summaryrefslogtreecommitdiff
path: root/common/bootm.c
diff options
context:
space:
mode:
authorPurna Chandra Mandal <purna.mandal@microchip.com>2016-01-20 14:07:39 +0530
committerTom Rini <trini@konsulko.com>2016-01-25 10:39:45 -0500
commit8d4f11c2033d0621f22a1501d92616596a8d1a62 (patch)
tree58a0eb54cf8373443b23202006dc114c7ad1212d /common/bootm.c
parent6e2f1538959d79b54a0ceeed2f24643cf98ebaa4 (diff)
downloadu-boot-8d4f11c2033d0621f22a1501d92616596a8d1a62.tar.gz
bootm: fix size arg of flush_cache() in bootm_load_os().
Variable _load_end_ points to end address of uncompressed buffer (*not* uncomress_buffer_end / sizeof(ulong)), so multipling uncompressed size with sizeof(ulong) is grossly incorrect in flush_cache(). It might lead to access of address beyond valid memory range and hang the CPU. Tested on MIPS architecture by using compressed(gzip, lzma) and uncompressed uImage. Signed-off-by: Purna Chandra Mandal <purna.mandal@microchip.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Diffstat (limited to 'common/bootm.c')
-rw-r--r--common/bootm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/bootm.c b/common/bootm.c
index 58936ca497..99d574db2c 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -435,7 +435,7 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
return err;
}
- flush_cache(load, (*load_end - load) * sizeof(ulong));
+ flush_cache(load, *load_end - load);
debug(" kernel loaded at 0x%08lx, end = 0x%08lx\n", load, *load_end);
bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);