From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: <linux-cxl@vger.kernel.org>, <linuxarm@huawei.com>
Cc: Dan Williams <dan.j.williams@intel.com>,
<vishal.l.verma@intel.com>, <ira.weiny@intel.com>,
Ben Widawsky <bwidawsk@kernel.org>
Subject: [PATCH 2/2] cxl/pmem: Fix failure to account for 8 byte header for writes to the device LSA.
Date: Mon, 15 Aug 2022 16:40:44 +0100 [thread overview]
Message-ID: <20220815154044.24733-3-Jonathan.Cameron@huawei.com> (raw)
In-Reply-To: <20220815154044.24733-1-Jonathan.Cameron@huawei.com>
Writes to the device must include an offset and size as defined in
CXL 2.0 8.2.9.5.2.4 Set LSA (Opcode 4103h)
Fixes tag is non obvious as this code has been through several
reworks and variable names + wasn't in use until the addition
of the region code.
Due to a bug in QEMU CXL emulation this overrun resulted in QEMU
crashing.
Reported-by: Bobo WL <lmw.bobo@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
---
drivers/cxl/pmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c
index 7dc0a2fa1a6b..115a7b79f343 100644
--- a/drivers/cxl/pmem.c
+++ b/drivers/cxl/pmem.c
@@ -107,7 +107,7 @@ static int cxl_pmem_get_config_size(struct cxl_dev_state *cxlds,
*cmd = (struct nd_cmd_get_config_size) {
.config_size = cxlds->lsa_size,
- .max_xfer = cxlds->payload_size,
+ .max_xfer = cxlds->payload_size - sizeof(struct cxl_mbox_set_lsa),
};
return 0;
--
2.32.0
next prev parent reply other threads:[~2022-08-15 15:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 15:40 [PATCH 0/2] cxl: Fix oversized LSA write payload due to header Jonathan Cameron
2022-08-15 15:40 ` [PATCH 1/2] cxl/mbox: Add a check on input payload size Jonathan Cameron
2022-08-15 15:40 ` Jonathan Cameron [this message]
2022-08-15 21:55 ` [PATCH 2/2] cxl/pmem: Fix failure to account for 8 byte header for writes to the device LSA Dan Williams
2022-08-17 11:29 ` Jonathan Cameron
2022-10-10 15:31 ` Jonathan Cameron
2022-10-21 23:31 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220815154044.24733-3-Jonathan.Cameron@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=bwidawsk@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox