From: sashiko-bot@kernel.org
To: "Srirangan Madhavan" <smadhavan@nvidia.com>
Cc: linux-cxl@vger.kernel.org, linux-pci@vger.kernel.org
Subject: Re: [PATCH v7 02/11] cxl: Cache decoder settings on PCI devices
Date: Tue, 23 Jun 2026 03:42:21 +0000 [thread overview]
Message-ID: <20260623034222.3AAF51F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260623032453.3404772-3-smadhavan@nvidia.com>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
New issues:
- [High] Cached target list is truncated to 8 targets, breaking reset recovery for 16-way interleaving.
Pre-existing issues:
- [High] HDM target list parsing uses an endian-unsafe union, reversing target IDs on big-endian architectures.
- [High] Stack out-of-bounds read occurs when processing decoders with more than 8 interleave ways.
--
commit 1a9ec0491bde62ac73e5c79d561f966396fbb2b8
Author: Srirangan Madhavan <smadhavan@nvidia.com>
cxl: Cache decoder settings on PCI devices
Cache CXL core's HDM decoder settings in pci_dev->hdm as decoders are
enumerated, committed, or reset. PCI reset paths can use this snapshot to
restore HDM programming without walking CXL topology during reset recovery.
> diff --git a/drivers/cxl/core/hdm.c b/drivers/cxl/core/hdm.c
> index fa978c297546f..83cda63f76a5a 100644
> --- a/drivers/cxl/core/hdm.c
> +++ b/drivers/cxl/core/hdm.c
[ ... ]
> @@ -989,6 +1061,7 @@ static int init_hdm_decoder(struct cxl_port *port, struct cxl_decoder *cxld,
> lo = readl(hdm + CXL_HDM_DECODER0_TL_LOW(which));
> hi = readl(hdm + CXL_HDM_DECODER0_TL_HIGH(which));
> target_list.value = (hi << 32) + lo;
> + cxld->targets = target_list.value;
[Severity: High]
Does this truncate the target list to 8 targets?
Since target_list.value is a u64, if a decoder is configured for 16-way
interleaving, it looks like the extended target list registers are ignored
and the upper 8 targets will be permanently lost during reset recovery.
> for (i = 0; i < cxld->interleave_ways; i++)
> cxld->target_map[i] = target_list.target_id[i];
[Severity: High]
This isn't a bug introduced by this patch, but doesn't the target_list
union overlay reverse the target list on big-endian architectures?
The target_list union maps an 8-byte array over a u64, which accesses
the value in memory order.
[Severity: High]
This is also a pre-existing issue, but since target_id is strictly bounded
to 8 bytes in the union, does this loop perform a stack out-of-bounds read
into cxld->target_map if cxld->interleave_ways is greater than 8?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260623032453.3404772-1-smadhavan@nvidia.com?part=2
next prev parent reply other threads:[~2026-06-23 3:42 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 3:24 [PATCH v7 00/11] PCI/CXL: Add CXL reset support for Type 2 devices Srirangan Madhavan
2026-06-23 3:24 ` [PATCH v7 01/11] cxl: Split decoder programming into a reusable helper Srirangan Madhavan
2026-06-23 3:42 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 02/11] cxl: Cache decoder settings on PCI devices Srirangan Madhavan
2026-06-23 3:42 ` sashiko-bot [this message]
2026-06-23 3:24 ` [PATCH v7 03/11] cxl: Cache endpoint decoder settings during PCI enumeration Srirangan Madhavan
2026-06-23 3:45 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 04/11] PCI: Export pci_dev_save_and_disable() and pci_dev_restore() Srirangan Madhavan
2026-06-23 3:34 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 05/11] cxl: Add CXL Device Reset helper Srirangan Madhavan
2026-06-23 3:36 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 06/11] cxl: Validate HDM ranges before CXL reset Srirangan Madhavan
2026-06-23 3:33 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 07/11] PCI/cxl: Discover the CXL reset scope Srirangan Madhavan
2026-06-23 3:34 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 08/11] cxl: Coordinate sibling functions for CXL reset Srirangan Madhavan
2026-06-23 3:42 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 09/11] cxl: Restore CXL HDM state after PCI reset Srirangan Madhavan
2026-06-23 3:39 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 10/11] PCI/cxl: Expose CXL Reset as a PCI reset method Srirangan Madhavan
2026-06-23 3:47 ` sashiko-bot
2026-06-23 3:24 ` [PATCH v7 11/11] Documentation/ABI: Document CXL Reset " Srirangan Madhavan
2026-06-23 3:35 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623034222.3AAF51F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=smadhavan@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.