From: sashiko-bot@kernel.org
To: "Richard Cheng" <icheng@nvidia.com>
Cc: linux-cxl@vger.kernel.org
Subject: Re: [PATCH 2/2] cxl/core/regs: Check return value of DVSEC register locator reads
Date: Sun, 07 Jun 2026 07:13:24 +0000 [thread overview]
Message-ID: <20260607071324.8EE021F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260607070241.48978-3-icheng@nvidia.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] The newly added early returns on `pci_read_config_dword()` failures leak intermediate register block state in the `map` output parameter. If a previous loop iteration successfully decoded a non-matching block, that state is retained and erroneously consumed by callers that ignore the return value.
--
commit 33d355daa1f588d8fa2e0001a3651a368f36be29
Author: Richard Cheng <icheng@nvidia.com>
cxl/core/regs: Check return value of DVSEC register locator reads
This commit checks the return value of pci_read_config_dword() when
reading the CXL Register Locator DVSEC. On failure, it converts the
PCIBIOS status to a negative errno to avoid decoding register block
addresses from garbage data.
> diff --git a/drivers/cxl/core/regs.c b/drivers/cxl/core/regs.c
> --- a/drivers/cxl/core/regs.c
> +++ b/drivers/cxl/core/regs.c
[ ... ]
> @@ -324,8 +326,12 @@ static int __cxl_find_regblock_instance(struct pci_dev *pdev, enum cxl_regloc_ty
> for (i = 0; i < regblocks; i++, regloc += 8) {
> u32 reg_lo, reg_hi;
>
> - pci_read_config_dword(pdev, regloc, ®_lo);
> - pci_read_config_dword(pdev, regloc + 4, ®_hi);
> + rc = pci_read_config_dword(pdev, regloc, ®_lo);
> + if (rc)
> + return pcibios_err_to_errno(rc);
[Severity: High]
Does this early return leave map->resource populated with stale data?
If a previous loop iteration successfully decoded a non-matching block
(such as CXL_REGLOC_RBI_MEMDEV), map->resource and map->reg_type will
be populated. If a subsequent config read fails, returning early bypasses
the map->resource = CXL_RESOURCE_NONE cleanup at the end of the function.
Callers like find_component_registers() in drivers/cxl/core/port.c ignore
the return value of cxl_find_regblock() and blindly consume map.resource.
Will this cause the caller to erroneously map the wrong registers (like
the memdev registers) as component registers?
> + rc = pci_read_config_dword(pdev, regloc + 4, ®_hi);
> + if (rc)
> + return pcibios_err_to_errno(rc);
>
> if (!cxl_decode_regblock(pdev, reg_lo, reg_hi, map))
> continue;
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260607070241.48978-1-icheng@nvidia.com?part=2
prev parent reply other threads:[~2026-06-07 7:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-07 7:02 [PATCH 0/2] cxl: Convert remaining PCIBIOS errors to errno Richard Cheng
2026-06-07 7:02 ` [PATCH 1/2] cxl: Convert PCIBIOS errors to errno on remaining DVSEC/PCIe accesses Richard Cheng
2026-06-07 7:13 ` sashiko-bot
2026-06-07 7:02 ` [PATCH 2/2] cxl/core/regs: Check return value of DVSEC register locator reads Richard Cheng
2026-06-07 7:13 ` sashiko-bot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260607071324.8EE021F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=icheng@nvidia.com \
--cc=linux-cxl@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox