[U-Boot] lib: lmb: fix overflow in __lmb_alloc_base w/ large RAM
Tom Rini
trini at ti.com
Mon Aug 11 00:23:27 CEST 2014
On Thu, Jul 31, 2014 at 01:40:07PM -0600, Stephen Warren wrote:
> From: Stephen Warren <swarren at nvidia.com>
>
> If a 32-bit system has 2GB of RAM, and the base address of that RAM is
> 2GB, then start+size will overflow a 32-bit value (to a value of 0).
>
> __lmb_alloc_base is affected by this; it calculates the minimum of
> (start+size of RAM) and max_addr. However, when start+size is 0, it
> is always less than max_addr, which causes the value of max_addr not
> to be taken into account when restricting the allocation's location.
>
> Fix this by calculating start+size separately, and if that calculation
> underflows, using -1 (interpreted as the max unsigned value) as the
> value instead, and then taking the min of that and max_addr. Now that
> start+size doesn't overflow, it's typically large, and max_addr
> dominates the min() call, and is taken into account.
>
> The user-visible symptom of this bug is that CONFIG_BOOTMAP_SZ is ignored
> on Tegra124 systems with 2GB of RAM, which in turn causes the DT to be
> relocated at the very end of RAM, which the ARM Linux kernel doesn't map
> during early boot, and which causes boot failures. With this fix,
> CONFIG_BOOTMAP_SZ correctly restricts the relocated DT to a much lower
> address, and everything works.
>
> Signed-off-by: Stephen Warren <swarren at nvidia.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140810/f61dc96b/attachment.pgp>
More information about the U-Boot
mailing list