Skip to content

[arch] linker ASSERT prevents invalid memory access #493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
travisg merged 1 commit into from
Jan 29, 2026
Merged

[arch] linker ASSERT prevents invalid memory access #493

travisg merged 1 commit into from
Jan 29, 2026

Conversation

@vivek-jaluka
Copy link
Contributor

@vivek-jaluka vivek-jaluka commented Jan 20, 2026
edited
Loading

Problem Statement

  1. Incorrect calculation of _end_of_ram
  • _end_of_ram indicates the last address that can be accessed. When we have KERNEL_LOAD_OFFSET such as 1MB here, this value should also be considered to calculate _end_of_ram.
  1. Accessing invalid memory region
  • As lk.bin is not just about the .text and .data segments. There are extra additional which are not counted as part of binary size but it is needed when loaded into RAM.
  • It uses more address space and surpasses the _end_of_ram as there is no check regarding this which leads to access to invalid region.

Add a linker-time assertion to ensure that the final symbol address (_end) does not exceed the allocated RAM boundary (_end_of_ram). This prevents potential runtime memory corruption or undefined behavior caused by exceeding the available memory region, even when the binary file size appears to fit within the allocated space.

The issue arises because:

  • The .bss section (zero-initialized data) occupies no space in the binary but is allocated in RAM at runtime.
  • Stack space (e.g., __stack to __stack_end) consumes additional RAM.
  • Sections are padded to align it to page boundaries (e.g., 4KB).

Without validation, such overflows may go undetected during build, leading to silent memory access violations during early boot especially on memory-constrained platforms.

Example:
_end = 0xffff000000184000
_end_of_ram = 0xffff000000174000 → ASSERT triggers, build fails

This change adds:
Error when _end > _end_of_ram

This ensures early failure during the build process, improving system reliability and debuggability.

@travisg
Copy link
Member

travisg commented Jan 20, 2026

Looks pretty good. At first glance it should only really matter on embedded targets since most of the MMU based targets will have a dynamic notion of what their memory size is, but in those cases the platform usually sets some sort of rasonable MEMSIZE that wont be exceeded at least at link time.

@vivek-jaluka
Copy link
Contributor Author

vivek-jaluka commented Jan 21, 2026

I do agree with your point @travisg that MEMSIZE should be reasonable.

But, suppose we have a need to load LK on SRAM instead of DRAM which have memory constraint of 512KB.
In that, LK compiled for qemu-virt-arm64 generates a bin of 466KB but requires 528KB of memory in RAM.

From a developer perspective, it would be a good arrangement but it will create issues while booting showing abnormal behavior every time as adding any log or code will change lk.elf.map

It would be better if this can be checked in compilation time to prevent this issue in runtime. :)

travisg
travisg reviewed Jan 26, 2026
View reviewed changes
travisg
travisg requested changes Jan 26, 2026
View reviewed changes
Copy link
Member

@travisg travisg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you see about the extra additions?

@vivek-jaluka
[arch] linker ASSERT prevents invalid memory access
f313a8c 
Add a linker-time assertion to ensure that the final symbol address (_end)
does not exceed the allocated RAM boundary (_end_of_ram). This prevents
potential runtime memory corruption or undefined behavior caused by
exceeding the available memory region, even when the binary file size
appears to fit within the allocated space.

The issue arises because:
- The .bss section (zero-initialized data) occupies no space in the binary
  but is allocated in RAM at runtime.
- Stack space (e.g., __stack to __stack_end) consumes additional RAM.
- Sections are aligned to page boundaries (e.g., 4KB), adding padding.

Without validation, such overflows may go undetected during build, leading
to silent memory access violations during early boot—especially on
memory-constrained platforms.

Example:
  _end          = 0xffff000000184000
  _end_of_ram   = 0xffff000000174000 → ASSERT triggers, build fails

This change adds:
   Error when _end > _end_of_ram

This ensures early failure during the build process, improving system
reliability and debuggability.

Signed-off-by: vivek.j <vivek.j@samsung.com>
@vivek-jaluka
Copy link
Contributor Author

vivek-jaluka commented Jan 26, 2026
edited
Loading

Yes @travisg in that way, we may need to allot MEMSIZE considering KERNEL_LOAD_OFFSET as well which should be okay for the developer.

I have updated the patch.

@vivek-jaluka vivek-jaluka requested a review from travisg January 26, 2026 09:13
@travisg travisg merged commit 00bfd6f into littlekernel:master Jan 29, 2026
124 checks passed
@travisg
Copy link
Member

travisg commented Jan 29, 2026

Looks good! thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@travisg travisg Awaiting requested review from travisg

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vivek-jaluka @travisg