From nobody Mon Feb 9 02:55:51 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1699352454; cv=none; d=zohomail.com; s=zohoarc; b=X4ghpXni+ZdrTzirKwvpLKeFpzxyXbbZVP13GVFmO09lb6FkUFOvw5ckbhTogQXo9q0ceu/yhZj+FfCbZDbXZHgi7CeuZK2Ab3+2SNDpjceBnHiR2H6R3KuxDQ2NLjiST8PtLVy/0kd5BAYuShF27bX1deRN+Ck10+3pdGQ0bSQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1699352454; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=qCQ8Bc7r1ZWmECZIkoA9QDb2hwxsOcaeJUpPPLoe0pY=; b=bgISIno6fCZviKrjjEDk2+Puz5zNkLeEQiXmsb5j/EgflEWnecczl3b9U7VidcvuMkA9ONRabYo6mRpovMa7IcRuryzOEd+XisU/CVkcnB0rFW67xufDtoCJ6KFBZDSd+E6tax/ItVDhbOOwQXJ2AalqaIZ47Zd1EislNtTSvuc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1699352454724851.8041715868644; Tue, 7 Nov 2023 02:20:54 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r0J55-0003hG-KT; Tue, 07 Nov 2023 05:13:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r0J53-0003h0-Ut for qemu-devel@nongnu.org; Tue, 07 Nov 2023 05:13:09 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r0J51-0002sT-1G for qemu-devel@nongnu.org; Tue, 07 Nov 2023 05:13:09 -0500 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-363-m5JOuqlNPf-SiT2XQ1mjng-1; Tue, 07 Nov 2023 05:12:59 -0500 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4090181eec2so35037135e9.1 for ; Tue, 07 Nov 2023 02:12:58 -0800 (PST) Received: from redhat.com ([2.55.5.143]) by smtp.gmail.com with ESMTPSA id du15-20020a05600c634f00b00405959bbf4fsm14724926wmb.19.2023.11.07.02.12.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Nov 2023 02:12:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1699351986; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qCQ8Bc7r1ZWmECZIkoA9QDb2hwxsOcaeJUpPPLoe0pY=; b=Y65mC0u9jrhh6YtLL5Gi6m+06GZGmA+LmM+FFgBG+fvpdS7xizcHGcC9jRqoS4LoZwU2zG Zd4EU3jG2ReLBqpoiXhiG1FClzecc5ZcwDrggoH+fYh1Xby/H1TfXFjutO61XnLfQbLLR9 wgNP1PymSAXGw6CSRza2UPjv0fccJKc= X-MC-Unique: m5JOuqlNPf-SiT2XQ1mjng-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699351977; x=1699956777; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=qCQ8Bc7r1ZWmECZIkoA9QDb2hwxsOcaeJUpPPLoe0pY=; b=ZTdepqaYTgIeHJ02l7HrxTzU4ljtO5/lNob8euRBVPbKU8wSw2fC0Ah1qf9QbKEy1j +3B2GBlw8z3epmRzaOwaZLQlisWQL7SHBPHfBF9Xbdtf2d20Pz0EbrjlFnJ8Q+xrOwQ6 N+cDB7VZTZRhyXnz0KBXNUnISxXvNHNLKm9w5wkd1JwTAjHsy2sPLl6gubOKezntTks7 t0qTYJ4t9+3eenA37oSLSmFfodmgOMf0bd8TLLtb6vSfnphB49vRagxb+de4ogMxRD0V QJZT3if3X+Lb6ylSYdFXfFVHFawa5cHdIDS39+D4Lzu2jlj95O62/xYuUh6wizfmcspu wsgw== X-Gm-Message-State: AOJu0YzHJAwoeWW+2e6YYx0UKX/+2qY6ER3t+coOLjyjrvMZC1SsXDDY 3PzADLFEtyf4JkuQNAA/nAqWgIQkhpP6nvyJUjTkLvpVhXLeBqBHfnYH8/XZRp86uMcq1P3xSH0 SVui40V5KMLltvLHuNP4gl97gqp3JliCPSpIsgtSOFP2DCa1mwnbFsitMahDyM5EsdDQq X-Received: by 2002:a05:600c:46c6:b0:406:5308:cfeb with SMTP id q6-20020a05600c46c600b004065308cfebmr2188037wmo.11.1699351976921; Tue, 07 Nov 2023 02:12:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IGof15HDQVZK8pT+o7VUeVBUI8ssewlE1lCEIj3ahjTNiBkd3tsdoojQg2vaqJ3OMcQUWYlUw== X-Received: by 2002:a05:600c:46c6:b0:406:5308:cfeb with SMTP id q6-20020a05600c46c600b004065308cfebmr2188019wmo.11.1699351976564; Tue, 07 Nov 2023 02:12:56 -0800 (PST) Date: Tue, 7 Nov 2023 05:12:52 -0500 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Cc: Peter Maydell , Jonathan Cameron , Fan Ni Subject: [PULL 46/63] hw/cxl/mbox: Split mailbox command payload into separate input and output Message-ID: <6f59274e937576fbb2623b687aa2556e115a712f.1699351720.git.mst@redhat.