[U-Boot] EABI 4.2 - Alessandro Rubini

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Alessandro Rubini <rubini-list@gnudd.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] EABI 4.2
Date: Tue, 16 Mar 2010 23:18:45 +0100	[thread overview]
Message-ID: <20100316221845.GA12753@morgana.gnudd.com> (raw)
In-Reply-To: <fe7c83ac1003161150i6e7fc68eh54a96c6566ca4553@mail.gmail.com>

Hello.

> I have not received any updates from the gcc mailing list.  Has anyone
> got any more ideas on this? Thanks!

Out of curiosity, I tried to reproduce the problem. I added EXT2 to my
binary and recompiled with eldk-4.2. As a reminder, this is the
source:

    if (dirent.namelen != 0) {
            char filename[dirent.namelen + 1];
            ext2fs_node_t fdiro;
            int type = FILETYPE_UNKNOWN;

            status = ext2fs_read_file (diro,
                                       fpos + sizeof (struct ext2_dirent),
                                       dirent.namelen, filename);

Note that namelen is a uint8_t. What follows is the disassembled u-boot.
My comments follow each groups of lines.

   a182025c:       e55b2026        ldrb    r2, [fp, #-38]
   a1820260:       e3520000        cmp     r2, #0  ; 0x0
   a1820264:       0a000077        beq     a1820448 <ext2fs_iterate_dir+0x254>

[so r2 is namelen]

   a1820268:       e282300f        add     r3, r2, #15     ; 0xf
   a182026c:       e2033f7e        and     r3, r3, #504    ; 0x1f8

so here r3 is (namelen + 0xf) & 0x1f8 . I don't understand the "&0x1f8" since
r2 was known to be 8 bits at most.

   a1820270:       e50bd034        str     sp, [fp, #-52]
   a1820274:       e063d00d        rsb     sp, r3, sp

stack pointer has been saved, and sp takes sp - r3. Looks fine.

   a1820278:       e1a041ad        lsr     r4, sp, #3
   a182027c:       e51b3030        ldr     r3, [fp, #-48]
   a1820280:       e1a0a184        lsl     sl, r4, #3

shift back and forth to align sp ("ldr r3" in the middle is fpos, used
in building arguments for ext2fs_read_file).

   a1820284:       e1a00007        mov     r0, r7
   a1820288:       e2831008        add     r1, r3, #8      ; 0x8
   a182028c:       e1a0300a        mov     r3, sl
   a1820290:       ebfffe77        bl      a181fc74 <ext2fs_read_file>

So everything looks fine. I also tried a standalone program with both
a uint16_t and the official uint8_t namelen and it works fine (there
is no "& 0x1f8" any more in the assembly for 16-bit lengths).  In that
test the callee has a stack pointer which is as low as needed according
to the namelen used by the caller.

Therefore, I suspect your problem can come out of
ext2fs_read_file. However, the calculations there look good to me
(actually, everybody uses them, so they must be good for normal uses).

However, in ext2fs_read_file, there might be an issue in the first
block (which "is not stored on disk but is zero filled instead"):

                        memset (buf, 0, blocksize - skipfirst);
should be
                        memset (buf, 0, blockend - skipfirst);

where blockend is == blocksize but might be shorter in the last block
of the read. So if you are reading a dirent in the first block you
might have a problem of stack overflow.

But I don't expect you'll read a dirent from first block, and even if
it was, then namelen would be zero as well.  I suspect your problem is
elsewhere, although I can't imagine where, as this code doesn't look
like something that can stack overflow even if misused.

/alessandro

next prev parent reply	other threads:[~2010-03-16 22:18 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <c166aa9f1003100750x40bdcef5vd41aed0b9036961a@mail.gmail.com>
2010-03-10 16:20 ` [U-Boot] EABI 4.2 Martin Krause
2010-03-10 16:35   ` Joakim Tjernlund
2010-03-10 16:52     ` Martin Krause
2010-03-10 17:29       ` Joakim Tjernlund
2010-03-11 10:11         ` Martin Krause
2010-03-11 16:27           ` Praveen G K
2010-03-12  9:04             ` Detlev Zundel
2010-03-12 16:12               ` Praveen G K
2010-03-16 18:50                 ` Praveen G K
2010-03-16 22:18                   ` Alessandro Rubini [this message]
2010-03-17  7:48           ` Simon Kagstrom
2010-03-17 14:53             ` Praveen G K
2010-03-17 15:12               ` Simon Kagstrom
2010-03-21 17:04                 ` Wolfgang Denk
2010-04-09 21:07             ` Wolfgang Denk
2010-04-17 21:44               ` Tom Rix
2010-04-19 11:07                 ` Detlev Zundel
     [not found] <fe7c83ac1003091131g51889459p5e094e5cb74055db@mail.gmail.com>
2010-03-09 19:34 ` [U-Boot] Fwd: " Praveen G K
2010-03-09 19:34   ` [U-Boot] " Praveen G K
2010-03-10 11:09     ` Martin Krause
2010-03-10 14:44       ` Praveen G K
2010-03-10 15:20         ` Martin Krause
2010-03-10 15:43           ` Detlev Zundel
2010-03-10 16:23             ` Martin Krause
2010-03-10 15:42         ` Wolfgang Denk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100316221845.GA12753@morgana.gnudd.com \
    --to=rubini-list@gnudd.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox