From: Richard Cheng <icheng@nvidia.com>
To: dave@stgolabs.net, jic23@kernel.org, dave.jiang@intel.com,
alison.schofield@intel.com, vishal.l.verma@intel.com,
djbw@kernel.org, danwilliams@nvidia.com
Cc: iweiny@kernel.org, ming.li@zohomail.com, gourry@gourry.net,
rrichter@amd.com, linux-cxl@vger.kernel.org,
linux-kernel@vger.kernel.org, kees@kernel.org,
newtonl@nvidia.com, kristinc@nvidia.com, mochs@nvidia.com,
kaihengf@nvidia.com, kobak@nvidia.com,
Richard Cheng <icheng@nvidia.com>
Subject: [PATCH 0/3] cxl: Sashiko bug fixes
Date: Tue, 30 Jun 2026 15:46:54 +0800 [thread overview]
Message-ID: <20260630074657.43077-1-icheng@nvidia.com> (raw)
Three independent, pre-existing bugs in the CXL core, reported by sashiko.
Patch 1: Get/Set Feature stored offset + transfer-size into a 16-bit
field via cpu_to_le16() with no bounds check, so a large offset/count
from the fwctl interface silently wrapped and steered the device to the
wrong feature offset. Reject offset + size > U16_MAX up front.
Patch 2: cxl_get_poison_unmapped() aborted its whole partition sweep on
the first fully-mapped partition, silently skipping unmapped poison in
all later partitions. Skip that partition instead.
Patch 3: the same function tolerated the -EFAULT a RAM partition returns
for Get Poison List but left it in rc, so a benign fault on the last
scanned partition surfaced as a spurious read failure. Clear rc, as
poison_by_decoder() already does.
Richard Cheng (3):
cxl/features: Reject feature offset that overflows 16-bit field
cxl/region: Scan all partitions for unmapped poison
cxl/region: Don't leak tolerated RAM -EFAULT from unmapped poison scan
drivers/cxl/core/features.c | 6 ++++++
drivers/cxl/core/region.c | 6 ++++--
2 files changed, 10 insertions(+), 2 deletions(-)
base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
--
2.43.0
next reply other threads:[~2026-06-30 7:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-30 7:46 Richard Cheng [this message]
2026-06-30 7:46 ` [PATCH 1/3] cxl/features: Reject feature offset that overflows 16-bit field Richard Cheng
2026-06-30 8:14 ` sashiko-bot
2026-06-30 9:46 ` Richard Cheng
2026-06-30 15:54 ` Dave Jiang
2026-07-02 8:15 ` Richard Cheng
2026-07-06 16:52 ` Dave Jiang
2026-06-30 7:46 ` [PATCH 2/3] cxl/region: Scan all partitions for unmapped poison Richard Cheng
2026-06-30 15:56 ` Dave Jiang
2026-07-01 4:48 ` Alison Schofield
2026-06-30 7:46 ` [PATCH 3/3] cxl/region: Don't leak tolerated RAM -EFAULT from unmapped poison scan Richard Cheng
2026-06-30 10:00 ` sashiko-bot
2026-06-30 16:04 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260630074657.43077-1-icheng@nvidia.com \
--to=icheng@nvidia.com \
--cc=alison.schofield@intel.com \
--cc=danwilliams@nvidia.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=djbw@kernel.org \
--cc=gourry@gourry.net \
--cc=iweiny@kernel.org \
--cc=jic23@kernel.org \
--cc=kaihengf@nvidia.com \
--cc=kees@kernel.org \
--cc=kobak@nvidia.com \
--cc=kristinc@nvidia.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.li@zohomail.com \
--cc=mochs@nvidia.com \
--cc=newtonl@nvidia.com \
--cc=rrichter@amd.com \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.