diff options
| author | Marian Balakowicz <m8@semihalf.com> | 2008-01-31 13:20:06 +0100 |
|---|---|---|
| committer | Wolfgang Denk <wd@denx.de> | 2008-02-07 01:12:57 +0100 |
| commit | 7582438c285bf0cef82909d0f232de64ec567a8a (patch) | |
| tree | 7f4b2b137dd500e005d14f3594fefefe58ec64fd | |
| parent | f13e7b2e993c61fed1f607962501e051940d6e80 (diff) | |
[new uImage] Return error on image move/uncompress overwrites
Check for overwrites during image move/uncompress, return with error
when the original image gets corrupted. Report clear message to the user
and prevent further troubles when pointer to the corrupted images is passed
to do_bootm_linux routine.
Signed-off-by: Marian Balakowicz <m8@semihalf.com>
| -rw-r--r-- | common/cmd_bootm.c | 22 | ||||
| -rw-r--r-- | lib_ppc/ppc_linux.c | 14 |
2 files changed, 34 insertions, 2 deletions
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index 2d17bdd4f95..f441e0e011a 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -133,6 +133,10 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) ulong img_addr; ulong os_data, os_len; + ulong image_start, image_end; + ulong load_start, load_end; + + if (argc < 2) { img_addr = load_addr; } else { @@ -234,6 +238,11 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) dcache_disable(); #endif + image_start = (ulong)hdr; + image_end = image_get_image_end (hdr); + load_start = image_get_load (hdr); + load_end = 0; + switch (image_get_comp (hdr)) { case IH_COMP_NONE: if (image_get_load (hdr) == img_addr) { @@ -244,6 +253,7 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) memmove_wd ((void *)image_get_load (hdr), (void *)os_data, os_len, CHUNKSZ); + load_end = load_start + os_len; puts("OK\n"); } break; @@ -255,6 +265,8 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) show_boot_progress (-6); do_reset (cmdtp, flag, argc, argv); } + + load_end = load_start + os_len; break; #ifdef CONFIG_BZIP2 case IH_COMP_BZIP2: @@ -272,6 +284,8 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) show_boot_progress (-6); do_reset (cmdtp, flag, argc, argv); } + + load_end = load_start + unc_len; break; #endif /* CONFIG_BZIP2 */ default: @@ -284,6 +298,14 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) puts ("OK\n"); show_boot_progress (7); + if ((load_start < image_end) && (load_end > image_start)) { + debug ("image_start = 0x%lX, image_end = 0x%lx\n", image_start, image_end); + debug ("load_start = 0x%lx, load_end = 0x%lx\n", load_start, load_end); + + puts ("ERROR: image overwritten - must RESET the board to recover.\n"); + do_reset (cmdtp, flag, argc, argv); + } + switch (image_get_type (hdr)) { case IH_TYPE_STANDALONE: if (iflag) diff --git a/lib_ppc/ppc_linux.c b/lib_ppc/ppc_linux.c index 0a625fc071a..391168787a9 100644 --- a/lib_ppc/ppc_linux.c +++ b/lib_ppc/ppc_linux.c @@ -23,6 +23,8 @@ * MA 02111-1307 USA */ +#define DEBUG + #include <common.h> #include <watchdog.h> #include <command.h> @@ -259,11 +261,19 @@ do_bootm_linux(cmd_tbl_t *cmdtp, int flag, of_data = (ulong)of_flat_tree; #endif } else if (image_check_magic (fdt_hdr)) { + ulong image_start, image_end; + ulong load_start, load_end; + printf ("## Flat Device Tree at %08lX\n", fdt_hdr); print_image_hdr (fdt_hdr); - if ((image_get_load (fdt_hdr) < image_get_image_end (fdt_hdr)) && - ((image_get_load (fdt_hdr) + image_get_data_size (fdt_hdr)) > (unsigned long)fdt_hdr)) { + image_start = (ulong)fdt_hdr; + image_end = image_get_image_end (fdt_hdr); + + load_start = image_get_load (fdt_hdr); + load_end = load_start + image_get_data_size (fdt_hdr); + + if ((load_start < image_end) && (load_end > image_start)) { puts ("ERROR: fdt overwritten - " "must RESET the board to recover.\n"); do_reset (cmdtp, flag, argc, argv); |