From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: Gregory Price <gourry.memverge@gmail.com>
Cc: <qemu-devel@nongnu.org>, <linux-cxl@vger.kernel.org>,
<alison.schofield@intel.com>, <dave@stgolabs.net>,
<a.manzanares@samsung.com>, <bwidawsk@kernel.org>,
<gregory.price@memverge.com>, <mst@redhat.com>,
<hchkuo@avery-design.com.tw>, <cbrowy@avery-design.com>,
<ira.weiny@intel.com>
Subject: Re: [PATCH 4/5] hw/mem/cxl_type3: Change the CDAT allocation/free strategy
Date: Thu, 13 Oct 2022 11:45:40 +0100 [thread overview]
Message-ID: <20221013114540.00006027@huawei.com> (raw)
In-Reply-To: <20221012182120.174142-5-gregory.price@memverge.com>
On Wed, 12 Oct 2022 14:21:19 -0400
Gregory Price <gourry.memverge@gmail.com> wrote:
> The existing code allocates a subtable for SLBIS entries, uses a
> local variable to avoid a g_autofree footgun, and the cleanup code
> causes heap corruption.
Ah good point (particularly given I moaned about how you were handling
the frees and still failed to notice the current code was broken!)
>
> Rather than allocate a table, explicitly allocate each individual entry
> and make the sub-table size static.
>
> Signed-off-by: Gregory Price <gregory.price@memverge.com>
I'll integrate a change in the spirit of what you have here, but
without aggregating the error handling paths.
> ---
> hw/mem/cxl_type3.c | 49 ++++++++++++++++++++++++----------------------
> 1 file changed, 26 insertions(+), 23 deletions(-)
>
> diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
> index 0e0ea70387..220b9f09a9 100644
> --- a/hw/mem/cxl_type3.c
> +++ b/hw/mem/cxl_type3.c
> @@ -23,13 +23,14 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
> void *priv)
> {
> g_autofree CDATDsmas *dsmas_nonvolatile = NULL;
> - g_autofree CDATDslbis *dslbis_nonvolatile = NULL;
> + g_autofree CDATDslbis *dslbis_nonvolatile1 = NULL;
> + g_autofree CDATDslbis *dslbis_nonvolatile2 = NULL;
> + g_autofree CDATDslbis *dslbis_nonvolatile3 = NULL;
> + g_autofree CDATDslbis *dslbis_nonvolatile4 = NULL;
> g_autofree CDATDsemts *dsemts_nonvolatile = NULL;
> CXLType3Dev *ct3d = priv;
> - int i = 0;
> int next_dsmad_handle = 0;
> int nonvolatile_dsmad = -1;
> - int dslbis_nonvolatile_num = 4;
> MemoryRegion *mr;
>
> if (!ct3d->hostmem) {
> @@ -48,10 +49,15 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
>
> /* Non volatile aspects */
> dsmas_nonvolatile = g_malloc(sizeof(*dsmas_nonvolatile));
> - dslbis_nonvolatile =
> - g_malloc(sizeof(*dslbis_nonvolatile) * dslbis_nonvolatile_num);
> + dslbis_nonvolatile1 = g_malloc(sizeof(*dslbis_nonvolatile1));
> + dslbis_nonvolatile2 = g_malloc(sizeof(*dslbis_nonvolatile2));
> + dslbis_nonvolatile3 = g_malloc(sizeof(*dslbis_nonvolatile3));
> + dslbis_nonvolatile4 = g_malloc(sizeof(*dslbis_nonvolatile4));
> dsemts_nonvolatile = g_malloc(sizeof(*dsemts_nonvolatile));
> - if (!dsmas_nonvolatile || !dslbis_nonvolatile || !dsemts_nonvolatile) {
> +
