diff options
| author | Sam Protsenko <semen.protsenko@linaro.org> | 2025-01-11 21:42:12 -0600 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2025-06-20 08:01:09 -0600 |
| commit | 8da358c0a15a4f538d561602f600b2695fedeb56 (patch) | |
| tree | a36826f6538e61ef11187796a49f17080f94b876 /drivers/ddr/imx/imx8ulp | |
| parent | 11319e0e2bbf7b3892658d45017cd80c41ad961b (diff) | |
bootstd: Probe bootmeth devices for bootmeths env var
Specifying efi_mgr in 'bootmeths' environment variable leads to NULL
pointer dereference when 'bootflow scan' is executed, with call trace
like this:
priv->fake_dev // NULL pointer dereference
.read_bootflow = efi_mgr_read_bootflow()
bootmeth_get_bootflow()
bootflow_check()
bootflow_scan_first()
do_bootflow_scan()
'bootflow scan -l'
That happens because in case when 'bootmeths' env var is defined the
bootmeth_efi_mgr driver is not probed, and the memory for its private
data isn't allocated by .priv_auto. In case when 'bootmeths' env var is
not defined, the std->bootmeth_count is 0, and the execution flow in
bootmeth_setup_iter_order() takes "no ordering" path, which in turn runs
uclass_get_device_by_seq() -> ... -> device_probe(), so issue isn't
present there. But when 'bootmeths' is defined and contains efi_mgr, the
std->bootmeth_count > 0, so bootmeth_setup_iter_order() follows the "we
have an ordering" path, where devices are not probed. In other words:
'bootmeths' defined 'bootmeths' not defined
--------------------------------------------------------
priv == NULL priv != NULL
^ ^
| device_alloc_priv()
no probe device_of_to_plat()
^ device_probe()
| uclass_get_device_tail()
dev = order[i] uclass_get_device_by_seq()
^ ^
| have an ordering | no ordering
+----------------+---------------+
|
bootmeth_setup_iter_order()
bootflow_scan_first()
do_bootflow_scan()
Add an explicit device_probe() call in "we have an ordering" case to fix
the issue.
Fixes: c627cfc14c08 ("bootstd: Allow scanning for global bootmeths separately")
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'drivers/ddr/imx/imx8ulp')
0 files changed, 0 insertions, 0 deletions