Hi Wolfgang,
On Mon, 04 Feb 2013 20:26:18 +0100, Wolfgang Denk wd@denx.de wrote:
Dear Nikita Kiryanov,
In message 1359977979-28585-2-git-send-email-nikita@compulab.co.il you wrote:
Currently code that displays BMP files does two things:
- assume that any address is a valid load address for a BMP
- access in-memory BMP header fields directly
Since some BMP header fields are 32 bit wide, this has a potential for causing data aborts when these fields are placed in unaligned addresses.
Create an API for safely accessing BMP header data, and compile it with $(PLATFORM_NO_UNALIGNED) to give it the ability to emulate unaligned memory accesses.
Frankly, I think this is overkill. U-Boot is a bootloader, and it is supposed to be lean and eficient. We don't have all levels of safety systems and protective devices as in, for example, an aircraft. You are supposed to know what you are doing, and if you ignore the rules, you will quickly see the results yourself.
There is plenty of other areas where correct opration requires certain alignments, and none of these are enforced by U-Boot. And actually I think this is not only acceptable, but good as is.
"UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." - Doug Gwyn
You talk about BMP header - but we also have alignment requirements for image headers, well, even for a plain "md" or "mw" command. And none of these provide any protection against accidsential (or intentional) access to unaligned addresses.
My recommendation is: just don;t do it, then.
The point about md not checking alignment is indeed valid: one should know that a md.l requires a 4-byte-aligned address or it will abort.
OTOH, a cautious user may think that to ensure proper alignment, a BMP should be loaded on a 4-byte boundary, but IIUC that it precisely what will cause the load to fail, due to the sole 4-byte field of the BMP header being misaligned by two bytes.
So if we leave BMP loading as it is now, the load address will need to be 16-bit-but-not-32-bit-aligned, which is complicated enough to require documentation.
Or, the BMP struct could be prepended with two bytes so that the load address alignment requirement becomes a simple 4-byte boundary, which most users are... bound... to choose naturally.
But ISTR the idea of prepending two bytes was already discussed and for some reason it could not work. Jeroen?
Best regards,
Wolfgang Denk
Amicalement,