> + if (!dsmas_nonvolatile || !dsemts_nonvolatile ||
> + !dslbis_nonvolatile1 || !dslbis_nonvolatile2 ||
> + !dslbis_nonvolatile3 || !dslbis_nonvolatile4) {
> g_free(*cdat_table);
> *cdat_table = NULL;
> return -ENOMEM;
> @@ -70,10 +76,10 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
> };
>
> /* For now, no memory side cache, plausiblish numbers */
> - dslbis_nonvolatile[0] = (CDATDslbis) {
> + *dslbis_nonvolatile1 = (CDATDslbis) {
> .header = {
> .type = CDAT_TYPE_DSLBIS,
> - .length = sizeof(*dslbis_nonvolatile),
> + .length = sizeof(*dslbis_nonvolatile1),
> },
> .handle = nonvolatile_dsmad,
> .flags = HMAT_LB_MEM_MEMORY,
> @@ -82,10 +88,10 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
> .entry[0] = 15, /* 150ns */
> };
>
> - dslbis_nonvolatile[1] = (CDATDslbis) {
> + *dslbis_nonvolatile2 = (CDATDslbis) {
> .header = {
> .type = CDAT_TYPE_DSLBIS,
> - .length = sizeof(*dslbis_nonvolatile),
> + .length = sizeof(*dslbis_nonvolatile2),
> },
> .handle = nonvolatile_dsmad,
> .flags = HMAT_LB_MEM_MEMORY,
> @@ -94,10 +100,10 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
> .entry[0] = 25, /* 250ns */
> };
>
> - dslbis_nonvolatile[2] = (CDATDslbis) {
> + *dslbis_nonvolatile3 = (CDATDslbis) {
> .header = {
> .type = CDAT_TYPE_DSLBIS,
> - .length = sizeof(*dslbis_nonvolatile),
> + .length = sizeof(*dslbis_nonvolatile3),
> },
> .handle = nonvolatile_dsmad,
> .flags = HMAT_LB_MEM_MEMORY,
> @@ -106,10 +112,10 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
> .entry[0] = 16,
> };
>
> - dslbis_nonvolatile[3] = (CDATDslbis) {
> + *dslbis_nonvolatile4 = (CDATDslbis) {
> .header = {
> .type = CDAT_TYPE_DSLBIS,
> - .length = sizeof(*dslbis_nonvolatile),
> + .length = sizeof(*dslbis_nonvolatile4),
> },
> .handle = nonvolatile_dsmad,
> .flags = HMAT_LB_MEM_MEMORY,
> @@ -131,15 +137,12 @@ static int ct3_build_cdat_table(CDATSubHeader ***cdat_table,
> };
>
> /* Header always at start of structure */
> - (*cdat_table)[i++] = g_steal_pointer(&dsmas_nonvolatile);
> -
> - CDATDslbis *dslbis = g_steal_pointer(&dslbis_nonvolatile);
> - int j;
> - for (j = 0; j < dslbis_nonvolatile_num; j++) {
> - (*cdat_table)[i++] = (CDATSubHeader *)&dslbis[j];
> - }
> -
> - (*cdat_table)[i++] = g_steal_pointer(&dsemts_nonvolatile);
> + (*cdat_table)[0] = g_steal_pointer(&dsmas_nonvolatile);
> + (*cdat_table)[1] = (CDATSubHeader *)g_steal_pointer(&dslbis_nonvolatile1);
> + (*cdat_table)[2] = (CDATSubHeader *)g_steal_pointer(&dslbis_nonvolatile2);
> + (*cdat_table)[3] = (CDATSubHeader *)g_steal_pointer(&dslbis_nonvolatile3);
> + (*cdat_table)[4] = (CDATSubHeader *)g_steal_pointer(&dslbis_nonvolatile4);
> + (*cdat_table)[5] = g_steal_pointer(&dsemts_nonvolatile);
Moving to simple indexing makes sense now they are all in one place (making
introducing a bug much less likely!)
I've introduced an enum so that we have an automatic agreement between
number of elements and these assignments.
