| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aWTkFpaR_T4eVSsp@rric.localdomain>
Date: Mon, 12 Jan 2026 13:07:50 +0100
From: Robert Richter <rrichter@....com>
To: Alison Schofield <alison.schofield@...el.com>
Cc: Davidlohr Bueso <dave@...olabs.net>,
Jonathan Cameron <jonathan.cameron@...wei.com>,
Dave Jiang <dave.jiang@...el.com>,
Vishal Verma <vishal.l.verma@...el.com>,
Ira Weiny <ira.weiny@...el.com>,
Dan Williams <dan.j.williams@...el.com>, linux-cxl@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] cxl: Check for invalid addresses returned from
translation functions on errors
On Thu, Jan 08, 2026 at 10:07:06AM -0800, Alison Schofield wrote:
> On Wed, Jan 07, 2026 at 01:03:00PM +0100, Robert Richter wrote:
> > On 06.01.26 10:42:36, Alison Schofield wrote:
> > > On Tue, Jan 06, 2026 at 06:23:58PM +0100, Robert Richter wrote:
> >
> > > > @@ -3207,8 +3220,13 @@ static int region_offset_to_dpa_result(struct cxl_region *cxlr, u64 offset,
> > > > cxled = p->targets[i];
> > > > if (cxled->pos != pos)
> > > > continue;
> > > > +
> > > > + dpa = cxl_dpa_resource_start(cxled);
> > >
> > > We want to return -ENXIO, not 0 in this case.
> > > So jump out here immediately - right?
> > >
> > > if (dpa == REsOURCE_SIZE_MAX)
> > > return -ENXIO;
> >
> > The users of region_offset_to_dpa_result() handle the
> > RESOURCE_SIZE_MAX case. For that reason the dpa is not checked here.
> > I did not want to change the function interface with that fix.
>
> region_offset_to_dpa_result() intends to return an rc when it knows
> it would return a bad result. This is that case. With this proposed
> change, we avoid adding to a RESOURCE_SIZE_MAX, which is defensive,
> but isn't quitting immediately correct? These fixups are all about
> stopping when any ingredient to the calc looks bad. It looks bad,
> let's stop right away.
>
> Seeing that the callsites do this:
>
> rc = region_offset_to_dpa_result(cxlr, offset, &result);
> if (rc || !result.cxlmd || result.dpa == ULLONG_MAX) {
> ...this failed
>
> shows that they do some defensive programming and don't rely only
> on the rc. But the inverse does not seem right - relying on that.
The logic here says that it is not an error to have result.dpa ==
ULLONG_MAX, e.g. you still could take result.cxlmd.
>
> Staring at it more, I guess you could refactor the function to be
> a void and get rid of the rc entirely.
>
> Is that the real simplification needed here?
This patch aims to only fix the use of bad address values. No rework
at all.
-Robert
>
> -- Alison
>
> >
> > Thanks for review.
> >
> > -Robert
> >
> > >
> > >
> > > > + if (dpa != RESOURCE_SIZE_MAX)
> > > > + dpa += dpa_offset;
> > > > +
> > > > result->cxlmd = cxled_to_memdev(cxled);
> > > > - result->dpa = cxl_dpa_resource_start(cxled) + dpa_offset;
> > > > + result->dpa = dpa;
> > > >
> > > > return 0;
> > > > }
Powered by blists - more mailing lists