commit 8549bb36a9ee473564418ba88655030022d47b21
author George Chan <gchan9527@gmail.com> Sun May 18 19:16:18 2025 +0800
committer Tom Rini <trini@konsulko.com> Tue Jun 24 07:54:51 2025 -0600
tree 3df6b539df0c23feba512ac0999b11b44ae5c133
parent bea2cc7461752148c96ae2ad9f307bf28fa60583

boot/image-android: Workaround kernel/ramdisk invalid addr

Some androidboot image have invalid kernel/ramdisk load addr,
force to ignore those value and use loadaddr instead.

There is a concern on exposing the whole memory to image loading is
dangerous. Also, since it's not always possible to change the load
addr by repacking the boot.img (mainly due to AVB signature mismatch),
we need a way to use kernel_addr_r and ramdisk_addr_r.

Suggested-by: Casey Connolly <casey.connolly@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Tested-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Signed-off-by: George Chan <gchan9527@gmail.com>
Link: https://lore.kernel.org/r/20250518-android-boot-v3-1-02c8768e131f@gmail.com
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>

boot/image-android.c

diff --git a/boot/image-android.c b/boot/image-android.c
index 459cdb8..14cf611 100644
--- a/boot/image-android.c
+++ b/boot/image-android.c
@@ -268,7 +268,8 @@
 	 *
 	 * Otherwise, we will return the actual value set by the user.
 	 */
-	if (img_data->kernel_addr  == ANDROID_IMAGE_DEFAULT_KERNEL_ADDR) {
+	if (img_data->kernel_addr  == ANDROID_IMAGE_DEFAULT_KERNEL_ADDR ||
+	    IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_IGNORE_BLOB_ADDR)) {
 		if (comp == IH_COMP_NONE)
 			return img_data->kernel_ptr;
 		return env_get_ulong("kernel_addr_r", 16, 0);
@@ -464,7 +465,8 @@
 	 */
 	if (img_data.header_version > 2) {
 		/* Ramdisk can't be used in-place, copy it to ramdisk_addr_r */
-		if (img_data.ramdisk_addr == ANDROID_IMAGE_DEFAULT_RAMDISK_ADDR) {
+		if (img_data.ramdisk_addr == ANDROID_IMAGE_DEFAULT_RAMDISK_ADDR ||
+		    IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_IGNORE_BLOB_ADDR)) {
 			ramdisk_ptr = env_get_ulong("ramdisk_addr_r", 16, 0);
 			if (!ramdisk_ptr) {
 				printf("Invalid ramdisk_addr_r to copy ramdisk into\n");
@@ -489,7 +491,8 @@
 		/* Ramdisk can be used in-place, use current ptr */
 		if (img_data.ramdisk_addr == 0 ||
 		    img_data.ramdisk_addr == ANDROID_IMAGE_DEFAULT_RAMDISK_ADDR ||
-		    img_data.ramdisk_addr == img_data.kernel_addr) {
+		    img_data.ramdisk_addr == img_data.kernel_addr ||
+		    IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_IGNORE_BLOB_ADDR)) {
 			*rd_data = img_data.ramdisk_ptr;
 		} else {
 			ramdisk_ptr = img_data.ramdisk_addr;