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1699352456782100015 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jonathan Cameron New CCI types that will be supported shortly do not have a single buffer used in both directions. As such, split it up. To avoid the complexities of implementing all commands to handle potential aliasing, take a copy of the input before use. Signed-off-by: Jonathan Cameron Message-Id: <20231023160806.13206-3-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- include/hw/cxl/cxl_device.h | 7 +- hw/cxl/cxl-events.c | 2 +- hw/cxl/cxl-mailbox-utils.c | 230 +++++++++++++++++++++--------------- 3 files changed, 140 insertions(+), 99 deletions(-) diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h index 556953469c..d7a2c4009e 100644 --- a/include/hw/cxl/cxl_device.h +++ b/include/hw/cxl/cxl_device.h @@ -114,8 +114,9 @@ typedef enum { typedef struct cxl_device_state CXLDeviceState; struct cxl_cmd; typedef CXLRetCode (*opcode_handler)(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, uint16_t = *len); + uint8_t *payload_in, size_t len_in, + uint8_t *payload_out, size_t *len_out, + CXLDeviceState *cxl_dstate); struct cxl_cmd { const char *name; opcode_handler handler; @@ -390,7 +391,7 @@ bool cxl_event_insert(CXLDeviceState *cxlds, CXLEventLo= gType log_type, CXLEventRecordRaw *event); CXLRetCode cxl_event_get_records(CXLDeviceState *cxlds, CXLGetEventPayload= *pl, uint8_t log_type, int max_recs, - uint16_t *len); + size_t *len); CXLRetCode cxl_event_clear_records(CXLDeviceState *cxlds, CXLClearEventPayload *pl); =20 diff --git a/hw/cxl/cxl-events.c b/hw/cxl/cxl-events.c index e2172b94b9..bee6dfaf14 100644 --- a/hw/cxl/cxl-events.c +++ b/hw/cxl/cxl-events.c @@ -143,7 +143,7 @@ bool cxl_event_insert(CXLDeviceState *cxlds, CXLEventLo= gType log_type, =20 CXLRetCode cxl_event_get_records(CXLDeviceState *cxlds, CXLGetEventPayload= *pl, uint8_t log_type, int max_recs, - uint16_t *len) + size_t *len) { CXLEventLog *log; CXLEvent *entry; diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c index c02de06943..e5ddce37c7 100644 --- a/hw/cxl/cxl-mailbox-utils.c +++ b/hw/cxl/cxl-mailbox-utils.c @@ -71,9 +71,9 @@ enum { =20 =20 static CXLRetCode cmd_events_get_records(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxlds, - uint16_t *len) + uint8_t *payload_in, size_t len_i= n, + uint8_t *payload_out, size_t *len= _out, + CXLDeviceState *cxlds) { CXLGetEventPayload *pl; uint8_t log_type; @@ -83,9 +83,9 @@ static CXLRetCode cmd_events_get_records(const struct cxl= _cmd *cmd, return CXL_MBOX_INVALID_INPUT; } =20 - log_type =3D payload[0]; + log_type =3D payload_in[0]; =20 - pl =3D (CXLGetEventPayload *)payload; + pl =3D (CXLGetEventPayload *)payload_out; memset(pl, 0, sizeof(*pl)); =20 max_recs =3D (cxlds->payload_size - CXL_EVENT_PAYLOAD_HDR_SIZE) / @@ -94,30 +94,34 @@ static CXLRetCode cmd_events_get_records(const struct c= xl_cmd *cmd, max_recs =3D 0xFFFF; } =20 - return cxl_event_get_records(cxlds, pl, log_type, max_recs, len); + return cxl_event_get_records(cxlds, pl, log_type, max_recs, len_out); } =20 static CXLRetCode cmd_events_clear_records(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxlds, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxlds) { CXLClearEventPayload *pl; =20 - pl =3D (CXLClearEventPayload *)payload; - *len =3D 0; + pl =3D (CXLClearEventPayload *)payload_in; + *len_out =3D 0; return cxl_event_clear_records(cxlds, pl); } =20 static CXLRetCode cmd_events_get_interrupt_policy(const struct cxl_cmd *cm= d, - uint8_t *payload, - CXLDeviceState *cxlds, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxlds) { CXLEventInterruptPolicy *policy; CXLEventLog *log; =20 - policy =3D (CXLEventInterruptPolicy *)payload; + policy =3D (CXLEventInterruptPolicy *)payload_out; memset(policy, 0, sizeof(*policy)); =20 log =3D &cxlds->event_logs[CXL_EVENT_TYPE_INFO]; @@ -146,23 +150,25 @@ static CXLRetCode cmd_events_get_interrupt_policy(con= st struct cxl_cmd *cmd, policy->dyn_cap_settings =3D CXL_INT_MSI_MSIX; } =20 - *len =3D sizeof(*policy); + *len_out =3D sizeof(*policy); return CXL_MBOX_SUCCESS; } =20 static CXLRetCode cmd_events_set_interrupt_policy(const struct cxl_cmd *cm= d, - uint8_t *payload, - CXLDeviceState *cxlds, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxlds) { CXLEventInterruptPolicy *policy; CXLEventLog *log; =20 - if (*len < CXL_EVENT_INT_SETTING_MIN_LEN) { + if (len_in < CXL_EVENT_INT_SETTING_MIN_LEN) { return CXL_MBOX_INVALID_PAYLOAD_LENGTH; } =20 - policy =3D (CXLEventInterruptPolicy *)payload; + policy =3D (CXLEventInterruptPolicy *)payload_in; =20 log =3D &cxlds->event_logs[CXL_EVENT_TYPE_INFO]; log->irq_enabled =3D (policy->info_settings & CXL_EVENT_INT_MODE_MASK)= =3D=3D @@ -181,7 +187,7 @@ static CXLRetCode cmd_events_set_interrupt_policy(const= struct cxl_cmd *cmd, CXL_INT_MSI_MSIX; =20 /* DCD is optional */ - if (*len < sizeof(*policy)) { + if (len_in < sizeof(*policy)) { return CXL_MBOX_SUCCESS; } =20 @@ -189,15 +195,17 @@ static CXLRetCode cmd_events_set_interrupt_policy(con= st struct cxl_cmd *cmd, log->irq_enabled =3D (policy->dyn_cap_settings & CXL_EVENT_INT_MODE_MA= SK) =3D=3D CXL_INT_MSI_MSIX; =20 - *len =3D sizeof(*policy); + *len_out =3D 0; return CXL_MBOX_SUCCESS; } =20 /* 8.2.9.2.1 */ static CXLRetCode cmd_firmware_update_get_info(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct { uint8_t slots_supported; @@ -216,7 +224,7 @@ static CXLRetCode cmd_firmware_update_get_info(const st= ruct cxl_cmd *cmd, return CXL_MBOX_INTERNAL_ERROR; } =20 - fw_info =3D (void *)payload; + fw_info =3D (void *)payload_out; memset(fw_info, 0, sizeof(*fw_info)); =20 fw_info->slots_supported =3D 2; @@ -224,36 +232,40 @@ static CXLRetCode cmd_firmware_update_get_info(const = struct cxl_cmd *cmd, fw_info->caps =3D 0; pstrcpy(fw_info->fw_rev1, sizeof(fw_info->fw_rev1), "BWFW VERSION 0"); =20 - *len =3D sizeof(*fw_info); + *len_out =3D sizeof(*fw_info); return CXL_MBOX_SUCCESS; } =20 /* 8.2.9.3.1 */ static CXLRetCode cmd_timestamp_get(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { uint64_t final_time =3D cxl_device_get_timestamp(cxl_dstate); =20 - stq_le_p(payload, final_time); - *len =3D 8; + stq_le_p(payload_out, final_time); + *len_out =3D 8; =20 return CXL_MBOX_SUCCESS; } =20 /* 8.2.9.3.2 */ static CXLRetCode cmd_timestamp_set(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { cxl_dstate->timestamp.set =3D true; cxl_dstate->timestamp.last_set =3D qemu_clock_get_ns(QEMU_CLOCK_VIRTUA= L); =20 - cxl_dstate->timestamp.host_set =3D