[1/4] cxl/type3: Fix crash in set_cacheline()

Message ID	20230908073152.4386-2-dave@stgolabs.net
State	New, archived
Headers	show Return-Path: <linux-cxl-owner@vger.kernel.org> sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 26EFC360E9B; Fri, 8 Sep 2023 07:31:59 +0000 (UTC) sender: dave@stgolabs.net) by pdx1-sub0-mail-a204.dreamhost.com (Postfix) with ESMTPSA id 4Rhnqf2wxYzM9; Fri, 8 Sep 2023 00:31:58 -0700 (PDT) From: Davidlohr Bueso <dave@stgolabs.net> To: Jonathan.Cameron@huawei.com Cc: fan.ni@samsung.com, dan.j.williams@intel.com, alison.schofield@intel.com, ayush.m55@samsung.com, a.manzanares@samsung.com, dave@stgolabs.net, linux-cxl@vger.kernel.org Subject: [PATCH 1/4] cxl/type3: Fix crash in set_cacheline() Date: Fri, 8 Sep 2023 00:31:49 -0700 Message-ID: <20230908073152.4386-2-dave@stgolabs.net> In-Reply-To: <20230908073152.4386-1-dave@stgolabs.net> References: <20230908073152.4386-1-dave@stgolabs.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	hw/cxl: Support for scan media \| expand [-qemu,0/4] hw/cxl: Support for scan media [1/4] cxl/type3: Fix crash in set_cacheline() [2/4] hw/cxl: Add get scan media capabilities cmd support [3/4] hw/cxl: Add scan media cmd support [4/4] hw/cxl: Add get scan media results cmd support

Message ID

20230908073152.4386-2-dave@stgolabs.net

State

New, archived

Headers

From: Davidlohr Bueso <dave@stgolabs.net>
To: Jonathan.Cameron@huawei.com
Cc: fan.ni@samsung.com, dan.j.williams@intel.com,
        alison.schofield@intel.com, ayush.m55@samsung.com,
        a.manzanares@samsung.com, dave@stgolabs.net,
        linux-cxl@vger.kernel.org
Subject: [PATCH 1/4] cxl/type3: Fix crash in set_cacheline()
Date: Fri,  8 Sep 2023 00:31:49 -0700
Message-ID: <20230908073152.4386-2-dave@stgolabs.net>
In-Reply-To: <20230908073152.4386-1-dave@stgolabs.net>
References: <20230908073152.4386-1-dave@stgolabs.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

hw/cxl: Support for scan media | expand

Use the correct vmr_size, otherwise a clear poison operation, for example, can crash the emulator. Signed-off-by: Davidlohr Bueso <dave@stgolabs.net> --- hw/mem/cxl_type3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Fan Ni Sept. 8, 2023, 6:37 p.m. UTC | #1

On Fri, Sep 08, 2023 at 12:31:49AM -0700, Davidlohr Bueso wrote:
> Use the correct vmr_size, otherwise a clear poison operation, for
> example, can crash the emulator.
>
> Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
> ---
>  hw/mem/cxl_type3.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
> index fd9d134d468f..b90a7397d62f 100644
> --- a/hw/mem/cxl_type3.c
> +++ b/hw/mem/cxl_type3.c
> @@ -1417,7 +1417,7 @@ static bool set_cacheline(CXLType3Dev *ct3d, uint64_t dpa_offset, uint8_t *data)
>          as = &ct3d->hostvmem_as;
>      } else if (dpa_offset < vmr_size + pmr_size) {
>          as = &ct3d->hostpmem_as;
> -        dpa_offset -= vmr->size;
> +        dpa_offset -= vmr_size;

Good catch. It is a typo from my DCD patch, not upstreamed yet.

Fan
>      } else {
>          as = &ct3d->dc.host_dc_as;
>          dpa_offset -= (vmr_size + pmr_size);
> --
> 2.42.0
>

Jonathan Cameron Sept. 12, 2023, 10:59 a.m. UTC | #2

On Fri, 8 Sep 2023 11:37:31 -0700
Fan Ni <fan.ni@gmx.us> wrote:

> On Fri, Sep 08, 2023 at 12:31:49AM -0700, Davidlohr Bueso wrote:
> > Use the correct vmr_size, otherwise a clear poison operation, for
> > example, can crash the emulator.
> >
> > Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
> > ---
> >  hw/mem/cxl_type3.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
> > index fd9d134d468f..b90a7397d62f 100644
> > --- a/hw/mem/cxl_type3.c
> > +++ b/hw/mem/cxl_type3.c
> > @@ -1417,7 +1417,7 @@ static bool set_cacheline(CXLType3Dev *ct3d, uint64_t dpa_offset, uint8_t *data)
> >          as = &ct3d->hostvmem_as;
> >      } else if (dpa_offset < vmr_size + pmr_size) {
> >          as = &ct3d->hostpmem_as;
> > -        dpa_offset -= vmr->size;
> > +        dpa_offset -= vmr_size;  
> 
> Good catch. It is a typo from my DCD patch, not upstreamed yet.
In meantime I squish this into the version of your series I'm carrying and
push out a new tree later today.

Thanks,

Jonathan

> 
> Fan
> >      } else {
> >          as = &ct3d->dc.host_dc_as;
> >          dpa_offset -= (vmr_size + pmr_size);
> > --
> > 2.42.0
> >

diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index fd9d134d468f..b90a7397d62f 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -1417,7 +1417,7 @@  static bool set_cacheline(CXLType3Dev *ct3d, uint64_t dpa_offset, uint8_t *data)
         as = &ct3d->hostvmem_as;
     } else if (dpa_offset < vmr_size + pmr_size) {
         as = &ct3d->hostpmem_as;
-        dpa_offset -= vmr->size;
+        dpa_offset -= vmr_size;
     } else {
         as = &ct3d->dc.host_dc_as;
         dpa_offset -= (vmr_size + pmr_size);

[1/4] cxl/type3: Fix crash in set_cacheline()

Commit Message

Comments

Patch