summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonathan Cameron <Jonathan.Cameron@huawei.com>2022-08-15 17:40:44 +0200
committerDan Williams <dan.j.williams@intel.com>2022-10-21 01:28:53 +0200
commitf010c75c05299ecd65adfd31a7841eea3476ce1f (patch)
tree6e0a3510472f7defff408a0e43e4458bda2e0c17
parentcxl/region: Fix null pointer dereference due to pass through decoder commit (diff)
downloadlinux-f010c75c05299ecd65adfd31a7841eea3476ce1f.tar.xz
linux-f010c75c05299ecd65adfd31a7841eea3476ce1f.zip
cxl/pmem: Fix failure to account for 8 byte header for writes to the device LSA.
Writes to the device must include an offset and size as defined in CXL 2.0 8.2.9.5.2.4 Set LSA (Opcode 4103h) Fixes tag is non obvious as this code has been through several reworks and variable names + wasn't in use until the addition of the region code. Due to a bug in QEMU CXL emulation this overrun resulted in QEMU crashing. Reported-by: Bobo WL <lmw.bobo@gmail.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Fixes: 60b8f17215de ("cxl/pmem: Translate NVDIMM label commands to CXL label commands") Link: https://lore.kernel.org/r/20220815154044.24733-3-Jonathan.Cameron@huawei.com Signed-off-by: Dan Williams <dan.j.williams@intel.com>
-rw-r--r--drivers/cxl/pmem.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c
index 7dc0a2fa1a6b..115a7b79f343 100644
--- a/drivers/cxl/pmem.c
+++ b/drivers/cxl/pmem.c
@@ -107,7 +107,7 @@ static int cxl_pmem_get_config_size(struct cxl_dev_state *cxlds,
*cmd = (struct nd_cmd_get_config_size) {
.config_size = cxlds->lsa_size,
- .max_xfer = cxlds->payload_size,
+ .max_xfer = cxlds->payload_size - sizeof(struct cxl_mbox_set_lsa),
};
return 0;