lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aXkq2DvEOeYQSVuN@aschofie-mobl2.lan>
Date: Tue, 27 Jan 2026 13:15:04 -0800
From: Alison Schofield <alison.schofield@...el.com>
To: Yuxiong Wang <yuxiong.wang@...ux.alibaba.com>
CC: <dave@...olabs.net>, <jonathan.cameron@...wei.com>,
	<dave.jiang@...el.com>, <vishal.l.verma@...el.com>, <ira.weiny@...el.com>,
	<dan.j.williams@...el.com>, <ming.li@...omail.com>, <rrichter@....com>,
	<linux-cxl@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Huang Ying
	<ying.huang@...ux.alibaba.com>
Subject: Re: [RFC PATCH] cxl: Fix premature commit_end increment on decoder
 commit failure

On Tue, Jan 27, 2026 at 04:48:55PM +0800, Yuxiong Wang wrote:
> In cxl_decoder_commit(), commit_end is incremented before verifying whether the
> commit succeeded, and the CXL_DECODER_F_ENABLE bit in cxld->flags is only set
> after a successful commit. As a result, if the commit fails, commit_end has been
> incremented and cxld->reset() has no effect since the flag is not set, so commit_end
> remains incorrectly incremented. The inconsistency between commit_end and
> CXL_DECODER_F_ENABLE causes failure during subsequent either commit or reset
> operations.
> 
> Fix this by incrementing commit_end only after confirming the commit succeeded.
> Since cxld_await_commit() clears the decoder commit bit on failure, no additional
> reset is required. Remove the ineffective cxld->reset() call in this case.


Why are the writel()'s that cxld->reset() intended to do not really
needed? Is only the twiddle of the COMMIT bit needed for a reset or
do we need to 0 the size and base offsets we previously wrote?

How did you find this?  Maybe we can add test case to cxl unit tests.

Thanks,
Alison


> 
> Fixes: 176baef ("cxl/hdm: Commit decoder state to hardware")
> Signed-off-by: Yuxiong Wang <yuxiong.wang@...ux.alibaba.com>
> Acked-by: Huang Ying <ying.huang@...ux.alibaba.com>
> ---
>  drivers/cxl/core/hdm.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/cxl/core/hdm.c b/drivers/cxl/core/hdm.c
> index eb5a3a7640c6..912f648a6b7a 100644
> --- a/drivers/cxl/core/hdm.c
> +++ b/drivers/cxl/core/hdm.c
> @@ -844,14 +844,13 @@ static int cxl_decoder_commit(struct cxl_decoder *cxld)
>  	scoped_guard(rwsem_read, &cxl_rwsem.dpa)
>  		setup_hw_decoder(cxld, hdm);
>  
> -	port->commit_end++;
>  	rc = cxld_await_commit(hdm, cxld->id);
>  	if (rc) {
>  		dev_dbg(&port->dev, "%s: error %d committing decoder\n",
>  			dev_name(&cxld->dev), rc);
> -		cxld->reset(cxld);
>  		return rc;
>  	}
> +	port->commit_end++;
>  	cxld->flags |= CXL_DECODER_F_ENABLE;
>  
>  	return 0;
> -- 
> 2.50.1 (Apple Git-155)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