[U-Boot] [PATCH v8 17/30] sandbox: Enhance map_to_sysmem() to handle foreign pointers

Alexander Graf agraf at suse.de
Thu Jun 21 10:10:39 UTC 2018


On 06/21/2018 04:01 AM, Simon Glass wrote:
> Hi Alex,
>
> On 18 June 2018 at 08:50, Alexander Graf <agraf at suse.de> wrote:
>> On 06/18/2018 04:08 PM, Simon Glass wrote:
>>> At present map_sysmem() maps an address into the sandbox RAM buffer,
>>> return a pointer, while map_to_sysmem() goes the other way.
>>>
>>> The mapping is currently just 1:1 since a case was not found where a more
>>> flexible mapping was needed. PCI does have a separate and more complex
>>> mapping, but uses its own mechanism.
>>>
>>> However this arrange cannot handle one important case, which is where a
>>> test declares a stack variable and passes a pointer to it into a U-Boot
>>> function which uses map_to_sysmem() to turn it into a address. Since the
>>> pointer is not inside emulated DRAM, this will fail.
>>>
>>> Add a mapping feature which can handle any such pointer, mapping it to a
>>> simple tag value which can be passed around in U-Boot as an address.
>>>
>>> Signed-off-by: Simon Glass <sjg at chromium.org>
>>> ---
>>>
>>> Changes in v8: None
>>> Changes in v7: None
>>> Changes in v6: None
>>> Changes in v5: None
>>> Changes in v4: None
>>> Changes in v3: None
>>> Changes in v2: None
>>>
>>>    arch/sandbox/cpu/cpu.c           | 141 +++++++++++++++++++++++++++++--
>>>    arch/sandbox/cpu/state.c         |   8 ++
>>>    arch/sandbox/include/asm/state.h |  21 +++++
>>>    3 files changed, 161 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/arch/sandbox/cpu/cpu.c b/arch/sandbox/cpu/cpu.c
>>> index cde0b055a6..fd77603ebf 100644
>>> --- a/arch/sandbox/cpu/cpu.c
>>> +++ b/arch/sandbox/cpu/cpu.c
>>> @@ -57,14 +57,104 @@ int cleanup_before_linux_select(int flags)
>>>          return 0;
>>>    }
>>>    +/**
>>> + * is_in_sandbox_mem() - Checks if a pointer is within sandbox's emulated
>>> DRAM
>>> + *
>>> + * This provides a way to check if a pointer is owned by sandbox (and is
>>> within
>>> + * its RAM) or not. Sometimes pointers come from a test which
>>> conceptually runs
>>> + * output sandbox, potentially with direct access to the C-library
>>> malloc()
>>> + * function, or the sandbox stack (which is not actually within the
>>> emulated
>>> + * DRAM.
>>> + *
>>> + * Such pointers obviously cannot be mapped into sandbox's DRAM, so we
>>> must
>>> + * detect them an process them separately, by recording a mapping to a
>>> tag,
>>> + * which we can use to map back to the pointer later.
>>> + *
>>> + * @ptr: Pointer to check
>>> + * @return true if this is within sandbox emulated DRAM, false if not
>>> + */
>>> +static bool is_in_sandbox_mem(const void *ptr)
>>> +{
>>> +       return (const uint8_t *)ptr >= gd->arch.ram_buf &&
>>> +               (const uint8_t *)ptr < gd->arch.ram_buf + gd->ram_size;
>>
>> Greater/Less comparisons on pointers are invalid (albeit used) C IIRC. You
>> should cast to uintptr_t instead and compare those.
> Reference? That is news to me :-)

https://port70.net/~nsz/c/c11/n1570.html#6.5.8

Point 5. Since we're not in an array or a struct member, we fall into 
the "In all other cases, the behavior is undefined" case. Our compiler 
people basically recommend to convert to uintptr_t first and compare 
then. That way behavior is always defined.


Alex



More information about the U-Boot mailing list