From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: peng guo <engguopeng@buaa.edu.cn>
Cc: <fan.ni@samsung.com>, <linux-cxl@vger.kernel.org>,
Davidlohr Bueso <dave@stgolabs.net>
Subject: Re: [RESEND] hw/cxl: fix the determination of illegal physical addresses
Date: Fri, 23 Aug 2024 16:14:34 +0100 [thread overview]
Message-ID: <20240823161434.00004b30@Huawei.com> (raw)
In-Reply-To: <20240819120317.12505-1-engguopeng@buaa.edu.cn>
On Mon, 19 Aug 2024 20:03:17 +0800
peng guo <engguopeng@buaa.edu.cn> wrote:
> When physical address range in the input payload of scan media command
> exceeds static_mem_size but does not exceed the sum of static and dynamic
> memory, the scan media mailbox command unexpectedly returns an error code
> which is CXL_MBOX_INVALID_PA.
>
> This patch determines whether the physical address is valid in two cases.
> If dynamic memory exists, check whether the address range of the request
> exceeds the range of static memory and dynamic memory.If dynamic memory
> does not exist, then check whether the address range of the request
> exceeds the static memory size.
>
> Fixes: d61cc5b6a8d3 ("hw/cxl: Add get scan media capabilities cmd support")
Is that the right one, this code is affecting cmd_media_scan_media()
not the capabilities one which always limits to static_mem_size and
hence also looks wrong.
> Signed-off-by: peng guo <engguopeng@buaa.edu.cn>
As with the other patch, this needs to go to qemu-devel list
+ both should have gone to Davidlohr as author the patch you
are fixing (sort of it, it's mostly down to what order patches
landed in I think).
Fan, Davidlohr, do we want to just cover the DCD regions as
well with all the scan_media commands?
> ---
> hw/cxl/cxl-mailbox-utils.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
> index 3ebbd32e10..b23c6b9b0b 100644
> --- a/hw/cxl/cxl-mailbox-utils.c
> +++ b/hw/cxl/cxl-mailbox-utils.c
> @@ -1943,11 +1943,12 @@ static CXLRetCode cmd_media_scan_media(const struct cxl_cmd *cmd,
> }
> query_length = ldq_le_p(&in->length) * CXL_CACHE_LINE_SIZE;
>
> - if (query_start + query_length > cxl_dstate->static_mem_size) {
> - return CXL_MBOX_INVALID_PA;
> - }
> - if (ct3d->dc.num_regions && query_start + query_length >=
> + if (ct3d->dc.num_regions) {
> + if (query_start + query_length >=
> cxl_dstate->static_mem_size + ct3d->dc.total_capacity) {
> + return CXL_MBOX_INVALID_PA;
> + }
> + } else if (query_start + query_length > cxl_dstate->static_mem_size) {
> return CXL_MBOX_INVALID_PA;
> }
Can we not rely on dc.total_capacity == 0 if num_regions == 0/
>
next prev parent reply other threads:[~2024-08-23 15:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-19 12:03 [RESEND] hw/cxl: fix the determination of illegal physical addresses peng guo
2024-08-23 15:14 ` Jonathan Cameron [this message]
2024-09-04 20:01 ` Davidlohr Bueso
2025-08-05 14:31 ` peng guo
2025-08-13 11:15 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240823161434.00004b30@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=dave@stgolabs.net \
--cc=engguopeng@buaa.edu.cn \
--cc=fan.ni@samsung.com \
--cc=linux-cxl@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.