common/memsize.c: Fix get_effective_memsize() to check for overflow

Ensure that top of RAM can be represented by phys_size_t type. If RAM is
too large or RAM base address is too upper then limit RAM size to prevent
address space overflow.

Signed-off-by: Pali Rohár <pali@kernel.org>

1 files changed, 15 insertions, 3 deletions

diff --git a/common/memsize.c b/common/memsize.c
index 31884acca0d..3c80ad2c834 100644
--- a/common/memsize.c
+++ b/common/memsize.c
@@ -94,11 +94,23 @@ long get_ram_size(long *base, long maxsize)
 
 phys_size_t __weak get_effective_memsize(void)
 {
+	phys_size_t ram_size = gd->ram_size;
+
+	/*
+	 * Check for overflow and limit ram size to some representable value.
+	 * It is required that ram_base + ram_size must be representable by
+	 * phys_size_t type and must be aligned by direct access, therefore
+	 * calculate it from last 4kB sector which should work as alignment
+	 * on any platform.
+	 */
+	if (gd->ram_base + ram_size < gd->ram_base)
+		ram_size = ((phys_size_t)~0xfffULL) - gd->ram_base;
+
 #ifndef CONFIG_MAX_MEM_MAPPED
-	return gd->ram_size;
+	return ram_size;
 #else
 	/* limit stack to what we can reasonable map */
-	return ((gd->ram_size > CONFIG_MAX_MEM_MAPPED) ?
-		CONFIG_MAX_MEM_MAPPED : gd->ram_size);
+	return ((ram_size > CONFIG_MAX_MEM_MAPPED) ?
+		CONFIG_MAX_MEM_MAPPED : ram_size);
 #endif
 }