FIT Image Memory Overlap Detection and Handling #32
Description
Summary
Discussion about adding memory overlap detection for FIT images and how to handle cases where images intentionally share memory addresses but are loaded selectively at runtime.
Background
While working on U-Boot FIT image overlap detection (U-Boot mailing list discussion), we encountered different scenarios where FIT images may have overlapping load addresses:
- Genuine overlaps (bugs): Multiple images loaded simultaneously with conflicting memory regions
- Intentional overlaps (platform-specific): Images that share addresses but are mutually exclusive at runtime
Current Challenges
Case 1: Genuine Memory Overlap
Scenario:
- firmwareA: loads at
0x40000000, size0x200010bytes → ends at0x40200010 - firmwareB: loads at
0x40200000 - Problem: 16 bytes overlap where both need to be in memory simultaneously
FIT Configuration:
configurations {
conf-1 {
firmware = "firmwareA";
loadables = "firmwareB";
fdt = "fdt-1";
};
}
Case 2: Mutually Exclusive Images (Some TI Platforms)
Scenario: firmware stubs that share the same load address but only one is loaded based on runtime detection.
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
arch = "arm32";
compression = "none";
os = "tifsstub-hs";
load = <0x9dc00000>;
entry = <0x9dc00000>;
blob-ext {
filename = "tifsstub.bin_hs";
};
};
tifsstub-fs {
description = "TIFSSTUB";
type = "firmware";
arch = "arm32";
compression = "none";
os = "tifsstub-fs";
load = <0x9dc00000>;
entry = <0x9dc00000>;
blob-ext {
filename = "tifsstub.bin_fs";
};
};
tifsstub-gp {
description = "TIFSSTUB";
type = "firmware";
arch = "arm32";
compression = "none";
os = "tifsstub-gp";
load = <0x9dc00000>;
entry = <0x9dc00000>;
blob-ext {
filename = "tifsstub.bin_gp";
};
};
FIT Configuration:
configurations {
conf-1 {
firmware = "atf";
loadables = "tee", "tifsstub-hs", "tifsstub-fs", "tifsstub-gp";
fdt = "fdt-1";
};
}
Runtime behavior: Platform code (board_fit_image_post_process() in arch/arm/mach-k3/r5/common.c) handles non-matching stubs:
if ((device_type == K3_DEVICE_TYPE_HS_SE &&
strcmp(os, "tifsstub-hs")) ||
(device_type == K3_DEVICE_TYPE_HS_FS &&
strcmp(os, "tifsstub-fs")) ||
(device_type == K3_DEVICE_TYPE_GP &&
strcmp(os, "tifsstub-gp"))) {
*p_size = 0;
}
Proposed Solutions Under Discussion
Some platforms load only one image from a group at runtime. In the device tree, we may have something like this
tifsstub-hs {
load = <0x9dc00000>;
entry = <0x9dc00000>;
mutually-exclusive-group = "tifsstub";
};
tifsstub-fs {
load = <0x9dc00000>; // Same address OK - mutually exclusive
entry = <0x9dc00000>;
mutually-exclusive-group = "tifsstub";
};
The overlap checker would then skip validation between images in the same mutually-exclusive-group, while still catching genuine overlaps
Please let me know if you have any suggestions or concerns, thanks!