| Message ID | 20211217154125.32294-1-lukma@denx.de |
|---|---|
| State | Accepted |
| Commit | 014315b2d81a0ad1600d9dcdb51cf14a952eff41 |
| Delegated to: | Stefano Babic |
| Headers | show |
| Series | spl: Provide more space to be used for storing SPL on imx28 OCRAM | expand |
> With the current configuration provided in mxsimage{-spl}.mx28.cfg the > size of SPL binary has been constrained to 32 KiB, due to "LOAD IVT" > command with 0x8000 offset. > The problem was that, the imx28 ROM takes the u-boot.sb and then > extracts from it the IVT header and places it on the 0x8000 OCRAM offset > overwriting any valid (i.e. loaded from eMMC or SPI-NOR) SPL code. This > bug was unnoticed as the overwrite size was just 32 bytes, so the > probability that some important code is altered was low. > However, in the XEA board (where the SPL size is ~39KiB), the overwritten > data was `(struct dm_spi_ops *) 0x800c <mxs_spi_ops>`, which is used > during the boot process. > As a result the SPL execution code hanged with "undefined instruction" > abort as callbacks (with wrong addresses) from it were called. > The fix is to change the OCRAM's offset where IVT is loaded to 0xE000, > so the SPL can grow up to ~57KiB (the maximal size of OCRAM memory > available is 0xE3FC). > Signed-off-by: Lukasz Majewski <lukma@denx.de> Applied to u-boot-imx, master, thanks ! Best regards, Stefano Babic
diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage-spl.mx28.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage-spl.mx28.cfg index 0d95064ff7f..fd09780303e 100644 --- a/arch/arm/cpu/arm926ejs/mxs/mxsimage-spl.mx28.cfg +++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage-spl.mx28.cfg @@ -2,5 +2,5 @@ DISPLAYPROGRESS SECTION 0x0 BOOTABLE TAG LAST LOAD 0x1000 spl/u-boot-spl.bin - LOAD IVT 0x8000 0x1000 - CALL HAB 0x8000 0x0 + LOAD IVT 0xE000 0x1000 + CALL HAB 0xE000 0x0 diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg index 3f7bf599248..f0f3dd7d6b1 100644 --- a/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg +++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg @@ -2,8 +2,8 @@ DISPLAYPROGRESS SECTION 0x0 BOOTABLE TAG LAST LOAD 0x1000 spl/u-boot-spl.bin - LOAD IVT 0x8000 0x1000 - CALL HAB 0x8000 0x0 + LOAD IVT 0xE000 0x1000 + CALL HAB 0xE000 0x0 LOAD 0x40002000 u-boot.bin - LOAD IVT 0x8000 0x40002000 - CALL HAB 0x8000 0x0 + LOAD IVT 0xE000 0x40002000 + CALL HAB 0xE000 0x0
With the current configuration provided in mxsimage{-spl}.mx28.cfg the size of SPL binary has been constrained to 32 KiB, due to "LOAD IVT" command with 0x8000 offset. The problem was that, the imx28 ROM takes the u-boot.sb and then extracts from it the IVT header and places it on the 0x8000 OCRAM offset overwriting any valid (i.e. loaded from eMMC or SPI-NOR) SPL code. This bug was unnoticed as the overwrite size was just 32 bytes, so the probability that some important code is altered was low. However, in the XEA board (where the SPL size is ~39KiB), the overwritten data was `(struct dm_spi_ops *) 0x800c <mxs_spi_ops>`, which is used during the boot process. As a result the SPL execution code hanged with "undefined instruction" abort as callbacks (with wrong addresses) from it were called. The fix is to change the OCRAM's offset where IVT is loaded to 0xE000, so the SPL can grow up to ~57KiB (the maximal size of OCRAM memory available is 0xE3FC). Signed-off-by: Lukasz Majewski <lukma@denx.de> --- arch/arm/cpu/arm926ejs/mxs/mxsimage-spl.mx28.cfg | 4 ++-- arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-)