From db2e3aa2578a931924f5bd269b0279bd403263ea Mon Sep 17 00:00:00 2001
From: Patrick Georgi <patrick@georgi-clan.de>
Date: Sat, 9 Mar 2013 10:52:50 +0100
Subject: libpayload: Fix reading x86 CBFS images from RAM

Three issues:
 1. the hardcoded dereferenced pointer at 0xfffffffc
 2. "RAM media" has no idea about ROM relative addresses
 3. off-by-one in RAM media: it's legal to request 4 bytes from 0xfffffffc

Change-Id: I671ac12d412c71dc8e8e6114f2ea13f58dd99c1d
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/2624
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
---
 payloads/libpayload/libcbfs/ram_media.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'payloads/libpayload/libcbfs/ram_media.c')

diff --git a/payloads/libpayload/libcbfs/ram_media.c b/payloads/libpayload/libcbfs/ram_media.c
index 87b5292b63..1a0500e1be 100644
--- a/payloads/libpayload/libcbfs/ram_media.c
+++ b/payloads/libpayload/libcbfs/ram_media.c
@@ -43,7 +43,11 @@ static int ram_open(struct cbfs_media *media) {
 
 static void *ram_map(struct cbfs_media *media, size_t offset, size_t count) {
 	struct ram_media *m = (struct ram_media*)media->context;
-	if (offset + count >= m->size) {
+	/* assume addressing from top of image in this case */
+	if (offset > 0xf0000000) {
+		offset = m->size + offset;
+	}
+	if (offset + count > m->size) {
 		printf("ERROR: ram_map: request out of range (0x%x+0x%x)\n",
 		       offset, count);
 		return NULL;
-- 
cgit v1.2.3