From: Ronald Wahl <[email protected]>
Currently when CONFIG_SPL_STACK_R and CONFIG_SPL_SYS_MALLOC_SIMPLE is
enabled then spl_relocate_stack_gd() will setup a layout where the stack
lays inside the heap and grows down to heap start. Also the global data
is part of the heap. This can lead to corruption of stack and global
data. The current layout is:
0x0 +-------------+
. .
. .
gd->malloc_base +- - - - - - -+
| |\
| HEAP/STACK | \
| | } SPL_STACK_R_MALLOC_SIMPLE_LEN
gd->start_addr_sp +- - - - - - -+ / (gd->malloc_limit)
| GLOBAL DATA |/
CONFIG_SPL_STACK_R_ADDR +-------------+
The above broken layout was actually introduced with commit adc421e4cee8
("arm: move gd handling outside of C code").
This commit changes the layout so that the stack is below the heap and
the global data. It is now similar to the one before relocation:
0x0+-------------+
. .
. .
+- - - - - - -+
| |
| STACK |
| |
gd->start_addr_sp +-------------+
| GLOBAL DATA |
gd->malloc_base +-------------+
| |\
| HEAP | } SPL_STACK_R_MALLOC_SIMPLE_LEN
| |/ (gd->malloc_limit)
CONFIG_SPL_STACK_R_ADDR +-------------+
Fixes: adc421e4cee8 ("arm: move gd handling outside of C code")
Cc: Tom Rini <[email protected]>
Cc: Anshul Dalal <[email protected]>
Cc: Leo Yu-Chi Liang <[email protected]>
Cc: Dhruva Gole <[email protected]>
Cc: Simon Glass <[email protected]>
Cc: Albert ARIBAUD <[email protected]>
Signed-off-by: Ronald Wahl <[email protected]>
---
common/spl/spl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/spl/spl.c b/common/spl/spl.c
index fd915d9564b..8256fa97862 100644
--- a/common/spl/spl.c
+++ b/common/spl/spl.c
@@ -954,7 +954,7 @@ ulong spl_relocate_stack_gd(void)
}
#endif
/* Get stack position: use 8-byte alignment for ABI compliance */
- ptr = CONFIG_SPL_STACK_R_ADDR - roundup(sizeof(gd_t),16);
+ ptr -= roundup(sizeof(gd_t), 16);
gd->start_addr_sp = ptr;
new_gd = (gd_t *)ptr;
memcpy(new_gd, (void *)gd, sizeof(gd_t));
--
2.53.0
