[U-Boot] [U-Boot, 1/5] mmc: dw_mmc: prevent silent memory corruption when stack and heap are too small
Philipp Tomsich
philipp.tomsich at theobroma-systems.com
Fri Jul 20 16:30:03 UTC 2018
> ALLOC_CACHE_ALIGN_BUFFER was called here in a way to alloc in stack a
> possible huge quantity of memory depending on data transer size.
>
> Es: loading kernel 8MB from eMMC we have
> Transfer size: 0x800000
> Block size: 0x200
> Transfer blocks: 0x4000
> struct size: 0x10
> Stack allocation: ((0x200 / 8) + 1) * 0x10 = 0x8010 (~32KB)
>
> Since this allocation is done on stack, there is no current way to get
> an error on stack memory limit exceeded, overlapping heap space on
> environments with very strict stack + heap limits like TPL or SPL (where
> malloc size can be 16KB).
> Results are silent corruptions of heap on mmc transfer and random errors
> or CPU hang.
>
> Using malloc_cache_aligned() we will alloc slightly bigger buffers
> but we do have evidence about memory allocation failure allowing developer
> to recognize the issue and take actions.
>
> Signed-off-by: Alberto Panizzo <alberto at amarulasolutions.com>
> ---
> drivers/mmc/dw_mmc.c | 33 +++++++++++++++++++++++++--------
> 1 file changed, 25 insertions(+), 8 deletions(-)
>
Reviewed-by: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>
More information about the U-Boot
mailing list