u-boot/common/memsize.c
Pali Rohár 777aaaa706 common/memsize.c: Fix get_effective_memsize() to check for overflow
Ensure that top of RAM can be represented by phys_size_t type. If RAM is
too large or RAM base address is too upper then limit RAM size to prevent
address space overflow.

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-09-23 15:11:13 -04:00

117 lines
2.6 KiB
C

// SPDX-License-Identifier: GPL-2.0+
/*
* (C) Copyright 2004
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
*/
#include <common.h>
#include <init.h>
#include <asm/global_data.h>
DECLARE_GLOBAL_DATA_PTR;
#ifdef __PPC__
/*
* At least on G2 PowerPC cores, sequential accesses to non-existent
* memory must be synchronized.
*/
# include <asm/io.h> /* for sync() */
#else
# define sync() /* nothing */
#endif
/*
* Check memory range for valid RAM. A simple memory test determines
* the actually available RAM size between addresses `base' and
* `base + maxsize'.
*/
long get_ram_size(long *base, long maxsize)
{
volatile long *addr;
long save[BITS_PER_LONG - 1];
long save_base;
long cnt;
long val;
long size;
int i = 0;
for (cnt = (maxsize / sizeof(long)) >> 1; cnt > 0; cnt >>= 1) {
addr = base + cnt; /* pointer arith! */
sync();
save[i++] = *addr;
sync();
*addr = ~cnt;
}
addr = base;
sync();
save_base = *addr;
sync();
*addr = 0;
sync();
if ((val = *addr) != 0) {
/* Restore the original data before leaving the function. */
sync();
*base = save_base;
for (cnt = 1; cnt < maxsize / sizeof(long); cnt <<= 1) {
addr = base + cnt;
sync();
*addr = save[--i];
}
return (0);
}
for (cnt = 1; cnt < maxsize / sizeof(long); cnt <<= 1) {
addr = base + cnt; /* pointer arith! */
val = *addr;
*addr = save[--i];
if (val != ~cnt) {
size = cnt * sizeof(long);
/*
* Restore the original data
* before leaving the function.
*/
for (cnt <<= 1;
cnt < maxsize / sizeof(long);
cnt <<= 1) {
addr = base + cnt;
*addr = save[--i];
}
/* warning: don't restore save_base in this case,
* it is already done in the loop because
* base and base+size share the same physical memory
* and *base is saved after *(base+size) modification
* in first loop
*/
return (size);
}
}
*base = save_base;
return (maxsize);
}
phys_size_t __weak get_effective_memsize(void)
{
phys_size_t ram_size = gd->ram_size;
/*
* Check for overflow and limit ram size to some representable value.
* It is required that ram_base + ram_size must be representable by
* phys_size_t type and must be aligned by direct access, therefore
* calculate it from last 4kB sector which should work as alignment
* on any platform.
*/
if (gd->ram_base + ram_size < gd->ram_base)
ram_size = ((phys_size_t)~0xfffULL) - gd->ram_base;
#ifndef CONFIG_MAX_MEM_MAPPED
return ram_size;
#else
/* limit stack to what we can reasonable map */
return ((ram_size > CONFIG_MAX_MEM_MAPPED) ?
CONFIG_MAX_MEM_MAPPED : ram_size);
#endif
}