>
> return CT3_CDAT_SUBTABLE_SIZE;
> }
next prev parent reply other threads:[~2022-10-13 10:45 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-07 15:21 [PATCH v7 0/5] QEMU PCIe DOE for PCIe 4.0/5.0 and CXL 2.0 Jonathan Cameron
2022-10-07 15:21 ` [PATCH v7 1/5] hw/pci: PCIe Data Object Exchange emulation Jonathan Cameron
2022-10-07 15:21 ` [PATCH v7 2/5] hw/mem/cxl-type3: Add MSIX support Jonathan Cameron
2022-10-07 15:21 ` [PATCH v7 3/5] hw/cxl/cdat: CXL CDAT Data Object Exchange implementation Jonathan Cameron
2022-10-13 11:04 ` Jonathan Cameron
2022-10-07 15:21 ` [PATCH v7 4/5] hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange Jonathan Cameron
2022-10-12 16:01 ` Gregory Price
2022-10-13 10:40 ` Jonathan Cameron
2022-10-13 10:56 ` Jonathan Cameron
2022-10-12 18:21 ` Gregory Price
2022-10-12 18:21 ` [PATCH 1/5] hw/mem/cxl_type3: fix checkpatch errors Gregory Price
2022-10-12 18:21 ` [PATCH 2/5] hw/mem/cxl_type3: Pull validation checks ahead of functional code Gregory Price
2022-10-13 9:07 ` Jonathan Cameron
2022-10-13 10:42 ` Jonathan Cameron
2022-10-12 18:21 ` [PATCH 3/5] hw/mem/cxl_type3: CDAT pre-allocate and check resources prior to work Gregory Price
2022-10-13 10:44 ` Jonathan Cameron
2022-10-12 18:21 ` [PATCH 4/5] hw/mem/cxl_type3: Change the CDAT allocation/free strategy Gregory Price
2022-10-13 10:45 ` Jonathan Cameron [this message]
2022-10-12 18:21 ` [PATCH 5/5] hw/mem/cxl_type3: Refactor CDAT sub-table entry initialization into a function Gregory Price
2022-10-13 10:47 ` Jonathan Cameron
2022-10-13 19:40 ` Gregory Price
2022-10-14 15:29 ` Jonathan Cameron
2022-10-13 8:57 ` [PATCH v7 4/5] hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange Jonathan Cameron
[not found] ` <CAD3UvdRYH2NVck-kLYLQcBym-5TY0WXWj7vCzcRi5yEuVfgzcQ@mail.gmail.com>
2022-10-13 11:53 ` Jonathan Cameron
2022-10-13 12:35 ` Gregory Price
2022-10-13 14:40 ` Jonathan Cameron
2022-10-07 15:21 ` [PATCH v7 5/5] hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE Jonathan Cameron
2022-10-10 10:30 ` [PATCH v7 0/5] QEMU PCIe DOE for PCIe 4.0/5.0 and CXL 2.0 Jonathan Cameron
2022-10-11 21:19 ` [PATCH 0/5] Multi-Region and Volatile Memory support for CXL Type-3 Devices Gregory Price
2022-10-11 21:19 ` [PATCH 1/5] hw/cxl: set cxl-type3 device type to PCI_CLASS_MEMORY_CXL Gregory Price
2022-10-11 21:19 ` [PATCH 2/5] hw/cxl: Add CXL_CAPACITY_MULTIPLIER definition Gregory Price
2022-10-11 21:19 ` [PATCH 3/5] hw/mem/cxl_type: Generalize CDATDsmas initialization for Memory Regions Gregory Price
2022-10-12 14:10 ` Jonathan Cameron
2022-10-11 21:19 ` [PATCH 4/5] hw/cxl: Multi-Region CXL Type-3 Devices (Volatile and Persistent) Gregory Price
2022-10-11 21:19 ` [PATCH 5/5] cxl: update tests and documentation for new cxl properties Gregory Price
2022-10-11 22:20 ` [PATCH 0/5] Multi-Region and Volatile Memory support for CXL Type-3 Devices Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221013114540.00006027@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=a.manzanares@samsung.com \
--cc=alison.schofield@intel.com \
--cc=bwidawsk@kernel.org \
--cc=cbrowy@avery-design.com \
--cc=dave@stgolabs.net \
--cc=gourry.memverge@gmail.com \
--cc=gregory.price@memverge.com \
--cc=hchkuo@avery-design.com.tw \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox