[BUG] fdt_pack_reg in common/fdt_support.c can cause crash from unaligned access
Simon Glass
sjg at google.com
Mon Jul 10 21:45:46 CEST 2023
Hi David,
On Sun, 9 Jul 2023 at 19:11, David Virag <virag.david003 at gmail.com> wrote:
>
> Hi,
>
> I'm trying to port U-Boot to a new board (Samsung JACKPOTLTE, ARMv8,
> Exynos7885) but when CONFIG_ARCH_FIXUP_FDT_MEMORY is enabled, the bootm
> command leads to an unaligned memory access, which results in a
> synchronous abort.
>
> After a long debugging session, I concluded that fdt_pack_reg in
> common/fdt_support.c writes to unaligned addresses in its for loop.
> In the case of address_cells being 2, and size_cells being 1, the
> buffer pointer gets incremented by 12 in each loop, making the second
> iteration (i=1) write a 64bit value to a non 64bit aligned address.
>
> Turning the alignment check enable bit (A) off in SCTLR makes the
> function work as intended. I couldn't find code that touches this bit,
> but I may have missed something. I don't think writing in two parts
> should be the fix, but something should be done about this. As far as I
> understand, any arm64 board that has this bit turned on, either from
> previous code or just the initial status of the bit after power on,
> could crash here.
>
> This is on top of the latest commit as of now
> (0beb649053b86b2cfd5cf55a0fc68bc2fe91a430)
>
> What should be done here?
+Tom Rini
>
> Best regards,
> David
More information about the U-Boot
mailing list