From patchwork Fri Dec 14 21:13:11 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@chromium.org>
X-Patchwork-Id: 206565
X-Patchwork-Delegate: sjg@chromium.org
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id 1ACE22C0092
	for <incoming@patchwork.ozlabs.org>;
	Sat, 15 Dec 2012 08:16:08 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 863E64A18C;
	Fri, 14 Dec 2012 22:16:03 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id N5iY8MmZAN-A; Fri, 14 Dec 2012 22:16:03 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 85AE94A18D;
	Fri, 14 Dec 2012 22:15:28 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 8E2574A17A
	for <u-boot@lists.denx.de>; Fri, 14 Dec 2012 22:15:14 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id l-qI9ead3Vlq for <u-boot@lists.denx.de>;
	Fri, 14 Dec 2012 22:15:11 +0100 (CET)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from mail-gh0-f202.google.com (mail-gh0-f202.google.com
	[209.85.160.202])
	by theia.denx.de (Postfix) with ESMTPS id 05ACC4A16C
	for <u-boot@lists.denx.de>; Fri, 14 Dec 2012 22:15:08 +0100 (CET)
Received: by mail-gh0-f202.google.com with SMTP id z10so392982ghb.3
	for <u-boot@lists.denx.de>; Fri, 14 Dec 2012 13:15:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references
	:x-gm-message-state;
	bh=h5oUByXM4AnV0uaHDRNTZRR+wy887osWqvFKhRUV/KE=;
	b=dcS4jqt4BkAprmj1Awphc+/X0+PaiTCrSOUPhayWSNeoXZOiVSQdhku/f02Ifs4e1M
	WSJg/pSeEHXp98bXCXCoWh+bX42MsDkxDsroQCzlV8cWXp7VKdwCUxOJi1tA4d2E2znX
	QU0Jm+Kpsf+uNVmBldKfplZi/6QQtFW1GHhCWdtl8TVV0WLNqvjHXPQzCJ3Mhxq/Ylya
	Y2kNP1hM/cot+iC/yEMbifZDoeptHnyJQlCyLHBkIreWu1zCnCDRjx5b81fPeALOyOAj
	lNql01NllZutknu9thpgVKamcxtTkNTAKAhIbndzYiRuCEMIMRRyush1cFigh+Vjk1cx
	nqMA==
Received: by 10.236.165.5 with SMTP id d5mr2396718yhl.22.1355519707074;
	Fri, 14 Dec 2012 13:15:07 -0800 (PST)
Received: from wpzn4.hot.corp.google.com (216-239-44-65.google.com
	[216.239.44.65]) by gmr-mx.google.com with ESMTPS id
	i27si528095yhb.0.2012.12.14.13.15.07
	(version=TLSv1/SSLv3 cipher=AES128-SHA);
	Fri, 14 Dec 2012 13:15:07 -0800 (PST)
Received: from kaka.mtv.corp.google.com (kaka.mtv.corp.google.com
	[172.22.73.79])
	by wpzn4.hot.corp.google.com (Postfix) with ESMTP id F16D6820050;
	Fri, 14 Dec 2012 13:15:06 -0800 (PST)
Received: by kaka.mtv.corp.google.com (Postfix, from userid 121222)
	id 4CDC1160CC0; Fri, 14 Dec 2012 13:15:06 -0800 (PST)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Date: Fri, 14 Dec 2012 13:13:11 -0800
Message-Id: <1355519594-5694-7-git-send-email-sjg@chromium.org>
X-Mailer: git-send-email 1.7.7.3
In-Reply-To: <1355519594-5694-1-git-send-email-sjg@chromium.org>
References: <1355519594-5694-1-git-send-email-sjg@chromium.org>
X-Gm-Message-State: 
 ALoCoQnAYYh0PLN2jvpYVAGiWe85JLCT9ayfz/t1Simno9ofoVszwZtIfLKPuJ/q8D3oVWNXGJVS6euroOOpyxN7RIyaHe8QU9lLZhIUVL688wb9Fv6XiFse4NPhjd27m9r9nf3BzkFlBeW6gWLZfiaGFsPq3OqGCEkhwnUUfBkMYjBEpDlKrVA9aLNbKpIdfHNL6Y8ZRlP+
Subject: [U-Boot] [PATCH 07/10] x86: Add error checking to x86 relocation
	code
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de

This does not actually change normal behaviour, but adds a check that
should detect corruption of relocation data (e.g. by using BSS data
prior to relocation).

Also add additional debugging output when enabled.

During this investigation, two situations have been seen:
1. calculate_relocation_address():
	uintptr_t size = (uintptr_t)&__bss_end - (uintptr_t)&__text_start;

turns into
     111166f:	b8 83 c4 17 01       	mov    $0x117c483,%eax

whih is beyond the end of bss:

0117b484 g       .bss	00000000 __bss_end

Somehow the __bss_end here is 255 bytes ahead.

2. do_elf_reloc_fixups():

	uintptr_t size = (uintptr_t)&__bss_end - (uintptr_t)&__text_start;

Here the __text_start is 0 in the file:

 1111d9f:	bb a0 e0 13 01       	mov    $0x113e0a0,%ebx
1111da4:	81 ef 00 00 00 00    	sub    $0x0,%edi

As it happens, both of these are in pre-relocation code.

For these reasons we silent check and ignore bad relocations.

Signed-off-by: Simon Glass <sjg@chromium.org>
---
 arch/x86/lib/relocate.c |   20 ++++++++++++++++++--
 1 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/arch/x86/lib/relocate.c b/arch/x86/lib/relocate.c
index e9188a7..e893c2b 100644
--- a/arch/x86/lib/relocate.c
+++ b/arch/x86/lib/relocate.c
@@ -73,12 +73,16 @@ int clear_bss(void)
 	return 0;
 }
 
+/*
+ * This function has more error checking than you might expect. Please see
+ * the commit message for more informaiton.
+ */
 int do_elf_reloc_fixups(void)
 {
 	Elf32_Rel *re_src = (Elf32_Rel *)(&__rel_dyn_start);
 	Elf32_Rel *re_end = (Elf32_Rel *)(&__rel_dyn_end);
 
-	Elf32_Addr *offset_ptr_rom;
+	Elf32_Addr *offset_ptr_rom, *last_offset = NULL;
 	Elf32_Addr *offset_ptr_ram;
 
 	/* The size of the region of u-boot that runs out of RAM. */
@@ -89,7 +93,8 @@ int do_elf_reloc_fixups(void)
 		offset_ptr_rom = (Elf32_Addr *)re_src->r_offset;
 
 		/* Check that the location of the relocation is in .text */
-		if (offset_ptr_rom >= (Elf32_Addr *)CONFIG_SYS_TEXT_BASE) {
+		if (offset_ptr_rom >= (Elf32_Addr *)CONFIG_SYS_TEXT_BASE &&
+				offset_ptr_rom > last_offset) {
 
 			/* Switch to the in-RAM version */
 			offset_ptr_ram = (Elf32_Addr *)((ulong)offset_ptr_rom +
@@ -100,8 +105,19 @@ int do_elf_reloc_fixups(void)
 					*offset_ptr_ram <=
 					(CONFIG_SYS_TEXT_BASE + size)) {
 				*offset_ptr_ram += gd->reloc_off;
+			} else {
+				debug("   %p: rom reloc %x, ram %p, value %x,"
+					" limit %lx\n", re_src,
+					re_src->r_offset, offset_ptr_ram,
+					*offset_ptr_ram,
+					CONFIG_SYS_TEXT_BASE + size);
 			}
+		} else {
+			debug("   %p: rom reloc %x, last %p\n", re_src,
+			       re_src->r_offset, last_offset);
 		}
+		last_offset = offset_ptr_rom;
+
 	} while (++re_src < re_end);
 
 	return 0;