bootm.c: Correct the flush_len used in bootm_load_os()
In do_bootm_states when doing BOOTM_STATE_LOADOS we use load_end uninitialized and Coverity notes this now. This however leads down another interesting path. We pass this pointer to bootm_load_os and that in turn uses this uninitialized value immediately to calculate the flush length, and is wrong. We do not know what load_end will be until after bootm_decomp_image is called, so we must only set flush_len after that. All of this also makes it clear that the only reason we pass a pointer for load_end to bootm_load_os is so that we can call lmb_reserve on success. Rather than initialize load_end to 0 in do_bootm_states we can just call lmb_reserve ourself. Reported-by: Coverity (CID: 175572) Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
71412d7231
commit
cc95535867
@ -424,17 +424,17 @@ int bootm_decomp_image(int comp, ulong load, ulong image_start, int type,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifndef USE_HOSTCC
|
#ifndef USE_HOSTCC
|
||||||
static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
|
static int bootm_load_os(bootm_headers_t *images, int boot_progress)
|
||||||
int boot_progress)
|
|
||||||
{
|
{
|
||||||
image_info_t os = images->os;
|
image_info_t os = images->os;
|
||||||
ulong load = os.load;
|
ulong load = os.load;
|
||||||
|
ulong load_end;
|
||||||
ulong blob_start = os.start;
|
ulong blob_start = os.start;
|
||||||
ulong blob_end = os.end;
|
ulong blob_end = os.end;
|
||||||
ulong image_start = os.image_start;
|
ulong image_start = os.image_start;
|
||||||
ulong image_len = os.image_len;
|
ulong image_len = os.image_len;
|
||||||
ulong flush_start = ALIGN_DOWN(load, ARCH_DMA_MINALIGN);
|
ulong flush_start = ALIGN_DOWN(load, ARCH_DMA_MINALIGN);
|
||||||
ulong flush_len = *load_end - load;
|
ulong flush_len;
|
||||||
bool no_overlap;
|
bool no_overlap;
|
||||||
void *load_buf, *image_buf;
|
void *load_buf, *image_buf;
|
||||||
int err;
|
int err;
|
||||||
@ -443,27 +443,28 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
|
|||||||
image_buf = map_sysmem(os.image_start, image_len);
|
image_buf = map_sysmem(os.image_start, image_len);
|
||||||
err = bootm_decomp_image(os.comp, load, os.image_start, os.type,
|
err = bootm_decomp_image(os.comp, load, os.image_start, os.type,
|
||||||
load_buf, image_buf, image_len,
|
load_buf, image_buf, image_len,
|
||||||
CONFIG_SYS_BOOTM_LEN, load_end);
|
CONFIG_SYS_BOOTM_LEN, &load_end);
|
||||||
if (err) {
|
if (err) {
|
||||||
bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
|
bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
flush_len = load_end - load;
|
||||||
if (flush_start < load)
|
if (flush_start < load)
|
||||||
flush_len += load - flush_start;
|
flush_len += load - flush_start;
|
||||||
|
|
||||||
flush_cache(flush_start, ALIGN(flush_len, ARCH_DMA_MINALIGN));
|
flush_cache(flush_start, ALIGN(flush_len, ARCH_DMA_MINALIGN));
|
||||||
|
|
||||||
debug(" kernel loaded at 0x%08lx, end = 0x%08lx\n", load, *load_end);
|
debug(" kernel loaded at 0x%08lx, end = 0x%08lx\n", load, load_end);
|
||||||
bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);
|
bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);
|
||||||
|
|
||||||
no_overlap = (os.comp == IH_COMP_NONE && load == image_start);
|
no_overlap = (os.comp == IH_COMP_NONE && load == image_start);
|
||||||
|
|
||||||
if (!no_overlap && (load < blob_end) && (*load_end > blob_start)) {
|
if (!no_overlap && load < blob_end && load_end > blob_start) {
|
||||||
debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n",
|
debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n",
|
||||||
blob_start, blob_end);
|
blob_start, blob_end);
|
||||||
debug("images.os.load = 0x%lx, load_end = 0x%lx\n", load,
|
debug("images.os.load = 0x%lx, load_end = 0x%lx\n", load,
|
||||||
*load_end);
|
load_end);
|
||||||
|
|
||||||
/* Check what type of image this is. */
|
/* Check what type of image this is. */
|
||||||
if (images->legacy_hdr_valid) {
|
if (images->legacy_hdr_valid) {
|
||||||
@ -478,6 +479,8 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
lmb_reserve(&images->lmb, images->os.load, (load_end -
|
||||||
|
images->os.load));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -629,14 +632,9 @@ int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[],
|
|||||||
|
|
||||||
/* Load the OS */
|
/* Load the OS */
|
||||||
if (!ret && (states & BOOTM_STATE_LOADOS)) {
|
if (!ret && (states & BOOTM_STATE_LOADOS)) {
|
||||||
ulong load_end;
|
|
||||||
|
|
||||||
iflag = bootm_disable_interrupts();
|
iflag = bootm_disable_interrupts();
|
||||||
ret = bootm_load_os(images, &load_end, 0);
|
ret = bootm_load_os(images, 0);
|
||||||
if (ret == 0)
|
if (ret && ret != BOOTM_ERR_OVERLAP)
|
||||||
lmb_reserve(&images->lmb, images->os.load,
|
|
||||||
(load_end - images->os.load));
|
|
||||||
else if (ret && ret != BOOTM_ERR_OVERLAP)
|
|
||||||
goto err;
|
goto err;
|
||||||
else if (ret == BOOTM_ERR_OVERLAP)
|
else if (ret == BOOTM_ERR_OVERLAP)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user