From: Albert ARIBAUD <albert.u.boot@aribaud.net>
To: u-boot@lists.denx.de
Subject: [U-Boot] memory corruption on nios2 due to overlap of gbl data and malloc
Date: Tue, 28 Feb 2012 23:29:36 +0100 [thread overview]
Message-ID: <4F4D5550.7010701@aribaud.net> (raw)
In-Reply-To: <4F42D61C.6080201@alexhornung.com>
Hi Alex,
Le 21/02/2012 00:24, Alex Hornung a ?crit :
> Hi,
>
> I've run into some memory corruption due to an error in the logic used
> to allocate the bd (and gd) during board_init of the nios2.
>
>
> #define CONFIG_SYS_GBL_DATA_OFFSET (CONFIG_SYS_MALLOC_BASE - \
> GENERATED_GBL_DATA_SIZE)
> [...]
>
> gd = (gd_t *)CONFIG_SYS_GBL_DATA_OFFSET;
> [...]
> gd->bd = (bd_t *)(gd+1); /* At end of global data */
> [...]
> mem_malloc_init(CONFIG_SYS_MALLOC_BASE, CONFIG_SYS_MALLOC_LEN);
>
> The relevant points here are that CONFIG_SYS_GBL_DATA_OFFSET is
> GENERATED_GBL_DATA_SIZE (80) bytes below the CONFIG_SYS_MALLOC_BASE.
>
> Given that gd is 68 bytes big, now the start of bd is only 12 bytes from
> the beginning of the malloc base - but the size of bd is 36 bytes!
So GENERATED_GBL_DATA_SIZE is wrong if it was supposed to contain both
gd and bd, which I suspect is not the case; but if it is supposed to
only contain a gd, then the definition of CONFIG_SYS_GBL_DATA_OFFSET is
wrong in that it does not account for gd and bd as it should.
(BTW, what makes GENERATED_GBL_DATA_SIZE different from sizeof(gd_t)?)
> In other words, bd and the malloc base overlap, causing memory
> corruption in some of the malloc'd memory when some bd elements are
> populated. In my case in particular some content of the flash mtd
> eraseregions is getting corrupted by the write to bd->bi_ip_addr after
> initializing the flash stuff.
>
> I'm not sure how this should be dealt with - I'd think the best approach
> here is to change the CONFIG_SYS_GBL_DATA_OFFSET to include some space
> for the bd, or malloc'ing the bd.
>
> If you let me know which one is the preferred approach, I'll gladly
> provide a patch.
Hmm... You have sizeof(bd_t) available, so you could do something like
#define CONFIG_SYS_GBL_DATA_OFFSET (CONFIG_SYS_MALLOC_BASE - \
sizeof(bd_t) - \
> GENERATED_GBL_DATA_SIZE)
That would ensure you have space available for a gd and bd.
Amicalement,
--
Albert.
next prev parent reply other threads:[~2012-02-28 22:29 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-20 23:24 [U-Boot] memory corruption on nios2 due to overlap of gbl data and malloc Alex Hornung
2012-02-28 22:29 ` Albert ARIBAUD [this message]
2012-02-28 22:39 ` Graeme Russ
2012-02-28 22:55 ` Albert ARIBAUD
2012-02-28 23:20 ` Graeme Russ
2012-02-28 23:24 ` Albert ARIBAUD
2012-02-28 23:32 ` Graeme Russ
2012-02-29 19:04 ` Mike Frysinger
2012-02-29 22:22 ` Graeme Russ
2012-02-29 22:29 ` Mike Frysinger
2012-02-29 22:41 ` Graeme Russ
2012-03-01 7:09 ` [U-Boot] [PATCH] nios2: move gd and bd into BSS Thomas Chou
2012-03-01 17:17 ` Mike Frysinger
2012-03-02 2:55 ` [U-Boot] [PATCH v2] " Thomas Chou
2012-03-02 3:22 ` Mike Frysinger
2012-03-01 21:57 ` [U-Boot] memory corruption on nios2 due to overlap of gbl data and malloc Albert ARIBAUD
2012-03-01 22:11 ` Graeme Russ
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F4D5550.7010701@aribaud.net \
--to=albert.u.boot@aribaud.net \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox