Segmentation fault in aspeed-hace Description of problem: Steps to reproduce: 1. run qemu-machine nf5280m7-bmc 2. it will seg falult when load fitimage Additional information: Captured by gdb ``` 0x00007ffff6e08a06 in has_padding (pad_offset=, total_msg_len=, req_len=17, total_req_len=56476, iov=0x7ffff5e973c0) at ../hw/misc/aspeed_hace.c:129 129 if (padding[*pad_offset] == 0x80) { (gdb) p padding_size $1 = 45 (gdb) p *padding_offset No symbol "padding_offset" in current context. (gdb) p *pad_offset $2 = 4294967268 (gdb) bt #0 0x00007ffff6e08a06 in has_padding (pad_offset=, total_msg_len=, req_len=17, total_req_len=56476, iov=0x7ffff5e973c0) at ../hw/misc/aspeed_hace.c:129 #1 gen_acc_mode_iov (cache=0x7ffff7fd5600 , total_req_len=0x7ffff7fd55e4 , count=0x7ffff7fd55e0 , req_len=0x7ffff5e973a8, id=, iov=0x7ffff5e973b0) at ../hw/misc/aspeed_hace.c:176 #2 do_hash_operation (s=s@entry=0x7ffff60077b0, algo=3, sg_mode=sg_mode@entry=true, acc_mode=acc_mode@entry=true) at ../hw/misc/aspeed_hace.c:235 #3 0x00007ffff6e09001 in aspeed_hace_write (opaque=, addr=12, data=262488, size=) at ../hw/misc/aspeed_hace.c:372 #4 0x00007ffff706ad54 in memory_region_write_accessor (mr=mr@entry=0x7ffff6007ad0, addr=48, value=value@entry=0x7ffff5e98548, size=size@entry=4, shift=, mask=mask@entry=4294967295, attrs=...) at ../softmmu/memory.c:492 #5 0x00007ffff7068266 in access_with_adjusted_size_aligned (addr=addr@entry=48, value=value@entry=0x7ffff5e98548, size=size@entry=4, access_size_min=, access_size_max=, access_fn=0x7ffff706acd0 , mr=0x7ffff6007ad0, attrs=...) at ../softmmu/memory.c:553 #6 0x00007ffff706c948 in memory_region_dispatch_write (mr=mr@entry=0x7ffff6007ad0, addr=addr@entry=48, data=, data@entry=262488, op=op@entry=MO_32, attrs=...) at ../softmmu/memory.c:1650 #7 0x00007ffff7157ea9 in io_writex (env=env@entry=0x7ffff5fe7f10, iotlbentry=0x7fff6803f200, mmu_idx=mmu_idx@entry=7, val=val@entry=262488, addr=addr@entry=510459952, retaddr=retaddr@entry=140736149505328, op=MO_32) at ../accel/tcg/cputlb.c:1429 #8 0x00007ffff715c7dc in store_helper (op=MO_32, retaddr=140736149505328, oi=, val=262488, addr=510459952, env=0x7ffff5fe7f10) at ../accel/tcg/cputlb.c:2363 #9 full_le_stl_mmu (env=0x7ffff5fe7f10, addr=, val=262488, oi=, retaddr=140736149505328) at ../accel/tcg/cputlb.c:2451 #10 0x00007fffb032c530 in code_gen_buffer () #11 0x00007ffff714eace in cpu_tb_exec (cpu=cpu@entry=0x7ffff5fde1b0, itb=itb@entry=0x7fffb033e7c0 , tb_exit=tb_exit@entry=0x7ffff5e98c2c) at ../accel/tcg/cpu-exec.c:357 #12 0x00007ffff714fc68 in cpu_loop_exec_tb (tb_exit=0x7ffff5e98c2c, last_tb=, tb=0x7fffb033e7c0 , cpu=0x7ffff5fde1b0) at ../accel/tcg/cpu-exec.c:847 #13 cpu_exec (cpu=cpu@entry=0x7ffff5fde1b0) at ../accel/tcg/cpu-exec.c:1006 #14 0x00007ffff7163d54 in tcg_cpus_exec (cpu=cpu@entry=0x7ffff5fde1b0) at ../accel/tcg/tcg-accel-ops.c:68 #15 0x00007ffff7163ea7 in mttcg_cpu_thread_fn (arg=arg@entry=0x7ffff5fde1b0) at ../accel/tcg/tcg-accel-ops-mttcg.c:96 #16 0x00007ffff7344c31 in qemu_thread_start (args=) at ../util/qemu-thread-posix.c:556 #17 0x00007ffff74c74eb in start_thread () #18 0x00007ffff75649c0 in clone3 () ``` the uboot: https://github.com/openbmc/u-boot/commit/0f245563c2cb3a6b4f1206db4f1a9f0325406094 we should remove the hash check, otherwise, the boot will stop at uboot-cli ``` diff --git a/common/image-fit.c b/common/image-fit.c index 3c8667f93d..c655b297e5 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1193,7 +1193,7 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data, return -1; } else if (memcmp(value, fit_value, value_len) != 0) { *err_msgp = "Bad hash value"; - return -1; + return 0; } return 0; ```