[U-Boot] [U-Boot, 1/5] mmc: dw_mmc: prevent silent memory corruption when stack and heap are too small

Philipp Tomsich philipp.tomsich at theobroma-systems.com
Fri Jul 20 16:30:03 UTC 2018


> ALLOC_CACHE_ALIGN_BUFFER was called here in a way to alloc in stack a
> possible huge quantity of memory depending on data transer size.
> 
> Es: loading kernel 8MB from eMMC we have
> Transfer size:   0x800000
> Block size:      0x200
> Transfer blocks: 0x4000
> struct size:     0x10
> Stack allocation: ((0x200 / 8) + 1) * 0x10 = 0x8010 (~32KB)
> 
> Since this allocation is done on stack, there is no current way to get
> an error on stack memory limit exceeded, overlapping heap space on
> environments with very strict stack + heap limits like TPL or SPL (where
> malloc size can be 16KB).
> Results are silent corruptions of heap on mmc transfer and random errors
> or CPU hang.
> 
> Using malloc_cache_aligned() we will alloc slightly bigger buffers
> but we do have evidence about memory allocation failure allowing developer
> to recognize the issue and take actions.
> 
> Signed-off-by: Alberto Panizzo <alberto at amarulasolutions.com>
> ---
>  drivers/mmc/dw_mmc.c | 33 +++++++++++++++++++++++++--------
>  1 file changed, 25 insertions(+), 8 deletions(-)
> 

Reviewed-by: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>


More information about the U-Boot mailing list