[Skiboot] [PATCH] hdata: Prevent NULL dereference on duplicate entries in TMPREL section

Mahesh Salgaonkar mahesh at linux.ibm.com
Sat Mar 22 04:10:19 AEDT 2025 

Currently if you encounter duplicate entries in TMPREL section while
parsing HDAT, opal crashes with bellow back trace:

[  119.205498180,3] DT: dt_attach_root failed, duplicate ibm,cvc-service at 40
[  119.206975658,3] ***********************************************
[  119.208669044,3] Fatal MCE at 000000003003729c
.dt_find_property+0x30  MSR 9000000000001002
[  119.210355268,3] Cause: unknown error
[  119.211273270,3] CFAR : 0000000030037288 MSR  : 9000000000001002
[  119.212502638,3] SRR0 : 000000003003729c SRR1 : 9000000000001002
[  119.214037362,3] HSRR0: 0000000030020024 HSRR1: 9000000000001000
[  119.215266730,3] DSISR: 40000000         DAR  : a600607d01006b79
[...]
CPU 0008 Backtrace:
 S: 0000000031c53980 R: 0000000030026b0c   .__memalign+0x58
 S: 0000000031c53a10 R: 0000000030037378   .new_property+0xb0
 S: 0000000031c53aa0 R: 0000000030037778   .__dt_add_property_strings+0x58
 S: 0000000031c53b40 R: 000000003010bf74   .node_stb_parse+0x414
 S: 0000000031c53c30 R: 0000000030102ee4   .parse_hdat+0x20cc
 S: 0000000031c53e30 R: 0000000030022c04   .main_cpu_entry+0x1d0
 S: 0000000031c53f00 R: 000000003000321c   go_primary+0x10c
 --- OPAL boot ---

fix the null pointer deref and proceed with warning message instead of
crashing. Also add debug prints to display all entries.

Signed-off-by: Mahesh Salgaonkar <mahesh at linux.ibm.com>
---
 hdata/tpmrel.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
index c70791839..7f9dfa296 100644
--- a/hdata/tpmrel.c
+++ b/hdata/tpmrel.c
@@ -181,7 +181,7 @@ static void tpmrel_cvc_init(struct HDIF_common_hdr *hdif_hdr)
 
 	for (i = 0; i < count; i++) {
 		const struct hash_and_verification *hv;
-		uint32_t type, offset, version;
+		uint32_t type, offset, version, dbob_id;
 		const char *compat;
 
 		hv = HDIF_get_iarray_item(hdif_hdr,
@@ -190,6 +190,9 @@ static void tpmrel_cvc_init(struct HDIF_common_hdr *hdif_hdr)
 		type = be32_to_cpu(hv->type);
 		offset = be32_to_cpu(hv->offset);
 		version = be32_to_cpu(hv->version);
+		dbob_id = be32_to_cpu(hv->dbob_id);
+		prlog(PR_DEBUG, "entry %d: type=0x%x, version=0x%x, dbob_id=0x%x, offset=0x%x\n",
+				i, type, version, dbob_id, offset);
 
 		compat = cvc_service_map_compat(type);
 
@@ -199,6 +202,11 @@ static void tpmrel_cvc_init(struct HDIF_common_hdr *hdif_hdr)
 		}
 
 		node = dt_new_addr(parent, "ibm,cvc-service", offset);
+		if (!node) {
+			prlog(PR_WARNING, "TPMREL: CVC service entry %d: Couldn't add DT node\n",
+			      i);
+			continue;
+		}
 		dt_add_property_strings(node, "compatible", compat);
 		dt_add_property_cells(node, "reg", offset);
 		dt_add_property_cells(node, "version", version);
-- 
2.48.1

More information about the Skiboot mailing list