From abhishek at linux.ibm.com Fri Jun 14 17:20:13 2024 From: abhishek at linux.ibm.com (Abhishek Singh Tomar) Date: Fri, 14 Jun 2024 12:50:13 +0530 Subject: [Skiboot] [PATCH] core/pldm: Fix pdr handle to add first pdr request Message-ID: <20240614072013.18125-1-abhishek@linux.ibm.com> As per the specification: To retrieve the first PDR record, use the get_pdr_req function with handle 0. On the BMC side, the first PDR is sent in response, along with the next_record_hndl which can be used to access consecutive PDR records. However, it's important to note that the first PDR may not necessarily have a handle of 1. In the current scenario, providing a record_hndl value of 0 to pldm_pdr_add() will always result in the addition of a record to the repository with a PDR handle of 1. In current fix record handle is extracted from pdr record data. Signed-off-by: Abhishek Singh Tomar --- core/pldm/pldm-platform-requests.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/pldm/pldm-platform-requests.c b/core/pldm/pldm-platform-requests.c index cb0ff9443..01eb12925 100644 --- a/core/pldm/pldm-platform-requests.c +++ b/core/pldm/pldm-platform-requests.c @@ -993,6 +993,7 @@ static void get_pdr_req_complete(struct pldm_rx_data *rx, struct pldm_pdrs *pdrs = (struct pldm_pdrs *)data; uint32_t record_hndl = pdrs->record_hndl; struct get_pdr_response response; + struct pldm_pdr_hdr *pdr_hdr; size_t payload_len; int rc, i; @@ -1065,6 +1066,8 @@ static void get_pdr_req_complete(struct pldm_rx_data *rx, if (response.transfer_flag != PLDM_START_AND_END) prlog(PR_ERR, "Transfert GetPDRResp not complete, transfer_flag: %d\n", response.transfer_flag); + pdr_hdr = (struct pldm_pdr_hdr *)response.record_data; + record_hndl = pdr_hdr->record_handle; prlog(PR_DEBUG, "%s - record_hndl: %d, next_record_hndl: %d, resp_cnt: %d\n", __func__, record_hndl, -- 2.45.2 From abhishek at linux.ibm.com Fri Jun 14 17:46:00 2024 From: abhishek at linux.ibm.com (Abhishek Singh Tomar) Date: Fri, 14 Jun 2024 13:16:00 +0530 Subject: [Skiboot] [PATCH 0/2] Pldm Platform fixes Message-ID: <20240614074601.21174-2-abhishek@linux.ibm.com> Fix Pldm Platform dangling pointer and uninitialised value Signed-off-by: Abhishek Singh Tomar Abhishek Singh Tomar (2): core/pldm: Fix dangling point issue core/pldm: Fix Use of uninitialised value core/pldm/pldm-platform-requests.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.45.2 From abhishek at linux.ibm.com Fri Jun 14 17:46:01 2024 From: abhishek at linux.ibm.com (Abhishek Singh Tomar) Date: Fri, 14 Jun 2024 13:16:01 +0530 Subject: [Skiboot] [PATCH 1/2] core/pldm: Fix dangling point issue In-Reply-To: <20240614074601.21174-2-abhishek@linux.ibm.com> References: <20240614074601.21174-2-abhishek@linux.ibm.com> Message-ID: <20240614074601.21174-3-abhishek@linux.ibm.com> When calling pldm_platform_init() and the GET_PDR PLDM request fails, the 'pdrs_repo' global variable is freed but becomes a dangling pointer. Subsequent calls to pldm_platform_init will lead to an invalid read. ==28652== Invalid read of size 8 ==28652== at 0x40A4C8: pldm_pdr_destroy (pdr.c:130) ==28652== by 0x424BA3: pdr_init_complete (pldm-platform-requests.c:42) ==28652== by 0x4274DA: pldm_platform_load_pdrs (pldm-platform-requests.c:1170) ==28652== by 0x42759C: pdrs_init (pldm-platform-requests.c:1190) ==28652== by 0x427703: pldm_platform_init (pldm-platform-requests.c:1221) Signed-off-by: Abhishek Singh Tomar --- core/pldm/pldm-platform-requests.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core/pldm/pldm-platform-requests.c b/core/pldm/pldm-platform-requests.c index cb0ff9443..21ec43a47 100644 --- a/core/pldm/pldm-platform-requests.c +++ b/core/pldm/pldm-platform-requests.c @@ -38,8 +38,10 @@ static void pdr_init_complete(bool success) if (!success) { pdr_ready = false; - if (pdrs_repo) + if (pdrs_repo) { pldm_pdr_destroy(pdrs_repo); + pdrs_repo = NULL; + } return; } -- 2.45.2 From abhishek at linux.ibm.com Fri Jun 14 17:46:02 2024 From: abhishek at linux.ibm.com (Abhishek Singh Tomar) Date: Fri, 14 Jun 2024 13:16:02 +0530 Subject: [Skiboot] [PATCH 2/2] core/pldm: Fix Use of uninitialised value In-Reply-To: <20240614074601.21174-2-abhishek@linux.ibm.com> References: <20240614074601.21174-2-abhishek@linux.ibm.com> Message-ID: <20240614074601.21174-4-abhishek@linux.ibm.com> In decode_platform_event_message_resp() when response.completion_code is not PLDM_SUCCESS then response.platform_event_status remain uninitialized this end up triggering following warning ==48024== Use of uninitialised value of size 8 ==48024== at 0x48D12CB: _itoa_word (_itoa.c:183) ==48024== by 0x48DBFA1: __printf_buffer (vfprintf-process-arg.c:155) ==48024== by 0x48DE072: __vfprintf_internal (vfprintf-internal.c:1559) ==48024== by 0x42DD97: vprintf (stdio.h:41) ==48024== by 0x42DD97: _prlog (stubs.c:27) ==48024== by 0x426C92: send_repository_changed_event (pldm-platform-requests.c:929) ==48024== by 0x426E7D: add_hosted_pdrs (pldm-platform-requests.c:973) ==48024== by 0x427752: pldm_platform_init (pldm-platform-requests.c:1226) Fix issue by intializing struct response with 0. Signed-off-by: Abhishek Singh Tomar --- core/pldm/pldm-platform-requests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/pldm/pldm-platform-requests.c b/core/pldm/pldm-platform-requests.c index 21ec43a47..e129b3a37 100644 --- a/core/pldm/pldm-platform-requests.c +++ b/core/pldm/pldm-platform-requests.c @@ -834,7 +834,7 @@ static int send_repository_changed_event(uint32_t num_changed_pdrs, .event_class = PLDM_PDR_REPOSITORY_CHG_EVENT, }; - struct pldm_platform_event_message_resp response; + struct pldm_platform_event_message_resp response = {0}; prlog(PR_DEBUG, "%s - num_changed_pdrs: %d\n", __func__, num_changed_pdrs); -- 2.45.2