[Skiboot] [PATCH v2] hdata: Prevent NULL dereference on duplicate entries in TMPREL section

Madhavan Srinivasan maddy at linux.ibm.com
Tue Mar 25 13:11:34 AEDT 2025 


On 3/24/25 9:54 PM, Mahesh Salgaonkar wrote:
> Currently if you encounter duplicate entries in TMPREL section while
> parsing HDAT, opal crashes with bellow back trace:
> 
> [  119.205498180,3] DT: dt_attach_root failed, duplicate ibm,cvc-service at 40
> [  119.206975658,3] ***********************************************
> [  119.208669044,3] Fatal MCE at 000000003003729c
> .dt_find_property+0x30  MSR 9000000000001002
> [  119.210355268,3] Cause: unknown error
> [  119.211273270,3] CFAR : 0000000030037288 MSR  : 9000000000001002
> [  119.212502638,3] SRR0 : 000000003003729c SRR1 : 9000000000001002
> [  119.214037362,3] HSRR0: 0000000030020024 HSRR1: 9000000000001000
> [  119.215266730,3] DSISR: 40000000         DAR  : a600607d01006b79
> [...]
> CPU 0008 Backtrace:
>  S: 0000000031c53980 R: 0000000030026b0c   .__memalign+0x58
>  S: 0000000031c53a10 R: 0000000030037378   .new_property+0xb0
>  S: 0000000031c53aa0 R: 0000000030037778   .__dt_add_property_strings+0x58
>  S: 0000000031c53b40 R: 000000003010bf74   .node_stb_parse+0x414
>  S: 0000000031c53c30 R: 0000000030102ee4   .parse_hdat+0x20cc
>  S: 0000000031c53e30 R: 0000000030022c04   .main_cpu_entry+0x1d0
>  S: 0000000031c53f00 R: 000000003000321c   go_primary+0x10c
>  --- OPAL boot ---
> 
> fix the null pointer deref and proceed with warning message instead of
> crashing. Also add debug prints to display all entries.
> 

Changes looks fine to me.
Reviewed-by: Madhavan Srinivasan <maddy at linux.ibm.com>

> Signed-off-by: Mahesh Salgaonkar <mahesh at linux.ibm.com>
> ---
> Change in v2:
> - Use be32_to_cpu(hv->dbob_id) in print instead of using extra variable.
> - See v1 at https://lists.ozlabs.org/pipermail/skiboot/2025-March/019154.html
> ---
>  hdata/tpmrel.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
> index c70791839..2a75acd26 100644
> --- a/hdata/tpmrel.c
> +++ b/hdata/tpmrel.c
> @@ -190,6 +190,8 @@ static void tpmrel_cvc_init(struct HDIF_common_hdr *hdif_hdr)
>  		type = be32_to_cpu(hv->type);
>  		offset = be32_to_cpu(hv->offset);
>  		version = be32_to_cpu(hv->version);
> +		prlog(PR_DEBUG, "entry %d: type=0x%x, version=0x%x, dbob_id=0x%x, offset=0x%x\n",
> +				i, type, version, be32_to_cpu(hv->dbob_id), offset);
>  
>  		compat = cvc_service_map_compat(type);
>  
> @@ -199,6 +201,11 @@ static void tpmrel_cvc_init(struct HDIF_common_hdr *hdif_hdr)
>  		}
>  
>  		node = dt_new_addr(parent, "ibm,cvc-service", offset);
> +		if (!node) {
> +			prlog(PR_WARNING, "TPMREL: CVC service entry %d: Couldn't add DT node\n",
> +			      i);
> +			continue;
> +		}
>  		dt_add_property_strings(node, "compatible", compat);
>  		dt_add_property_cells(node, "reg", offset);
>  		dt_add_property_cells(node, "version", version);

More information about the Skiboot mailing list