From owner-svn-src-head@FreeBSD.ORG Fri Jun 19 17:00:37 2015 Return-Path: Delivered-To: svn-src-head@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1EB20553; Fri, 19 Jun 2015 17:00:37 +0000 (UTC) (envelope-from sobomax@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0CA327D4; Fri, 19 Jun 2015 17:00:37 +0000 (UTC) (envelope-from sobomax@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5JH0aZe035719; Fri, 19 Jun 2015 17:00:36 GMT (envelope-from sobomax@FreeBSD.org) Received: (from sobomax@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5JH0a42035718; Fri, 19 Jun 2015 17:00:36 GMT (envelope-from sobomax@FreeBSD.org) Message-Id: <201506191700.t5JH0a42035718@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: sobomax set sender to sobomax@FreeBSD.org using -f From: Maxim Sobolev Date: Fri, 19 Jun 2015 17:00:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r284599 - head/sys/boot/uboot/lib X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 17:00:37 -0000 Author: sobomax Date: Fri Jun 19 17:00:36 2015 New Revision: 284599 URL: https://svnweb.freebsd.org/changeset/base/284599 Log: Fix bug in the ubldr introduced in the rev.283035. The new code fails to properly consider memory regions when the loader is located below of those regions or engulfs their lower limit. This results in "not enough RAM to load kernel" panic, which is totally bogus. On top of that, there are some variables that can be left unitialized in those cases, which might cause it fail with memory access violation instead of panic while trying to load kernel to a wrong or non-existing address of memory. Augment the code to properly deal with the loader being below or at the lower bound of the memory region in question. Also, don't leave ununitialized variables behind. Reviewed by: ian Modified: head/sys/boot/uboot/lib/copy.c Modified: head/sys/boot/uboot/lib/copy.c ============================================================================== --- head/sys/boot/uboot/lib/copy.c Fri Jun 19 14:56:24 2015 (r284598) +++ head/sys/boot/uboot/lib/copy.c Fri Jun 19 17:00:36 2015 (r284599) @@ -118,6 +118,13 @@ uboot_loadaddr(u_int type, void *data, u this_block = eubldr; this_size = eblock - eubldr; } + } else if (subldr < sblock && eubldr < eblock) { + /* Loader is below or engulfs the sblock */ + this_block = (eubldr < sblock) ? sblock : eubldr; + this_size = eblock - this_block; + } else { + this_block = 0; + this_size = 0; } if (biggest_size < this_size) { biggest_block = this_block;