diff options
| author | Aditya Gupta <adityag@linux.ibm.com> | 2025-03-07 11:01:02 +0530 |
|---|---|---|
| committer | Reza Arbab <arbab@linux.ibm.com> | 2025-04-02 10:35:28 -0500 |
| commit | 0e9e56e756f779cc41691539ec155d69b8d837ac (patch) | |
| tree | 9d5b2d1b3402d9613d32544bf2a539bf9e690fa2 | |
| parent | 785a5e3070a86e18521e62fe202b87209de30fa2 (diff) | |
| download | skiboot-0e9e56e756f779cc41691539ec155d69b8d837ac.zip skiboot-0e9e56e756f779cc41691539ec155d69b8d837ac.tar.gz skiboot-0e9e56e756f779cc41691539ec155d69b8d837ac.tar.bz2 | |
flash: Handle nullptr dereference of system_flash
With QEMU with NO support for MPIPL, 'p9_sbe_terminate' returns early
at:
/* Return if MPIPL is not supported */
if (!is_mpipl_enabled())
return;
But with MPIPL supported in QEMU, 'p9_sbe_terminate' continues further and
calls 'flash_unregister' which causes a Machine Check due to nullptr
dereference of 'system_flash':
[ 13.240783728,5] Reboot: OS reported error. Performing MPIPL
[ 13.241662601,5] DUMP: Crashing PIR = 0x0
[ 13.244049276,5] RESET: Fast reboot disabled: Kernel re-entered OPAL
[ 1.815018] Disabling lock debugging due to kernel taint
[ 1.815518] MCE: CPU0: machine check (Severe) Real address Load (bad) DAR: 0000006000000098 [Not recovered]
[ 1.815544] MCE: CPU0: NIP: [0000000030040f54] 0x30040f54
[ 1.815911] MCE: CPU0: Initiator CPU
[ 1.815930] MCE: CPU0: Hardware error
[ 1.816110] opal: Hardware platform error: Unrecoverable Machine Check exception
[ 1.816338] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G M 6.12.0-rc4+ #1
[ 1.816531] Tainted: [M]=MACHINE_CHECK
[ 1.816546] Hardware name: IBM PowerNV (emulated by qemu) POWER10 0x801200 opal:v7.1 PowerNV
[ 1.816629] NIP: 0000000030040f54 LR: 000000003007e528 CTR: 000000003004d75c
[ 1.816646] REGS: c0000004d5e47d60 TRAP: 0200 Tainted: G M (6.12.0-rc4+)
[ 1.816684] MSR: 9000000002a03002 <SF,HV,VEC,VSX,FP,ME,RI> CR: 28002284 XER: 00000000
[ 1.816863] CFAR: 000000003007e524 DAR: 0000006000000098 DSISR: 00000040 IRQMASK: 3
[ 1.816863] GPR00: 000000003007e528 0000000031c13ac0 0000000030192900 0000006000000060
[ 1.816863] GPR04: 0000000030500028 000000000000000a 0000000031c10068 0000000031c10068
[ 1.816863] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 1.816863] GPR12: 0000000028002284 c000000002e80000 c00000000001192c 0000000000000000
[ 1.816863] GPR16: 0000000031c10000 0000000000000000 0000000000000000 0000000000000000
[ 1.816863] GPR20: 0000000000000003 0000000000000074 0000000000000000 0000000000000000
[ 1.816863] GPR24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 1.816863] GPR28: c000000002d0e8c8 00000000301257de c000000002d0e8c8 000000000000000c
[ 1.817061] NIP [0000000030040f54] 0x30040f54
[ 1.817074] LR [000000003007e528] 0x3007e528
[ 1.817165] Call Trace:
[ 1.817337] Code: 00000060 80002138 e01d0d48 00000000 01000000 00000180 a602087c 3700223d 602e29e9 100001f8 91ff21f8 180069e8 <380023e9> 0000292c 34008241 280041f8
[ 13.247702490,0] OPAL: Reboot requested due to Platform error.
[ 13.247857686,3] OPAL: failed to log an error
[ 13.248012502,2] NVRAM: Failed to load
Previously above machine check was never hit as QEMU platform didn't
had MPIPL, and hence the caller 'p9_sbe_terminate' used to return early.
Add null check to ignore the unregister request if system_flash is not set.
Signed-off-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
| -rw-r--r-- | core/flash.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/core/flash.c b/core/flash.c index a14bfc6..d5e8e8b 100644 --- a/core/flash.c +++ b/core/flash.c @@ -88,7 +88,16 @@ void flash_release(void) bool flash_unregister(void) { - struct blocklevel_device *bl = system_flash->bl; + struct blocklevel_device *bl; + + if (!system_flash) { + prlog(PR_WARNING, "System Flash is not registered, ignoring" + " unregister request\n"); + + return true; + } + + bl = system_flash->bl; if (bl->exit) return bl->exit(bl); |