All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Alison Schofield <alison.schofield@intel.com>,
	Dan Williams <dan.j.williams@intel.com>
Cc: Vishal Verma <vishal.l.verma@intel.com>,
	Ira Weiny <ira.weiny@intel.com>,
	Ben Widawsky <bwidawsk@kernel.org>,
	Jonathan Cameron <Jonathan.Cameron@huawei.com>,
	linux-cxl@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH 3/3] cxl/region: decrement ->nr_targets on error in cxl_region_attach()
Date: Mon, 1 Aug 2022 13:56:26 +0300	[thread overview]
Message-ID: <20220801105626.GC3460@kadam> (raw)
In-Reply-To: <YuepCvUAoCtdpcoO@kili>

On Mon, Aug 01, 2022 at 01:20:58PM +0300, Dan Carpenter wrote:
> The ++ needs a match -- on the clean up path.  If the p->nr_targets
> value gets to be more than 16 it leads to uninitialized data in
> cxl_port_setup_targets().
> 
> drivers/cxl/core/region.c:995 cxl_port_setup_targets() error: uninitialized symbol 'eiw'.
> 
> Fixes: 27b3f8d13830 ("cxl/region: Program target lists")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

The error handling in cxl_port_attach_region() looks like it might have
a similar bug.  The cxl_rr->nr_targets++; might want a --.

That function is more complicated.

drivers/cxl/core/region.c
   740  static int cxl_port_attach_region(struct cxl_port *port,
   741                                    struct cxl_region *cxlr,
   742                                    struct cxl_endpoint_decoder *cxled, int pos)
   743  {
   744          struct cxl_memdev *cxlmd = cxled_to_memdev(cxled);
   745          struct cxl_ep *ep = cxl_ep_load(port, cxlmd);
   746          struct cxl_region_ref *cxl_rr = NULL, *iter;
   747          struct cxl_region_params *p = &cxlr->params;
   748          struct cxl_decoder *cxld = NULL;
   749          unsigned long index;
   750          int rc = -EBUSY;
   751  
   752          lockdep_assert_held_write(&cxl_region_rwsem);
   753  
   754          xa_for_each(&port->regions, index, iter) {
   755                  struct cxl_region_params *ip = &iter->region->params;
   756  
   757                  if (iter->region == cxlr)
   758                          cxl_rr = iter;

Should there be a break statement after this assignment

   759                  if (ip->res->start > p->res->start) {

or do we really want to test every ip->res->start?  This loop is
confusing...

   760                          dev_dbg(&cxlr->dev,
   761                                  "%s: HPA order violation %s:%pr vs %pr\n",
   762                                  dev_name(&port->dev),
   763                                  dev_name(&iter->region->dev), ip->res, p->res);
   764                          return -EBUSY;
   765                  }
   766          }
   767  
   768          if (cxl_rr) {
   769                  struct cxl_ep *ep_iter;
   770                  int found = 0;
   771  
   772                  cxld = cxl_rr->decoder;
   773                  xa_for_each(&cxl_rr->endpoints, index, ep_iter) {

regards,
dan carpenter

  reply	other threads:[~2022-08-01 10:57 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-01 10:19 [PATCH 1/3] cxl/region: uninitialized variable in alloc_hpa() Dan Carpenter
2022-08-01 10:20 ` [PATCH 2/3] cxl/region: prevent underflow in ways_to_cxl() Dan Carpenter
2022-08-01 19:09   ` Dan Williams
2022-08-01 10:20 ` [PATCH 3/3] cxl/region: decrement ->nr_targets on error in cxl_region_attach() Dan Carpenter
2022-08-01 10:56   ` Dan Carpenter [this message]
2022-08-01 19:49     ` Dan Williams
2022-08-01 19:11   ` Dan Williams
2022-08-01 19:07 ` [PATCH 1/3] cxl/region: uninitialized variable in alloc_hpa() Dan Williams
2022-08-02  6:43   ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220801105626.GC3460@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=Jonathan.Cameron@huawei.com \
    --cc=alison.schofield@intel.com \
    --cc=bwidawsk@kernel.org \
    --cc=dan.j.williams@intel.com \
    --cc=ira.weiny@intel.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-cxl@vger.kernel.org \
    --cc=vishal.l.verma@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.