From: Alison Schofield <alison.schofield@intel.com>
To: Robert Richter <rrichter@amd.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>,
Jonathan Cameron <jonathan.cameron@huawei.com>,
Dave Jiang <dave.jiang@intel.com>,
"Vishal Verma" <vishal.l.verma@intel.com>,
Ira Weiny <ira.weiny@intel.com>,
"Dan Williams" <dan.j.williams@intel.com>,
<linux-cxl@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] cxl: Check for invalid addresses returned from translation functions on errors
Date: Thu, 8 Jan 2026 10:07:06 -0800 [thread overview]
Message-ID: <aV_ySgCVvEjLoxZ2@aschofie-mobl2.lan> (raw)
In-Reply-To: <aV5LdGD8lQm7AYK3@rric.localdomain>
On Wed, Jan 07, 2026 at 01:03:00PM +0100, Robert Richter wrote:
> On 06.01.26 10:42:36, Alison Schofield wrote:
> > On Tue, Jan 06, 2026 at 06:23:58PM +0100, Robert Richter wrote:
>
> > > @@ -3207,8 +3220,13 @@ static int region_offset_to_dpa_result(struct cxl_region *cxlr, u64 offset,
> > > cxled = p->targets[i];
> > > if (cxled->pos != pos)
> > > continue;
> > > +
> > > + dpa = cxl_dpa_resource_start(cxled);
> >
> > We want to return -ENXIO, not 0 in this case.
> > So jump out here immediately - right?
> >
> > if (dpa == REsOURCE_SIZE_MAX)
> > return -ENXIO;
>
> The users of region_offset_to_dpa_result() handle the
> RESOURCE_SIZE_MAX case. For that reason the dpa is not checked here.
> I did not want to change the function interface with that fix.
region_offset_to_dpa_result() intends to return an rc when it knows
it would return a bad result. This is that case. With this proposed
change, we avoid adding to a RESOURCE_SIZE_MAX, which is defensive,
but isn't quitting immediately correct? These fixups are all about
stopping when any ingredient to the calc looks bad. It looks bad,
let's stop right away.
Seeing that the callsites do this:
rc = region_offset_to_dpa_result(cxlr, offset, &result);
if (rc || !result.cxlmd || result.dpa == ULLONG_MAX) {
...this failed
shows that they do some defensive programming and don't rely only
on the rc. But the inverse does not seem right - relying on that.
Staring at it more, I guess you could refactor the function to be
a void and get rid of the rc entirely.
Is that the real simplification needed here?
-- Alison
>
> Thanks for review.
>
> -Robert
>
> >
> >
> > > + if (dpa != RESOURCE_SIZE_MAX)
> > > + dpa += dpa_offset;
> > > +
> > > result->cxlmd = cxled_to_memdev(cxled);
> > > - result->dpa = cxl_dpa_resource_start(cxled) + dpa_offset;
> > > + result->dpa = dpa;
> > >
> > > return 0;
> > > }
next prev parent reply other threads:[~2026-01-08 18:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 17:23 [PATCH v2] cxl: Check for invalid addresses returned from translation functions on errors Robert Richter
2026-01-06 17:45 ` Dave Jiang
2026-01-06 18:42 ` Alison Schofield
2026-01-07 12:03 ` Robert Richter
2026-01-08 18:07 ` Alison Schofield [this message]
2026-01-12 12:07 ` Robert Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aV_ySgCVvEjLoxZ2@aschofie-mobl2.lan \
--to=alison.schofield@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=jonathan.cameron@huawei.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rrichter@amd.com \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox