From: "Matthias Weißer" <weisserm@arcor.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] Strange CFI flash problem
Date: Mon, 14 Apr 2014 10:51:23 +0200 [thread overview]
Message-ID: <534BA18B.5050509@arcor.de> (raw)
In-Reply-To: <534B7BA4.8070100@arcor.de>
Am 14.04.2014 08:09, schrieb Matthias Wei?er:
> Hi Wolfgang
>
> Am 11.04.2014 12:43, schrieb Wolfgang Denk:
>> Dear Matthias,
>>
>> In message <5347BBBC.9000806@arcor.de> you wrote:
>>>
>>> we are currently trying to get an out-of-tree board based on 2013.01
>>> back in sync with current master and observing a strange behavior which
>>> we think is located in the CFI flash system. If we load an image via
>>> tftp, copy it to flash and then try to run the image via bootm we see an
>>> error while decomressing:
>> ...
>>> Uncompressing Kernel Image ... LZO: uncompress or overwrite error -5
>>
>> Are you sure your malloc arena is big enough for LZO? Try if
>> increasing it helps...
>
> We increaded it from 4MB to 8MB and the behavior is still the same.
>
> We also observed a different behavior when tftping the image to RAM and
> then directly executing it without copying it to flash. It seems that
> the flash device (EN29GL256H) is then in some a mode (maybe auto-select)
> which prevents it from normal read operations which doesn't allow the
> flash driver of the OS come up. We never saw this with our old u-boot.
> If there are no ideas left we will have to bisect the problem.
Bisecting was successfull. The commit introducing the problem is
commit ff9d2efdbf1b3b5263f81e843c6724b8bead7f1f
Author: Kees Cook <keescook@chromium.org>
Date: Fri Aug 16 07:59:15 2013 -0700
lzo: correctly bounds-check output buffer
This checks the size of the output buffer and fails if it was going to
overflow the buffer during lzo decompression.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
This commit introduced the usage of the dst_len output parameter as
additional input parameter containing the maximum output buffer size.
This parameter isn't initialized in cmd_bootm.c:
454 #ifdef CONFIG_LZO
455 case IH_COMP_LZO: {
456 size_t size;
457
458 printf(" Uncompressing %s ... ", type_name);
459
460 ret = lzop_decompress(image_buf, image_len, load_buf, &size);
Setting size to some big value (SZE_MAX is not avialable) fixed the
behavior but I am unsure if this is the correct solution. I think its
hard to get the max output buffer size at this point in cmd_bootm.c.
Regards
Matthias
next prev parent reply other threads:[~2014-04-14 8:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-11 9:54 [U-Boot] Strange CFI flash problem Matthias Weißer
2014-04-11 10:43 ` Wolfgang Denk
2014-04-14 6:09 ` Matthias Weißer
2014-04-14 8:51 ` Matthias Weißer [this message]
2014-04-14 15:38 ` Kees Cook
2014-04-15 5:48 ` Matthias Weißer
2014-04-15 17:27 ` Kees Cook
2014-04-15 17:29 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=534BA18B.5050509@arcor.de \
--to=weisserm@arcor.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.