libpayload: Fix reading x86 CBFS images from RAM

Three issues:
 1. the hardcoded dereferenced pointer at 0xfffffffc
 2. "RAM media" has no idea about ROM relative addresses
 3. off-by-one in RAM media: it's legal to request 4 bytes from 0xfffffffc

Change-Id: I671ac12d412c71dc8e8e6114f2ea13f58dd99c1d
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/2624
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>

payloads/libpayload/libcbfs/cbfs.c

@@ -65,8 +65,14 @@
 #if defined(CONFIG_CBFS_HEADER_ROM_OFFSET) && (CONFIG_CBFS_HEADER_ROM_OFFSET)
 # define CBFS_HEADER_ROM_ADDRESS (CONFIG_CBFS_HEADER_ROM_OFFSET)
 #else
-// Indirect address: only works on 32bit top-aligned systems.
+/* ugly hack: this assumes that "media" exists
-# define CBFS_HEADER_ROM_ADDRESS (*(uint32_t*)0xfffffffc)
+              in the scope where the macro is used. */
+static uint32_t fetch_x86_header(struct cbfs_media *media)
+{
+	uint32_t *header_ptr = media->map(media, 0xfffffffc, 4);
+	return *header_ptr;
+}
+# define CBFS_HEADER_ROM_ADDRESS fetch_x86_header(media)
 #endif
 
 #include "cbfs_core.c"

payloads/libpayload/libcbfs/ram_media.c

@@ -43,7 +43,11 @@ static int ram_open(struct cbfs_media *media) {
 
 static void *ram_map(struct cbfs_media *media, size_t offset, size_t count) {
 	struct ram_media *m = (struct ram_media*)media->context;
-	if (offset + count >= m->size) {
+	/* assume addressing from top of image in this case */
+	if (offset > 0xf0000000) {
+		offset = m->size + offset;
+	}
+	if (offset + count > m->size) {
 		printf("ERROR: ram_map: request out of range (0x%x+0x%x)\n",
 		       offset, count);
 		return NULL;