Hi Marek,
On Sun, 10 Oct 2021 at 15:52, marek.vasut@gmail.com wrote:
From: Marek Vasut marek.vasut+renesas@gmail.com
The loads srec loading may overwrite piece of U-Boot accidentally. Prevent that by using LMB to detect whether upcoming write would overwrite piece of reserved U-Boot code, and if that is the case, abort the srec loading.
Signed-off-by: Marek Vasut marek.vasut+renesas@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Tom Rini trini@konsulko.com
cmd/load.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/cmd/load.c b/cmd/load.c index 249ebd4ae0..7e4a552d90 100644 --- a/cmd/load.c +++ b/cmd/load.c @@ -16,6 +16,7 @@ #include <exports.h> #include <flash.h> #include <image.h> +#include <lmb.h> #include <mapmem.h> #include <net.h> #include <s_record.h> @@ -137,6 +138,7 @@ static int do_load_serial(struct cmd_tbl *cmdtp, int flag, int argc,
static ulong load_serial(long offset) {
struct lmb lmb; char record[SREC_MAXRECLEN + 1]; /* buffer for one S-Record */ char binbuf[SREC_MAXBINLEN]; /* buffer for binary data */ int binlen; /* no. of data bytes in S-Rec. */@@ -147,6 +149,9 @@ static ulong load_serial(long offset) ulong start_addr = ~0; ulong end_addr = 0; int line_count = 0;
long ret;lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob); while (read_record(record, SREC_MAXRECLEN + 1) >= 0) { type = srec_decode(record, &binlen, &addr, binbuf);@@ -172,7 +177,14 @@ static ulong load_serial(long offset) } else #endif {
ret = lmb_reserve(&lmb, store_addr, binlen);if (ret) {printf("\nCannot overwrite reserved area (%08lx..%08lx)\n",store_addr, store_addr + binlen);return ret;} memcpy((char *)(store_addr), binbuf, binlen);lmb_free(&lmb, store_addr, binlen); } if ((store_addr) < start_addr) start_addr = store_addr;-- 2.33.0
Reviewed-by: Simon Glass sjg@chromium.org
This code looks OK but I don't know what lmb_reserve() and lmb_free() do. Can you add comments to the header file?
Regards, Simon