[Skiboot] [PATCH STABLE] hw/fsp/fsp-leds.c: use allocated buffer for FSP_CMD_GET_LED_LIST response

Stewart Smith stewart at linux.vnet.ibm.com
Fri Oct 9 17:32:38 AEDT 2015

Vasant Hegde <hegdevasant at linux.vnet.ibm.com> writes:
> On 10/09/2015 11:12 AM, Stewart Smith wrote:
>> This bug has originated since day 1 (of public release), what was going on
>> was that we were incorrectly using PSI_DMA_LOC_COD_BUF as the *address*
>> to write to for the FSP to read rather than using that purely as the
>> TCE table.
>> What we *should* have been doing (and this patch now does), is allocating
>> some (aligned) memory and using it.
>> With this patch, we no longer write over some poor random memory location
>> that could be being used by the host OS for something important, for example,
>> in the (internal) bug report of this, it was futex_hash_bucket in Linux
>> being replaced with our structure for replying to FSP_CMD_GET_LED_LIST (which
>> is around 4kb) and Linux doesn't like it when you replace a bunch of lock
>> data structures with essentially garbage.
>> Since this is FSP LED code specific, this only affects FSP based systems.
>> Reported-by: Dionysius d. Bell <belldi at us.ibm.com>
> Thanks for reporting this issue! I'm still wondering how we missed this one in
> first place!

So am I... and how we missed it for this long.

More information about the Skiboot mailing list