fiiom3k: trim OF kernel arguments to fix boot hangs

The M3K's kernel has an incredibly stupid function that mangles the
kernel args and copies them to a 100-byte buffer without any kind of
bounds checking. So, if the kernel arguments are more than 99 chars
the stack may be corrupted, sometimes crashing the kernel.

Fortunately, most of the arguments the OF uses are useless, and the
truly necessary arguments fit within the absurd 99-char limit.

Change-Id: I01ef4513298f79d3c08538239802c21e88509631

1 files changed, 8 insertions, 2 deletions

diff --git a/bootloader/x1000/x1000bootloader.h b/bootloader/x1000/x1000bootloader.h
index 10f6c6e730..b0d8d378f4 100644
--- a/bootloader/x1000/x1000bootloader.h
+++ b/bootloader/x1000/x1000bootloader.h
@@ -44,13 +44,19 @@ struct uimage_header;
 # define OF_PLAYER_NAME     "FiiO player"
 # define OF_PLAYER_ADDR     0x20000
 # define OF_PLAYER_LENGTH   (4 * 1024 * 1024)
+/* WARNING: The length of kernel arguments cannot exceed 99 bytes on the M3K
+ * due to an Ingenic kernel bug: plat_mem_setup() calls ddr_param_change() and
+ * that function tries to copy the command line to an 100-char buffer without
+ * any bounds checking. Overflowing the buffer typically leads to disaster.
+ * It seems ddr_param_change() is not present on all Ingenic kernels and the
+ * bug may not affect the Q1. */
 # define OF_PLAYER_ARGS     OF_RECOVERY_ARGS \
-    " init=/linuxrc ubi.mtd=3 root=ubi0:rootfs ubi.mtd=4 rootfstype=ubifs rw loglevel=8"
+    " init=/linuxrc ubi.mtd=3 root=ubi0:rootfs ubi.mtd=4 rootfstype=ubifs rw"
 # define OF_RECOVERY_NAME   "FiiO recovery"
 # define OF_RECOVERY_ADDR   0x420000
 # define OF_RECOVERY_LENGTH (5 * 1024 * 1024)
 # define OF_RECOVERY_ARGS \
-    "mem=64M@0x0 no_console_suspend console=ttyS2,115200n8 lpj=5009408 ip=off"
+    "mem=64M console=ttyS2"
 #elif defined(SHANLING_Q1)
 # define BL_RECOVERY        BUTTON_NEXT
 # define BL_UP              BUTTON_PREV