From: Anatolij Gustschin <agust@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/3] post/lib_powerpc/multi.c: fix stack overflow error
Date: Fri, 23 Dec 2011 17:06:40 +0100 [thread overview]
Message-ID: <20111223170640.18cfe56f@wker> (raw)
In-Reply-To: <1324639752-26856-3-git-send-email-wd@denx.de>
Hello Wolfgang,
On Fri, 23 Dec 2011 12:29:12 +0100
Wolfgang Denk <wd@denx.de> wrote:
> The code and comment disagreed: the comment claimed that r6...r31
> were copied, and consequently the arrays for "src" and "dst" were
> declared with 26 entries, but the actual code ("lmw r5,0(r3)" and
> "stmw r5,0(r4)") copied _27_ words (r5 through r31), which resulted
> in false "POST cpu Error at multi test" messages.
Great! Thanks for fixing this bug!
Acked-by: Anatolij Gustschin <agust@denx.de>
Tested-by: Anatolij Gustschin <agust@denx.de>
But I wonder why didn't we see it with U-Boot built using older
GCC versions.
Since only 26 words will be compared after the test, the issue
only shows up if the destination buffer is placed at lower
addresses on the stack than the source buffer. In this case the
first word in the source buffer is overwritten. GCC 4.6.1 generated
code which changed the order of src[] and dst[] on the stack and
the hidden bug showed up.
Here is a partial dump of each buffer and additionally a
dump of the following word. The buffer address is in
parenthesis:
with GCC 4.2.2:
00: src(03e51c74) 0x00000000, dst(03e51cdc) 0x00000000
01: src(03e51c78) 0x00000001, dst(03e51ce0) 0x00000000
...
25: src(03e51cd8) 0x00000019, dst(03e51d40) 0x00000000
26: src(03e51cdc) 0x00000000, dst(03e51d44) 0x00000000
Test result:
00: src(03e51c74) 0x00000000, dst(03e51cdc) 0x00000000
01: src(03e51c78) 0x00000001, dst(03e51ce0) 0x00000001
...
25: src(03e51cd8) 0x00000019, dst(03e51d40) 0x00000019
26: src(03e51cdc) 0x00000000, dst(03e51d44) 0x00000000
with GCC 4.6.1:
00: src(03e57cf4) 0x00000000, dst(03e57c8c) 0x00000000
01: src(03e57cf8) 0x00000001, dst(03e57c90) 0x00000000
...
25: src(03e57d58) 0x00000019, dst(03e57cf0) 0x00000000
26: src(03e57d5c) 0x03f9c3c0, dst(03e57cf4) 0x00000000
Test result:
Error at multi test !
00: src(03e57cf4) 0x03f9c3c0, dst(03e57c8c) 0x00000000
01: src(03e57cf8) 0x00000001, dst(03e57c90) 0x00000001
...
25: src(03e57d58) 0x00000019, dst(03e57cf0) 0x00000019
26: src(03e57d5c) 0x03f9c3c0, dst(03e57cf4) 0x03f9c3c0
Thanks,
Anatolij
next prev parent reply other threads:[~2011-12-23 16:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-22 23:21 [U-Boot] CPU POST on MPC5200 fails with U-Boot built using GCC 4.6.1 Anatolij Gustschin
2011-12-23 11:29 ` [U-Boot] [PATCH 1/3] post/lib_powerpc/multi.c: make checkpatch clean Wolfgang Denk
2011-12-23 11:29 ` [U-Boot] [PATCH 2/3] post/lib_powerpc/multi.c: code cleanup Wolfgang Denk
2011-12-23 12:45 ` Anatolij Gustschin
2011-12-23 19:07 ` Wolfgang Denk
2011-12-23 11:29 ` [U-Boot] [PATCH 3/3] post/lib_powerpc/multi.c: fix stack overflow error Wolfgang Denk
2011-12-23 16:06 ` Anatolij Gustschin [this message]
2011-12-23 19:10 ` Wolfgang Denk
2011-12-23 19:08 ` Wolfgang Denk
2011-12-23 12:39 ` [U-Boot] [PATCH 1/3] post/lib_powerpc/multi.c: make checkpatch clean Anatolij Gustschin
2011-12-23 19:07 ` Wolfgang Denk
2011-12-23 19:06 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111223170640.18cfe56f@wker \
--to=agust@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox