From 99d09b601eb3809a4cc2aa409da34bc4fe32f67f Mon Sep 17 00:00:00 2001
From: Bin Meng <bmeng@tinylab.org>
Date: Thu, 23 Feb 2023 18:40:09 +0800
Subject: include: fdt/fdt_helper: Change fdt_get_address() to return
 root.next_arg1

In sbi_domain_finalize(), when locating the coldboot hart's domain,
the coldboot hart's scratch->arg1 will be overwritten by the domain
configuration. However scratch->arg1 holds the FDT address of the
coldboot hart, and is still being accessed by fdt_get_address() in
later boot process. scratch->arg1 could then contain completely
garbage and lead to a crash.

To fix this, we change fdt_get_address() to return root domain's
next_arg1 as the FDT pointer.

Resolves: https://github.com/riscv-software-src/opensbi/issues/281
Fixes: b1678af210dc ("lib: sbi: Add initial domain support")
Reported-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Anup Patel <anup@brainfault.org>
---
 include/sbi_utils/fdt/fdt_helper.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/sbi_utils/fdt/fdt_helper.h b/include/sbi_utils/fdt/fdt_helper.h
index 09f3095..39d7f3a 100644
--- a/include/sbi_utils/fdt/fdt_helper.h
+++ b/include/sbi_utils/fdt/fdt_helper.h
@@ -11,7 +11,7 @@
 #define __FDT_HELPER_H__
 
 #include <sbi/sbi_types.h>
-#include <sbi/sbi_scratch.h>
+#include <sbi/sbi_domain.h>
 
 struct fdt_match {
 	const char *compatible;
@@ -109,7 +109,7 @@ int fdt_parse_compat_addr(void *fdt, uint64_t *addr,
 
 static inline void *fdt_get_address(void)
 {
-	return sbi_scratch_thishart_arg1_ptr();
+	return (void *)root.next_arg1;
 }
 
 #endif /* __FDT_HELPER_H__ */
-- 
cgit v1.2.3