From: Jonathan Cameron via <qemu-devel@nongnu.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Michael S. Tsirkin" <mst@redhat.com>, <qemu-devel@nongnu.org>,
"Vinayak Holikatti" <vinayak.kh@samsung.com>,
Fan Ni <fan.ni@samsung.com>
Subject: Re: [PULL 03/27] hw/cxl/cxl-mailbox-utils: Add support for Media operations discovery commands cxl r3.2 (8.2.10.9.5.3)
Date: Wed, 17 Sep 2025 14:05:03 +0100 [thread overview]
Message-ID: <20250917140503.0000231b@huawei.com> (raw)
In-Reply-To: <CAFEAcA-p5wZkNxK7wNVq_3PAzEE-muOd1Def-0O-FSpck4DrBQ@mail.gmail.com>
On Thu, 10 Jul 2025 14:26:07 +0100
Peter Maydell <peter.maydell@linaro.org> wrote:
> On Wed, 14 May 2025 at 12:50, Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > From: Vinayak Holikatti <vinayak.kh@samsung.com>
> >
> > CXL spec 3.2 section 8.2.10.9.5.3 describes media operations commands.
> > CXL devices supports media operations discovery command.
> >
> > Signed-off-by: Vinayak Holikatti <vinayak.kh@samsung.com>
> > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > Message-Id: <20250305092501.191929-4-Jonathan.Cameron@huawei.com>
> > Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > ---
> > hw/cxl/cxl-mailbox-utils.c | 125 +++++++++++++++++++++++++++++++++++++
> > 1 file changed, 125 insertions(+)
>
>
>
> > +static CXLRetCode media_operations_discovery(uint8_t *payload_in,
> > + size_t len_in,
> > + uint8_t *payload_out,
> > + size_t *len_out)
> > +{
> > + struct {
> > + uint8_t media_operation_class;
> > + uint8_t media_operation_subclass;
> > + uint8_t rsvd[2];
> > + uint32_t dpa_range_count;
> > + struct {
> > + uint16_t start_index;
> > + uint16_t num_ops;
> > + } discovery_osa;
> > + } QEMU_PACKED *media_op_in_disc_pl = (void *)payload_in;
> > + struct media_op_discovery_out_pl *media_out_pl =
> > + (struct media_op_discovery_out_pl *)payload_out;
> > + int num_ops, start_index, i;
> > + int count = 0;
> > +
> > + if (len_in < sizeof(*media_op_in_disc_pl)) {
> > + return CXL_MBOX_INVALID_PAYLOAD_LENGTH;
> > + }
> > +
> > + num_ops = media_op_in_disc_pl->discovery_osa.num_ops;
> > + start_index = media_op_in_disc_pl->discovery_osa.start_index;
> > +
> > + /*
> > + * As per spec CXL r3.2 8.2.10.9.5.3 dpa_range_count should be zero and
> > + * start index should not exceed the total number of entries for discovery
> > + * sub class command.
> > + */
> > + if (media_op_in_disc_pl->dpa_range_count ||
> > + start_index > ARRAY_SIZE(media_op_matrix)) {
>
> Coverity thinks this bounds check is wrong (CID 1610091):
> we allow start_index equal to the ARRAY_SIZE(media_op_matrix),
> which means that in the loop below we will index off the
> end of the array.
>
> Don't we also need to be checking (start_index + num_ops)
> against the array size bounds, not just start_index ?
Agreed. I think this should be
start_index + num_ops > ARRAY_SIZE(media_op_matrix);
>
> > + return CXL_MBOX_INVALID_INPUT;
> > + }
> > +
> > + media_out_pl->dpa_range_granularity = CXL_CACHE_LINE_SIZE;
> > + media_out_pl->total_supported_operations =
> > + ARRAY_SIZE(media_op_matrix);
> > + if (num_ops > 0) {
> > + for (i = start_index; i < start_index + num_ops; i++) {
> > + media_out_pl->entry[count].media_op_class =
> > + media_op_matrix[i].media_op_class;
> > + media_out_pl->entry[count].media_op_subclass =
> > + media_op_matrix[i].media_op_subclass;
> > + count++;
> > + if (count == num_ops) {
> > + break;
> > + }
> > + }
> > + }
> > +
> > + media_out_pl->num_of_supported_operations = count;
> > + *len_out = sizeof(*media_out_pl) + count * sizeof(*media_out_pl->entry);
> > + return CXL_MBOX_SUCCESS;
> > +}
>
> The functions in this patch also look like they aren't correctly
> handling the "guest and host endianness differ" case.
