Segmentation fault in aspeed-hace

[wangzqbj]

Captured by gdb

0x00007ffff6e08a06 in has_padding (pad_offset=<synthetic pointer>, total_msg_len=<synthetic pointer>, req_len=17, total_req_len=56476, iov=0x7ffff5e973c0) at ../hw/misc/aspeed_hace.c:129
129	       if (padding[*pad_offset] == 0x80) {
(gdb) p padding_size
$1 = 45
(gdb) p *padding_offset
No symbol "padding_offset" in current context.
(gdb) p *pad_offset
$2 = 4294967268
(gdb) bt
#0  0x00007ffff6e08a06 in has_padding (pad_offset=<synthetic pointer>, total_msg_len=<synthetic pointer>, req_len=17, total_req_len=56476, 
    iov=0x7ffff5e973c0) at ../hw/misc/aspeed_hace.c:129
#1  gen_acc_mode_iov (cache=0x7ffff7fd5600 <iov_cache>, total_req_len=0x7ffff7fd55e4 <total_len>, count=0x7ffff7fd55e0 <count>, 
    req_len=0x7ffff5e973a8, id=<optimized out>, iov=0x7ffff5e973b0) at ../hw/misc/aspeed_hace.c:176
#2  do_hash_operation (s=s@entry=0x7ffff60077b0, algo=3, sg_mode=sg_mode@entry=true, acc_mode=acc_mode@entry=true)
    at ../hw/misc/aspeed_hace.c:235
#3  0x00007ffff6e09001 in aspeed_hace_write (opaque=<optimized out>, addr=12, data=262488, size=<optimized out>)
    at ../hw/misc/aspeed_hace.c:372
#4  0x00007ffff706ad54 in memory_region_write_accessor (mr=mr@entry=0x7ffff6007ad0, addr=48, value=value@entry=0x7ffff5e98548, 
    size=size@entry=4, shift=<optimized out>, mask=mask@entry=4294967295, attrs=...) at ../softmmu/memory.c:492
#5  0x00007ffff7068266 in access_with_adjusted_size_aligned (addr=addr@entry=48, value=value@entry=0x7ffff5e98548, size=size@entry=4, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=0x7ffff706acd0 <memory_region_write_accessor>, 
    mr=0x7ffff6007ad0, attrs=...) at ../softmmu/memory.c:553
#6  0x00007ffff706c948 in memory_region_dispatch_write (mr=mr@entry=0x7ffff6007ad0, addr=addr@entry=48, data=<optimized out>, 
    data@entry=262488, op=op@entry=MO_32, attrs=...) at ../softmmu/memory.c:1650
#7  0x00007ffff7157ea9 in io_writex (env=env@entry=0x7ffff5fe7f10, iotlbentry=0x7fff6803f200, mmu_idx=mmu_idx@entry=7, val=val@entry=262488, 
    addr=addr@entry=510459952, retaddr=retaddr@entry=140736149505328, op=MO_32) at ../accel/tcg/cputlb.c:1429
#8  0x00007ffff715c7dc in store_helper (op=MO_32, retaddr=140736149505328, oi=<optimized out>, val=262488, addr=510459952, 
    env=0x7ffff5fe7f10) at ../accel/tcg/cputlb.c:2363
#9  full_le_stl_mmu (env=0x7ffff5fe7f10, addr=<optimized out>, val=262488, oi=<optimized out>, retaddr=140736149505328)
    at ../accel/tcg/cputlb.c:2451
#10 0x00007fffb032c530 in code_gen_buffer ()
#11 0x00007ffff714eace in cpu_tb_exec (cpu=cpu@entry=0x7ffff5fde1b0, itb=itb@entry=0x7fffb033e7c0 <code_gen_buffer+3401619>, 
    tb_exit=tb_exit@entry=0x7ffff5e98c2c) at ../accel/tcg/cpu-exec.c:357
#12 0x00007ffff714fc68 in cpu_loop_exec_tb (tb_exit=0x7ffff5e98c2c, last_tb=<synthetic pointer>, 
    tb=0x7fffb033e7c0 <code_gen_buffer+3401619>, cpu=0x7ffff5fde1b0) at ../accel/tcg/cpu-exec.c:847
#13 cpu_exec (cpu=cpu@entry=0x7ffff5fde1b0) at ../accel/tcg/cpu-exec.c:1006
#14 0x00007ffff7163d54 in tcg_cpus_exec (cpu=cpu@entry=0x7ffff5fde1b0) at ../accel/tcg/tcg-accel-ops.c:68
#15 0x00007ffff7163ea7 in mttcg_cpu_thread_fn (arg=arg@entry=0x7ffff5fde1b0) at ../accel/tcg/tcg-accel-ops-mttcg.c:96
#16 0x00007ffff7344c31 in qemu_thread_start (args=<optimized out>) at ../util/qemu-thread-posix.c:556
#17 0x00007ffff74c74eb in start_thread ()
#18 0x00007ffff75649c0 in clone3 ()

uboot: remove the hash check, otherwise, the boot will stop at uboot-cli

diff --git a/common/image-fit.c b/common/image-fit.c
index 3c8667f93d..c655b297e5 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1193,7 +1193,7 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data,
                return -1;
        } else if (memcmp(value, fit_value, value_len) != 0) {
                *err_msgp = "Bad hash value";
-               return -1;
+               return 0;
        }
 
        return 0;

tested on a bmc based on ast2600 with 64M flash

[legoater]

hello @wangzqbj

@shenki disabled hash hardware accel [1] in mainline for similar reasons.
Could you provide a link to the u-boot image you are using or a link to the tree ?

I think we should open issues directly on the QEMU project [2]

Thanks,

C.

[1] https://source.denx.de/u-boot/u-boot/-/commit/f78a1f21171c
[2] https://gitlab.com/qemu-project/qemu/-/issues/

[wangzqbj]

I think we should open issues directly on the QEMU project [2]

I created an issue here https://gitlab.com/qemu-project/qemu/-/issues/1121

Could you provide a link to the u-boot image you are using or a link to the tree ?

Sorry, I tested on a machine which is not ready for upstream. The uboot I used is v2019.04-aspeed-openbmc

openbmc/u-boot@0f24556

[legoater]

Thanks for creating the issue John.