[U-Boot] [PATCH 1/5] Add bmp_layout module for accessing BMP header data

Albert ARIBAUD albert.u.boot at aribaud.net
Mon Feb 4 22:26:28 CET 2013 

Hi Wolfgang,

On Mon, 04 Feb 2013 20:26:18 +0100, Wolfgang Denk <wd at denx.de> wrote:

> Dear Nikita Kiryanov,
> 
> In message <1359977979-28585-2-git-send-email-nikita at compulab.co.il> you wrote:
> > Currently code that displays BMP files does two things:
> > * assume that any address is a valid load address for a BMP
> > * access in-memory BMP header fields directly
> > 
> > Since some BMP header fields are 32 bit wide, this has a potential
> > for causing data aborts when these fields are placed in unaligned
> > addresses.
> > 
> > Create an API for safely accessing BMP header data, and compile it with
> > $(PLATFORM_NO_UNALIGNED) to give it the ability to emulate unaligned memory
> > accesses.
> 
> Frankly,  I think this is overkill.  U-Boot is a bootloader, and it is
> supposed to be lean and eficient.  We don't have all levels of safety
> systems and protective devices as in, for example, an aircraft.  You
> are supposed to know what you are doing, and if you ignore the rules,
> you will quickly see the results yourself.
> 
> There is plenty of other areas where correct opration requires certain
> alignments, and none of these are enforced by U-Boot.  And actually I
> think this is not only acceptable, but good as is.
> 
> "UNIX was not designed to stop you from doing stupid things,  because
> that would also stop you from doing clever things."       - Doug Gwyn
> 
> 
> You talk about BMP header - but we also have alignment requirements
> for image headers, well, even for a plain "md" or "mw" command.  And
> none of these provide any protection against accidsential (or
> intentional) access to unaligned addresses.
> 
> My recommendation is: just don;t do it, then.

The point about md not checking alignment is indeed valid: one should
know that a md.l requires a 4-byte-aligned address or it will abort.

OTOH, a cautious user may think that to ensure proper alignment, a BMP
should be loaded on a 4-byte boundary, but IIUC that it precisely what
will cause the load to fail, due to the sole 4-byte field of the BMP
header being misaligned by two bytes.

So if we leave BMP loading as it is now, the load address will need to
be 16-bit-but-not-32-bit-aligned, which is complicated enough to
require documentation.

Or, the BMP struct could be prepended with two bytes so that the
load address alignment requirement becomes a simple 4-byte boundary,
which most users are... bound... to choose naturally.

But ISTR the idea of prepending two bytes was already discussed and for
some reason it could not work. Jeroen?

> Best regards,
> 
> Wolfgang Denk

Amicalement,
-- 
Albert.

More information about the U-Boot mailing list