Public bug reported:
I originally found this issue when enabling CONFIG_API for the vexpress
build on the linaro-stable head, but tracking it down shows this only
affects the alignment and the bug is present regardless - only does not
trigger a crash otherwise.
Image built from linaro-stable head for vexpress_ca9x4, put it on my
board, ran it - and it crashed somewhere after printing "DRAM: 1 GiB".
Tracked it down to an unaligned access in "fixrel" in
arch/arm/cpu/armv7/start.S - an address that appears to be one greater what's
intended. Setting a watchpoint to trap accesses, the culprit turns out to be
the following innocent-looking line in drivers/serial/serial_pl01x.c
---
serial_init_called++;
---
This (global) variable was added by patch
http://git.linaro.org/gitweb?p=boot/u-boot-linaro-stable.git;a=commitdiff;h=a20a4cd6297b216383a40799c5b355bf5502724d
With CONFIG_API enabled, the address contained in the relocation is
corrupted. With it disabled, the type of the relocation is corrupted -
causing "fixrel" to ignore it.
I _think_ what's going on here is that accesses to global data is not safe
before the image has been copied to its destination, due to the u-boot linker
script placing the relocations as an "OVERLAY", but it could be more
complicated than that.
I have not verified that it affects only vexpress, and in fact it would
surprise me somewhat if it did.
** Affects: u-boot-linaro
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Linaro
Maintainers, which is the registrant for Linaro U-Boot.
https://bugs.launchpad.net/bugs/1029956
Title:
vexpress: Corruption of relocation entry pre-copying
Status in Linaro U-Boot:
New
Bug description:
I originally found this issue when enabling CONFIG_API for the
vexpress build on the linaro-stable head, but tracking it down shows
this only affects the alignment and the bug is present regardless -
only does not trigger a crash otherwise.
Image built from linaro-stable head for vexpress_ca9x4, put it on my
board, ran it - and it crashed somewhere after printing "DRAM: 1
GiB".
Tracked it down to an unaligned access in "fixrel" in
arch/arm/cpu/armv7/start.S - an address that appears to be one greater what's
intended. Setting a watchpoint to trap accesses, the culprit turns out to be
the following innocent-looking line in drivers/serial/serial_pl01x.c
---
serial_init_called++;
---
This (global) variable was added by patch
http://git.linaro.org/gitweb?p=boot/u-boot-linaro-stable.git;a=commitdiff;h=a20a4cd6297b216383a40799c5b355bf5502724d
With CONFIG_API enabled, the address contained in the relocation is
corrupted. With it disabled, the type of the relocation is corrupted
- causing "fixrel" to ignore it.
I _think_ what's going on here is that accesses to global data is not safe
before the image has been copied to its destination, due to the u-boot linker
script placing the relocations as an "OVERLAY", but it could be more
complicated than that.
I have not verified that it affects only vexpress, and in fact it would
surprise me somewhat if it did.
To manage notifications about this bug go to:
https://bugs.launchpad.net/u-boot-linaro/+bug/1029956/+subscriptions
--
Mailing list: https://launchpad.net/~linaro-pkg
Post to : [email protected]
Unsubscribe : https://launchpad.net/~linaro-pkg
More help : https://help.launchpad.net/ListHelp
