On 29/05/2025 21:48, Jonathan Cameron via wrote:
> This has been wrong from day 1. For now we only have
> two entries (component and device registers).
Wow, I finally understood this.
>
> The wrong size could lead to arbitrary data off the stack being presented
> in PCIe config space.
>
> Signed-off-by: Jonathan Cameron <jonathan.came...@huawei.com>
> ---
> include/hw/cxl/cxl_pci.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/hw/cxl/cxl_pci.h b/include/hw/cxl/cxl_pci.h
> index d0855ed78b..3bb882ce89 100644
> --- a/include/hw/cxl/cxl_pci.h
> +++ b/include/hw/cxl/cxl_pci.h
> @@ -31,7 +31,7 @@
> #define PCIE_CXL3_FLEXBUS_PORT_DVSEC_LENGTH 0x20
> #define PCIE_CXL3_FLEXBUS_PORT_DVSEC_REVID 2
>
> -#define REG_LOC_DVSEC_LENGTH 0x24
> +#define REG_LOC_DVSEC_LENGTH 0x1C
IMHO, REG_LOC_DVSEC_LENGTH is device specific, that mean we shouldn't put it in
a general header with a general name
try:
$ git grep REG_LOC_DVSEC_LENGTH
we got another REG_LOC_DVSEC_LENGTH, shouldn't its value (0x1C - 0x8)?
51 regloc_dvsec = &(CXLDVSECRegisterLocator) {
52 .rsvd = 0,
53 .reg0_base_lo = RBI_CXL_DEVICE_REG | 0,
54 .reg0_base_hi = 0,
55 };
56 cxl_component_create_dvsec(cxl_cstate, CXL3_SWITCH_MAILBOX_CCI,
57 REG_LOC_DVSEC_LENGTH, REG_LOC_DVSEC,
58 REG_LOC_DVSEC_REVID, (uint8_t
*)regloc_dvsec);
Thanks
Zhijian
> #define REG_LOC_DVSEC_REVID 0
>
> enum {
