[v1,0/2] bootm: bound noload kernel decompression to the allocated buffer
Simon Glass
sjg at chromium.org
Wed May 27 07:04:11 CEST 2026
Hi Aristo,
On 2026-05-20T04:45:49, Aristo Chen <aristo.chen at canonical.com> wrote:
> A 4x compression ratio is at the edge of what modern compressors
> (zstd, xz) achieve on real kernels, and is trivially exceeded by
> crafted, highly compressible payloads, so this is reachable both
> accidentally and intentionally.
In that case, perhaps we should have a third patch that either bumps
the multiplier (8x feels safer and still bounded), or makes the
headroom CONFIG-tunable, so users with well-compressed kernels do not
have to bisect to find out why their board stopped booting?
I believe in each case it is also possible to find out the decomp size
by looking at the header.
> Patch 2 adds a sandbox py-test that builds a FIT with a compressed
> kernel_noload image whose decompressed size exceeds the per-image
> buffer
Just an idea...you could also perhaps add a test for the boundary -
i.e. an image exactly at the buffer limit.
Regards,
Simon
More information about the U-Boot
mailing list