diff mbox

[RFC,1/3] hw/lpc-mbox: Add skiboot drivers for the BMC mbox regs

Message ID 1484433744.12241.99.camel@neuling.org
State Superseded
Headers show

Commit Message

Michael Neuling Jan. 14, 2017, 10:42 p.m. UTC 
> +int bmc_mbox_enqueue(struct bmc_mbox_msg *msg)
> +{
> +	int rc = 0;

Can you add a check here to ensure mbox.base is set?  

I've hit a few cases in testing new platforms where bmc_mbox_enqueue() get
called from mbox_flash_init() but mbox_init() hasn't been run.  I end up with a
very odd crash when mbox.base gets de-referenced and starts corrupting random
bits of memory.

Something like:
diff mbox

Patch

diff --git a/hw/lpc-mbox.c b/hw/lpc-mbox.c
index 0ffc5e97d6..7818943864 100644
--- a/hw/lpc-mbox.c
+++ b/hw/lpc-mbox.c
@@ -118,6 +118,11 @@  static void bmc_mbox_send_message(struct bmc_mbox_msg *msg)
 int bmc_mbox_enqueue(struct bmc_mbox_msg *msg)
 {
        int rc = 0;
+
+       /* In case mbox is not inited */
+       if (!mbox.base)
+               return -1;
+
        lock(&mbox.lock);
        if (mbox.queue_len == MBOX_MAX_QUEUE_LEN) {
                rc = -1;