From: Davidlohr Bueso <dave@stgolabs.net>
To: Fan Ni <fan.ni@samsung.com>
Cc: "alison.schofield@intel.com" <alison.schofield@intel.com>,
"vishal.l.verma@intel.com" <vishal.l.verma@intel.com>,
"ira.weiny@intel.com" <ira.weiny@intel.com>,
"bwidawsk@kernel.org" <bwidawsk@kernel.org>,
"dan.j.williams@intel.com" <dan.j.williams@intel.com>,
"Jonathan.Cameron@huawei.com" <Jonathan.Cameron@huawei.com>,
"dan.carpenter@oracle.com" <dan.carpenter@oracle.com>,
"linux-cxl@vger.kernel.org" <linux-cxl@vger.kernel.org>,
Adam Manzanares <a.manzanares@samsung.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] cxl/region: Fix null pointer dereference for resetting decoder
Date: Wed, 1 Feb 2023 07:57:29 -0800 [thread overview]
Message-ID: <20230201155729.wnil24dijtd2rfhl@offworld> (raw)
In-Reply-To: <20221215170909.2650271-1-fan.ni@samsung.com>
On Thu, 15 Dec 2022, Fan Ni wrote:
>Not all decoders have a reset callback.
>
>The CXL specification allows a host bridge with a single root port to
>have no explicit HDM decoders. Currently the region driver assumes there
>are none. As such the CXL core creates a special pass through decoder
>instance without a commit/reset callback.
>
>Prior to this patch, the ->reset() callback was called unconditionally when
>calling cxl_region_decode_reset. Thus a configuration with 1 Host Bridge,
>1 Root Port, and one directly attached CXL type 3 device or multiple CXL
>type 3 devices attached to downstream ports of a switch can cause a null
>pointer dereference.
>
>Before the fix, a kernel crash was observed when we destroy the region, and
>a pass through decoder is reset.
>
>The issue can be reproduced as below,
> 1) create a region with a CXL setup which includes a HB with a
> single root port under which a memdev is attached directly.
> 2) destroy the region with cxl destroy-region regionX -f.
>
>Fixes: 176baefb2eb5 ("cxl/hdm: Commit decoder state to hardware")
>Signed-off-by: Fan Ni <fan.ni@samsung.com>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
next prev parent reply other threads:[~2023-02-01 16:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20221215170915uscas1p262ccdf32fb2ccd3840189376c2793d06@uscas1p2.samsung.com>
2022-12-15 17:09 ` [PATCH] cxl/region: Fix null pointer dereference for resetting decoder Fan Ni
2023-01-13 11:01 ` Jonathan Cameron
2023-02-01 17:58 ` Dan Williams
2023-01-17 17:12 ` Dave Jiang
2023-02-01 15:57 ` Davidlohr Bueso [this message]
2023-02-06 11:23 ` Gregory Price
2023-02-06 19:16 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230201155729.wnil24dijtd2rfhl@offworld \
--to=dave@stgolabs.net \
--cc=Jonathan.Cameron@huawei.com \
--cc=a.manzanares@samsung.com \
--cc=alison.schofield@intel.com \
--cc=bwidawsk@kernel.org \
--cc=dan.carpenter@oracle.com \
--cc=dan.j.williams@intel.com \
--cc=fan.ni@samsung.com \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.