The fields in CXL mailbox commands are all defined as little endian.
There is a problem with littlendian vs guest. That's true of a lot
of the CXL code and something that needs a thorough audit at some point.
I'll leave this for now. Given how slow emulating an big endian system
is it's rather a marathon effort to test any such fixes.
I'll sort out a fix for the issue in previous patch as well.
Thanks,
Jonathan
>
> thanks
> -- PMM
next prev parent reply other threads:[~2025-09-17 13:14 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-14 11:50 [PULL 00/27] virtio,pci,pc: fixes, features Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 01/27] hw/cxl: Support aborting background commands Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 02/27] hw/cxl: Support get/set mctp response payload size Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 03/27] hw/cxl/cxl-mailbox-utils: Add support for Media operations discovery commands cxl r3.2 (8.2.10.9.5.3) Michael S. Tsirkin
2025-07-10 13:26 ` Peter Maydell
2025-09-17 13:05 ` Jonathan Cameron via [this message]
2025-05-14 11:50 ` [PULL 04/27] hw/cxl: factor out calculation of sanitize duration from cmd_santize_overwrite Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 05/27] hw/cxl/cxl-mailbox-utils: Media operations Sanitize and Write Zeros commands CXL r3.2(8.2.10.9.5.3) Michael S. Tsirkin
2025-07-10 13:23 ` Peter Maydell
2025-10-28 13:41 ` Peter Maydell
2025-05-14 11:50 ` [PULL 06/27] hw/cxl/cxl-mailbox-utils: CXL CCI Get/Set alert config commands Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 07/27] docs/cxl: Add serial number for persistent-memdev Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 08/27] hw/pci: Do not add ROM BAR for SR-IOV VF Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 09/27] hw/pci: Fix SR-IOV VF number calculation Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 10/27] pcie_sriov: Ensure PF and VF are mutually exclusive Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 11/27] pcie_sriov: Check PCI Express for SR-IOV PF Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 12/27] pcie_sriov: Allow user to create SR-IOV device Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 13/27] virtio-pci: Implement SR-IOV PF Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 14/27] virtio-net: Implement SR-IOV VF Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 15/27] docs: Document composable SR-IOV device Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 16/27] pcie_sriov: Make a PCI device with user-created VF ARI-capable Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 17/27] pci-testdev.c: Add membar-backed option for backing membar Michael S. Tsirkin
2025-05-14 11:50 ` [PULL 18/27] system/runstate: add VM state change cb with return value Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 19/27] vhost: return failure if stop virtqueue failed in vhost_dev_stop Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 20/27] vhost-user: return failure if backend crash when live migration Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 21/27] vhost-scsi: support VIRTIO_SCSI_F_HOTPLUG Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 22/27] virtio: Call set_features during reset Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 23/27] virtio: Move virtio_reset() Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 24/27] intel_iommu: Use BQL_LOCK_GUARD to manage cleanup automatically Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 25/27] intel_iommu: Take locks when looking for and creating address spaces Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 26/27] hw/i386/amd_iommu: Isolate AMDVI-PCI from amd-iommu device to allow full control over the PCI device creation Michael S. Tsirkin
2025-05-14 11:51 ` [PULL 27/27] hw/i386/amd_iommu: Allow migration when explicitly create the AMDVI-PCI device Michael S. Tsirkin
2025-05-15 21:53 ` [PULL 00/27] virtio,pci,pc: fixes, features Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250917140503.0000231b@huawei.com \
--to=qemu-devel@nongnu.org \
--cc=fan.ni@samsung.com \
--cc=jonathan.cameron@huawei.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=vinayak.kh@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.