of the RAM).
>>
>> Signed-off-by: Thomas Huth <thuth at redhat.com>
>> ---
>>  slof/fs/packages/obp-tftp.fs | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/slof/fs/packages/obp-tftp.fs b/slof/fs/packages/obp-tftp.fs
>> index 19c11e1..7be56ed 100644
>> --- a/slof/fs/packages/obp-tftp.fs
>> +++ b/slof/fs/packages/obp-tftp.fs
>> @@ -24,7 +24,7 @@ s" obp-tftp" device-name
>>      my-parent ihandle>phandle node>path encode-string
>>      s" bootpath" set-chosen
>>  
>> -    60000000                        ( addr maxlen )
>> +    paflof-start over -         ( addr maxlen )
>>  
> 
> Default load-base is 0x4000 with qemu, but it is 0x10000000 for js2x.
> 
> Are we sure that paflof-start > load-base for js2x ?

Oh, you've got a point here. If I get board-js2x/llfw/stage2.c and
slof/OF.lds right, Paflof is loaded to 0x0E100100 there. So it seems
like I've got to rework this, I guess something like this should do the job:

   ( addr )
   dup paflof-start < IF
       paflof-start over -
   ELSE
       MIN-RAM-SIZE over -
   THEN

 Thomas


More information about the SLOF mailing list