[Skiboot] [PATCH] flash: Handle nullptr dereference of system_flash
Mahesh J Salgaonkar
mahesh at linux.ibm.com
Sat Mar 8 01:03:01 AEDT 2025
On 2025-03-07 11:01:02 Fri, Aditya Gupta wrote:
> With QEMU with NO support for MPIPL, 'p9_sbe_terminate' returns early
> at:
>
> /* Return if MPIPL is not supported */
> if (!is_mpipl_enabled())
> return;
>
> But with MPIPL supported in QEMU, 'p9_sbe_terminate' continues further and
> calls 'flash_unregister' which causes a Machine Check due to nullptr
> dereference of 'system_flash':
>
[...]
> Previously above machine check was never hit as QEMU platform didn't
> had MPIPL, and hence the caller 'p9_sbe_terminate' used to return early.
>
> Add null check to ignore the unregister request if system_flash is not set.
>
> Signed-off-by: Aditya Gupta <adityag at linux.ibm.com>
>
> ---
> Initial QEMU MPIPL support was posted to [1]. It has not been merged
> yet.
>
> [1]: https://lore.kernel.org/qemu-devel/20250217071934.86131-1-adityag@linux.ibm.com/
>
> Changelog
> ==========
> rfc -> v1:
> + reword warning message to say system flash not registered
> ---
> ---
> core/flash.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/core/flash.c b/core/flash.c
> index a14bfc68fd1a..6d9aeb1cbfda 100644
> --- a/core/flash.c
> +++ b/core/flash.c
> @@ -88,7 +88,16 @@ void flash_release(void)
>
> bool flash_unregister(void)
> {
> - struct blocklevel_device *bl = system_flash->bl;
> + struct blocklevel_device *bl;
> +
> + if (!system_flash) {
> + prlog(PR_WARNING, "System Flash is not registered, ignoring"\
> + " unregister request\n");
> +
> + return true;
> + }
> +
> + bl = system_flash->bl;
>
> if (bl->exit)
> return bl->exit(bl);
> --
Looks good to me.
Reviewed-by: Mahesh Salgaonkar <mahesh at linux.ibm.com>
Thanks,
-Mahesh.
More information about the Skiboot
mailing list