obp-tftp: Make sure to not overwrite paflof in memory

The obp-tftp package is currently using an arbitrary large value as maximal load size. If the downloaded file is big enough, we can easily erase Paflof in memory this way. Let's make sure that this can not happen by limiting the size to the amount of memory below the Paflof binary (which is close to the end of the RAM) in case of board-qemu, or the amount of memory between the minimum RAM size and the load-base on board-js2x. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2018-05-18 17:45:31 +02:00 · 2018-05-18 17:45:31 +02:00 · 4c91c160f9
parent 4c2af4e48f
commit 4c91c160f9
1 changed files with 7 additions and 1 deletions
--- a/slof/fs/packages/obp-tftp.fs
+++ b/slof/fs/packages/obp-tftp.fs
@ -24,7 +24,13 @@ s" obp-tftp" device-name
    my-parent ihandle>phandle node>path encode-string
    s" bootpath" set-chosen

-    60000000                        ( addr maxlen )
+    \ Determine the maximum size that we can load:
+    dup paflof-start < IF
+        paflof-start
+    ELSE
+        MIN-RAM-SIZE
+    THEN                                  ( addr endaddr )
+    over -                                ( addr maxlen )

    \ Add OBP-TFTP Bootstring argument, e.g. "10.128.0.1,bootrom.bin,10.128.40.1"
    my-args