forked from luck/tmp_suning_uos_patched
6088857b16
The address of variable val in prom_init_stdout is passed to prom_getprop. prom_getprop casts the pointer to u32 and passes it to call_prom in the hope that OpenFirmware stores something there. But the pointer is truncated in the lower bits and the expected value is stored somewhere else. In my testing I had a stackpointer of 0x0023e6b4. val was at offset 120, wich has address 0x0023e72c. But the value passed to OF was 0x0023e728. c00000000040b710: 3b 01 00 78 addi r24,r1,120 ... c00000000040b754: 57 08 00 38 rlwinm r8,r24,0,0,28 ... c00000000040b784: 80 01 00 78 lwz r0,120(r1) ... c00000000040b798: 90 1b 00 0c stw r0,12(r27) ... The stackpointer came from 32bit code. The chain was yaboot -> zImage -> vmlinux PowerMac OpenFirmware does appearently not handle the ELF sections correctly. If yaboot was compiled in /usr/src/packages/BUILD/lilo-10.1.1/yaboot, then the stackpointer is unaligned. But the stackpointer is correct if yaboot is compiled in /tmp/yaboot. This bug triggered since 2.6.15, now prom_getprop is an inline function. gcc clears the lower bits, instead of just clearing the upper 32 bits. Signed-off-by: Olaf Hering <olh@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org> |
||
---|---|---|
.. | ||
alpha | ||
arm | ||
arm26 | ||
cris | ||
frv | ||
h8300 | ||
i386 | ||
ia64 | ||
m32r | ||
m68k | ||
m68knommu | ||
mips | ||
parisc | ||
powerpc | ||
ppc | ||
s390 | ||
sh | ||
sh64 | ||
sparc | ||
sparc64 | ||
um | ||
v850 | ||
x86_64 | ||
xtensa |