From mboxrd@z Thu Jan 1 00:00:00 1970 From: Albert ARIBAUD Date: Mon, 4 Feb 2013 22:26:28 +0100 Subject: [U-Boot] [PATCH 1/5] Add bmp_layout module for accessing BMP header data In-Reply-To: <20130204192618.529EF200113@gemini.denx.de> References: <1359977979-28585-1-git-send-email-nikita@compulab.co.il> <1359977979-28585-2-git-send-email-nikita@compulab.co.il> <20130204192618.529EF200113@gemini.denx.de> Message-ID: <20130204222628.545da91e@lilith> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Wolfgang, On Mon, 04 Feb 2013 20:26:18 +0100, Wolfgang Denk wrote: > Dear Nikita Kiryanov, > > In message <1359977979-28585-2-git-send-email-nikita@compulab.co.il> you wrote: > > Currently code that displays BMP files does two things: > > * assume that any address is a valid load address for a BMP > > * access in-memory BMP header fields directly > > > > Since some BMP header fields are 32 bit wide, this has a potential > > for causing data aborts when these fields are placed in unaligned > > addresses. > > > > Create an API for safely accessing BMP header data, and compile it with > > $(PLATFORM_NO_UNALIGNED) to give it the ability to emulate unaligned memory > > accesses. > > Frankly, I think this is overkill. U-Boot is a bootloader, and it is > supposed to be lean and eficient. We don't have all levels of safety > systems and protective devices as in, for example, an aircraft. You > are supposed to know what you are doing, and if you ignore the rules, > you will quickly see the results yourself. > > There is plenty of other areas where correct opration requires certain > alignments, and none of these are enforced by U-Boot. And actually I > think this is not only acceptable, but good as is. > > "UNIX was not designed to stop you from doing stupid things, because > that would also stop you from doing clever things." - Doug Gwyn > > > You talk about BMP header - but we also have alignment requirements > for image headers, well, even for a plain "md" or "mw" command. And > none of these provide any protection against accidsential (or > intentional) access to unaligned addresses. > > My recommendation is: just don;t do it, then. The point about md not checking alignment is indeed valid: one should know that a md.l requires a 4-byte-aligned address or it will abort. OTOH, a cautious user may think that to ensure proper alignment, a BMP should be loaded on a 4-byte boundary, but IIUC that it precisely what will cause the load to fail, due to the sole 4-byte field of the BMP header being misaligned by two bytes. So if we leave BMP loading as it is now, the load address will need to be 16-bit-but-not-32-bit-aligned, which is complicated enough to require documentation. Or, the BMP struct could be prepended with two bytes so that the load address alignment requirement becomes a simple 4-byte boundary, which most users are... bound... to choose naturally. But ISTR the idea of prepending two bytes was already discussed and for some reason it could not work. Jeroen? > Best regards, > > Wolfgang Denk Amicalement, -- Albert.