From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CF20C636D4 for ; Fri, 17 Feb 2023 10:02:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229811AbjBQKCD (ORCPT ); Fri, 17 Feb 2023 05:02:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229804AbjBQKB7 (ORCPT ); Fri, 17 Feb 2023 05:01:59 -0500 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED216627D1; Fri, 17 Feb 2023 02:01:57 -0800 (PST) Received: from lhrpeml500005.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4PJ6g04zMVz687Rd; Fri, 17 Feb 2023 17:57:16 +0800 (CST) Received: from localhost (10.202.227.76) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.17; Fri, 17 Feb 2023 10:01:54 +0000 Date: Fri, 17 Feb 2023 10:01:56 +0000 From: Jonathan Cameron To: Lukas Wunner CC: Bjorn Helgaas , , Gregory Price , Ira Weiny , Dan Williams , "Alison Schofield" , Vishal Verma , Dave Jiang , "Li, Ming" , Hillf Danton , Ben Widawsky , , Subject: Re: [PATCH v3 04/16] cxl/pci: Handle excessive CDAT length Message-ID: <20230217100156.000039b9@Huawei.com> In-Reply-To: <20230216102616.GA13347@wunner.de> References: <4834ceab1c3e00d3ec957e6c8beb13ddaa9877a2.1676043318.git.lukas@wunner.de> <20230214113311.00000825@Huawei.com> <20230216102616.GA13347@wunner.de> Organization: Huawei Technologies Research and Development (UK) Ltd. X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.227.76] X-ClientProxiedBy: lhrpeml500006.china.huawei.com (7.191.161.198) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org On Thu, 16 Feb 2023 11:26:16 +0100 Lukas Wunner wrote: > On Tue, Feb 14, 2023 at 11:33:11AM +0000, Jonathan Cameron wrote: > > On Fri, 10 Feb 2023 21:25:04 +0100 Lukas Wunner wrote: > > > If the length in the CDAT header is larger than the concatenation of the > > > header and all table entries, then the CDAT exposed to user space > > > contains trailing null bytes. > > > > > > Not every consumer may be able to handle that. Per Postel's robustness > > > principle, "be liberal in what you accept" and silently reduce the > > > cached length to avoid exposing those null bytes. > [...] > > Fair enough. I'd argue that we are papering over broken hardware if > > we hit these conditions, so given we aren't aware of any (I hope) > > not sure this is stable material. Argument in favor of stable being > > that if we do get broken hardware we don't want an ABI change when > > we paper over the garbage... hmm. > > Type 0 is assigned for DSMAS structures. So user space might believe > there's an additional DSMAS in the CDAT. It *could* detect that the > length is bogus (it is 0 but should be 24), but what if it doesn't > check that? It seems way too dangerous to leave this loophole open, > hence the stable designation. Ok > > Thanks, > > Lukas > > > > --- a/drivers/cxl/core/pci.c > > > +++ b/drivers/cxl/core/pci.c > > > @@ -582,6 +582,9 @@ static int cxl_cdat_read_table(struct device *dev, > > > } > > > } while (entry_handle != CXL_DOE_TABLE_ACCESS_LAST_ENTRY); > > > > > > + /* Length in CDAT header may exceed concatenation of CDAT entries */ > > > + cdat->length -= length; > > > + > > > return 0; > > > } > > >