Comments
Patch
===================================================================
@@ -220,7 +220,7 @@
/* This is a pointer to the header for easy access */
rom->header = (struct cbfs_header *)
- ROM_PTR(rom, rom->size - 16 - bootblocksize - sizeof(struct cbfs_header));
+ ROM_PTR(rom, rom->size - bootblocksize - sizeof(struct cbfs_header));
rom->header->magic = htonl(HEADER_MAGIC);
rom->header->romsize = htonl(romsize);
rom->header->bootblocksize = htonl(bootblocksize);
@@ -233,7 +233,7 @@
/* Write the cbfs master header address at the end of the ROM. */
ROM_WRITEL(rom, rom->size - 4,
- 0xFFFFFFF0 - bootblocksize - sizeof(struct cbfs_header));
+ 0xFFFFFFFF - bootblocksize - sizeof(struct cbfs_header) + 1);
/* write the empty header */
rom_set_header(rom, (struct cbfs_file *)rom->ptr, "", -1, CBFS_COMPONENT_NULL);
Hi guys I think I found a bug in CBFS. It's about the cbfs master header location. Under certains circumstances, it can be overwritten by a file, hence corrupting the rom. I added some debug output to explain the problem. First I create a dummy bootblock and the rom : dd if=/dev/zero of=bootblock bs=16k count=4 cbfstool rom create 262144 65536 bootblock 16 ----- create_rom: create cbfs_header at offset 0x2ffd0 create_rom: write cbfs master header address 0xfffeffd0 ----- cbfstool rom print rom: 256 kB, bootblocksize 65536, romsize 262144, offset 0x0 Alignment: 16 bytes Name Offset Type Size 0x0 free 196536 Finally create and add tfhe file : dd if=/dev/zero of=dummy bs=196536 count=1 cbfstool rom add dummy dummy 256 ----- rom_alloc: Found free file at offset 0x0 headersize 0x28 size 0x2ffb8 rom_alloc: nextoffset 0x2ffe0 rom_alloc: truncoffset 0x2ffe0 ----- cbfstool rom print (cbfstool) E: This does not appear to be a valid ROM (cbfstool) E: Problem while reading the ROM As you can see, nextoffset is 0x10 byte after the cbfs_header. The file I added overwrote it. I attached a patch to fix this. Signed-off-by: Thomas Jourdan <thomas.jourdan@gmail.com> Regards, Thomas