From: "Matthias Weißer" <weisserm@arcor.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] Strange CFI flash problem
Date: Mon, 14 Apr 2014 10:51:23 +0200 [thread overview]
Message-ID: <534BA18B.5050509@arcor.de> (raw)
In-Reply-To: <534B7BA4.8070100@arcor.de>
Am 14.04.2014 08:09, schrieb Matthias Wei?er:
> Hi Wolfgang
>
> Am 11.04.2014 12:43, schrieb Wolfgang Denk:
>> Dear Matthias,
>>
>> In message <5347BBBC.9000806@arcor.de> you wrote:
>>>
>>> we are currently trying to get an out-of-tree board based on 2013.01
>>> back in sync with current master and observing a strange behavior which
>>> we think is located in the CFI flash system. If we load an image via
>>> tftp, copy it to flash and then try to run the image via bootm we see an
>>> error while decomressing:
>> ...
>>> Uncompressing Kernel Image ... LZO: uncompress or overwrite error -5
>>
>> Are you sure your malloc arena is big enough for LZO? Try if
>> increasing it helps...
>
> We increaded it from 4MB to 8MB and the behavior is still the same.
>
> We also observed a different behavior when tftping the image to RAM and
> then directly executing it without copying it to flash. It seems that
> the flash device (EN29GL256H) is then in some a mode (maybe auto-select)
> which prevents it from normal read operations which doesn't allow the
> flash driver of the OS come up. We never saw this with our old u-boot.
> If there are no ideas left we will have to bisect the problem.
Bisecting was successfull. The commit introducing the problem is
commit ff9d2efdbf1b3b5263f81e843c6724b8bead7f1f
Author: Kees Cook <keescook@chromium.org>
Date: Fri Aug 16 07:59:15 2013 -0700
lzo: correctly bounds-check output buffer
This checks the size of the output buffer and fails if it was going to
overflow the buffer during lzo decompression.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
This commit introduced the usage of the dst_len output parameter as
additional input parameter containing the maximum output buffer size.
This parameter isn't initialized in cmd_bootm.c:
454 #ifdef CONFIG_LZO
455 case IH_COMP_LZO: {
456 size_t size;
457
458 printf(" Uncompressing %s ... ", type_name);
459
460 ret = lzop_decompress(image_buf, image_len, load_buf, &size);
Setting size to some big value (SZE_MAX is not avialable) fixed the
behavior but I am unsure if this is the correct solution. I think its
hard to get the max output buffer size at this point in cmd_bootm.c.
Regards
Matthias
next prev parent reply other threads:[~2014-04-14 8:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-11 9:54 [U-Boot] Strange CFI flash problem Matthias Weißer
2014-04-11 10:43 ` Wolfgang Denk
2014-04-14 6:09 ` Matthias Weißer
2014-04-14 8:51 ` Matthias Weißer [this message]
2014-04-14 15:38 ` Kees Cook
2014-04-15 5:48 ` Matthias Weißer
2014-04-15 17:27 ` Kees Cook
2014-04-15 17:29 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=534BA18B.5050509@arcor.de \
--to=weisserm@arcor.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox