Re: [CXL] There is BUG: slab-out-of-bounds in cxl_setup_parent_dport in v6.10

public inbox for linux-cxl@vger.kernel.org
 help / color / mirror / Atom feed

From: Pengfei Xu <pengfei.xu@intel.com>
To: "Li, Ming4" <ming4.li@intel.com>
Cc: <rrichter@amd.com>, <linux-cxl@vger.kernel.org>,
	<dave.jiang@intel.com>, <Jonathan.Cameron@huawei.com>,
	<dan.j.williams@intel.com>
Subject: Re: [CXL] There is BUG: slab-out-of-bounds in cxl_setup_parent_dport in v6.10
Date: Tue, 6 Aug 2024 15:38:46 +0800	[thread overview]
Message-ID: <ZrHTBp2O+HtUe6kt@xpf.sh.intel.com> (raw)
In-Reply-To: <7d1a47c8-4de5-44a9-b992-7f86d76366eb@intel.com>

Hi Ming,

On 2024-08-06 at 13:19:13 +0800, Li, Ming4 wrote:
> On 8/6/2024 10:07 AM, Pengfei Xu wrote:
> > Hi Robert Richter and CXL experts,
> >
> > There is BUG: slab-out-of-bounds in cxl_setup_parent_dport in v6.10 when
> > boot up CXL qemu environment.
> >
> > It's a kernel tools/testing/cxl testing in qemu simulated CXL environment.
> >
> > Related kconfig and dmesg are in attached of link:
> > https://bugzilla.kernel.org/show_bug.cgi?id=219127
> >
> > It seems to be related to commit:
> > f05fd10d138d cxl/pci: Add RCH downstream port AER register discovery
> >
> > KASAN and CXL kconfig could trigger this problem:
> > "
> > CONFIG_KASAN=y
> > CONFIG_KASAN_GENERIC=y
> > CONFIG_KASAN_INLINE=y
> > CONFIG_KASAN_STACK=y
> >
> > CONFIG_CXL_BUS=m
> > CONFIG_CXL_PCI=m
> > CONFIG_CXL_MEM_RAW_COMMANDS=y
> > CONFIG_CXL_ACPI=m
> > CONFIG_CXL_PMEM=m
> > CONFIG_CXL_MEM=m
> > CONFIG_CXL_PORT=y
> > CONFIG_CXL_SUSPEND=y
> > CONFIG_CXL_REGION_INVALIDATION_TEST=y
> > CONFIG_NVDIMM_SECURITY_TEST=y
> > "
> >
> > Dmesg info:
> > "
> > [   24.413405] ==================================================================
> > [   24.416332] BUG: KASAN: slab-out-of-bounds in cxl_setup_parent_dport+0x480/0x530 [cxl_core]
> > [   24.419291] Read of size 1 at addr ff110000676014f8 by task (udev-worker)/676[   24.424403] CPU: 2 PID: 676 Comm: (udev-worker) Tainted: G           O     N 6.10.0-qemucxl #1
> > [   24.427232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20240214-2.el9 02/14/2024
> > [   24.430089] Call Trace:
> > [   24.432534]  <TASK>
> > [   24.434891]  dump_stack_lvl+0xea/0x150
> > [   24.438131]  print_report+0xce/0x610
> > [   24.440498]  ? cxl_setup_parent_dport+0x480/0x530 [cxl_core]
> > [   24.443129]  ? kasan_complete_mode_report_info+0x40/0x200
> > [   24.445602]  ? cxl_setup_parent_dport+0x480/0x530 [cxl_core]
> > [   24.448221]  kasan_report+0xcc/0x110
> > [   24.450527]  ? cxl_setup_parent_dport+0x480/0x530 [cxl_core]
> > [   24.453140]  __asan_report_load1_noabort+0x18/0x20
> > [   24.455455]  cxl_setup_parent_dport+0x480/0x530 [cxl_core]
> > [   24.457986]  cxl_mem_probe+0x49b/0xaa0 [cxl_mem]
> > [   24.460285]  ? __pfx_cxl_mem_probe+0x10/0x10 [cxl_mem]
> > [   24.462592]  ? sysfs_create_link+0x75/0xd0
> > [   24.464775]  cxl_bus_probe+0x5e/0xc0 [cxl_core]
> > [   24.467153]  ? __pfx_cxl_bus_probe+0x10/0x10 [cxl_core]
> > [   24.469632]  really_probe+0x27c/0xac0
> > [   24.471750]  ? __sanitizer_cov_trace_const_cmp1+0x1e/0x30
> > [   24.474087]  __driver_probe_device+0x1f3/0x460
> >
> Hi Pengfei,
> 
> I can reproduce it on my environment with your configuration. I confirm the bug is the same as the bug I hit recently, I have sent out a patch for review, the link is https://lore.kernel.org/linux-cxl/20240806041547.1958787-1-ming4.li@intel.com/T/#u
> 
> the root cause is that cxl-test module creates an RCH topology, and using platform_device to create RCH downstream port in the RCH topology. There is a wrong pci_host_bridge got from to_pci_host_bridge(dport->dport_dev) in cxl_setup_parent_dport().
> 

Thanks for your patch, I verified that this issue was fixed by your patch
based on v6.10.

Fixed dmesg is attached in link: https://bugzilla.kernel.org/show_bug.cgi?id=219127

Thanks!

     prev parent reply	other threads:[~2024-08-06  7:37 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-06  2:07 [CXL] There is BUG: slab-out-of-bounds in cxl_setup_parent_dport in v6.10 Pengfei Xu
2024-08-06  5:19 ` Li, Ming4
2024-08-06  7:38   ` Pengfei Xu [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZrHTBp2O+HtUe6kt@xpf.sh.intel.com \
    --to=pengfei.xu@intel.com \
    --cc=Jonathan.Cameron@huawei.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=linux-cxl@vger.kernel.org \
    --cc=ming4.li@intel.com \
    --cc=rrichter@amd.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox