bug report : /drivers/pci/pcie_layerscape_rc.c "pcie->ctrl used without being initialised"

florian.manoel at siemens.com florian.manoel at siemens.com
Tue Mar 9 10:55:53 CET 2021 

Hi,

I would like to report a bug I got, while updating my u-boot version.

Configuration :
CPU : NXP LS1043a
u-boot version : v2020.10  (I didn't see a fix for this issue in the latest u-boot version)


What was happening :
Function "unsigned int ctrl_readl(struct ls_pcie *pcie, unsigned int offset)" in "/drivers/pci/pcie_layerscape.c" was leading to a panic due to a read at an incorrect address.

What was wrong :
The address to read at, is extracted from the DTB, in my case, the nodes 'pcie', name 'ctrl' from the 'reg-name' list. This is done in the function "static int ls_pcie_probe(struct udevice *dev)" in "/drivers/pci/pcie_layerscape_rc.c"
In some case (mine at least), the DTB doesn't contain the name 'ctrl' in the list 'reg-names' for the pcie nodes, causing 'fdt_get_named_resource()' to return (-1).
This (-1) avoid the variable 'pcie->ctrl'  to be initialized. This variable is not directly declared but a pointer 'pcie' to a structure ls_pcie is declared instead.
Because the value of 'pcie->ctrl'  is not initialized, there is a non-zero random value inside that passes the test "if (!pcie->ctrl)" and leads to the panic while given to the ctrl_read() as address to read.

How I fixed it :
Initialize the value of "pcie->ctrl" to NULL at the beginning of the function ls_pcie_probe()
This make the check "if (!pcie->ctrl)" to fail and the variable "pcie->ctrl" is then initialized.

How to reproduce it :
Not sure...
We load a FIT image containing a kernel, ramdisk and a DTB from an NOR memory through a QSPI interface. The checksum are OK.
Then, we boot from it using the command 'bootm'. Once the FIT element are loaded, some checks (link) are done on the PCIe and the issue happens here.
But,
If I start another firmware, using the same DTB, from an eMMC memory. I have no issue at all, "pcie->ctrl" is initialized to NULL directly without need of a fix.


Let me know if you want more information.


Mit freundlichen Grüßen
Florian Manoël

Siemens AG
Digital Industries
Process Automation
DI PA DCP R&D 2
Östliche Rheinbrückenstr. 50
76187 Karlsruhe, Deutschland
Tel.: +49 721 667-20051
mailto:florian.manoel at siemens.com

www.siemens.com

Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Klaus Helmrich, Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322

More information about the U-Boot mailing list