le64_to_cpu(*(uint64_t *)payload); + cxl_dstate->timestamp.host_set =3D le64_to_cpu(*(uint64_t *)payload_in= ); =20 - *len =3D 0; + *len_out =3D 0; return CXL_MBOX_SUCCESS; } =20 @@ -265,9 +277,11 @@ static const QemuUUID cel_uuid =3D { =20 /* 8.2.9.4.1 */ static CXLRetCode cmd_logs_get_supported(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct { uint16_t entries; @@ -276,22 +290,24 @@ static CXLRetCode cmd_logs_get_supported(const struct= cxl_cmd *cmd, QemuUUID uuid; uint32_t size; } log_entries[1]; - } QEMU_PACKED *supported_logs =3D (void *)payload; + } QEMU_PACKED *supported_logs =3D (void *)payload_out; QEMU_BUILD_BUG_ON(sizeof(*supported_logs) !=3D 0x1c); =20 supported_logs->entries =3D 1; supported_logs->log_entries[0].uuid =3D cel_uuid; supported_logs->log_entries[0].size =3D 4 * cxl_dstate->cel_size; =20 - *len =3D sizeof(*supported_logs); + *len_out =3D sizeof(*supported_logs); return CXL_MBOX_SUCCESS; } =20 /* 8.2.9.4.2 */ static CXLRetCode cmd_logs_get_log(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct { QemuUUID uuid; @@ -299,7 +315,7 @@ static CXLRetCode cmd_logs_get_log(const struct cxl_cmd= *cmd, uint32_t length; } QEMU_PACKED QEMU_ALIGNED(16) *get_log; =20 - get_log =3D (void *)payload; + get_log =3D (void *)payload_in; =20 /* * 8.2.9.4.2 @@ -323,19 +339,21 @@ static CXLRetCode cmd_logs_get_log(const struct cxl_c= md *cmd, } =20 /* Store off everything to local variables so we can wipe out the payl= oad */ - *len =3D get_log->length; + *len_out =3D get_log->length; =20 - memmove(payload, cxl_dstate->cel_log + get_log->offset, - get_log->length); + memmove(payload_out, cxl_dstate->cel_log + get_log->offset, + get_log->length); =20 return CXL_MBOX_SUCCESS; } =20 /* 8.2.9.5.1.1 */ static CXLRetCode cmd_identify_memory_device(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct { char fw_revision[0x10]; @@ -363,7 +381,7 @@ static CXLRetCode cmd_identify_memory_device(const stru= ct cxl_cmd *cmd, return CXL_MBOX_INTERNAL_ERROR; } =20 - id =3D (void *)payload; + id =3D (void *)payload_out; memset(id, 0, sizeof(*id)); =20 snprintf(id->fw_revision, 0x10, "BWFW VERSION %02d", 0); @@ -380,21 +398,23 @@ static CXLRetCode cmd_identify_memory_device(const st= ruct cxl_cmd *cmd, /* No limit - so limited by main poison record limit */ stw_le_p(&id->inject_poison_limit, 0); =20 - *len =3D sizeof(*id); + *len_out =3D sizeof(*id); return CXL_MBOX_SUCCESS; } =20 static CXLRetCode cmd_ccls_get_partition_info(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct { uint64_t active_vmem; uint64_t active_pmem; uint64_t next_vmem; uint64_t next_pmem; - } QEMU_PACKED *part_info =3D (void *)payload; + } QEMU_PACKED *part_info =3D (void *)payload_out; QEMU_BUILD_BUG_ON(sizeof(*part_info) !=3D 0x20); =20 if ((!QEMU_IS_ALIGNED(cxl_dstate->vmem_size, CXL_CAPACITY_MULTIPLIER))= || @@ -413,14 +433,16 @@ static CXLRetCode cmd_ccls_get_partition_info(const s= truct cxl_cmd *cmd, cxl_dstate->pmem_size / CXL_CAPACITY_MULTIPLIER); stq_le_p(&part_info->next_pmem, 0); =20 - *len =3D sizeof(*part_info); + *len_out =3D sizeof(*part_info); return CXL_MBOX_SUCCESS; } =20 static CXLRetCode cmd_ccls_get_lsa(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct { uint32_t offset; @@ -430,46 +452,47 @@ static CXLRetCode cmd_ccls_get_lsa(const struct cxl_c= md *cmd, CXLType3Class *cvc =3D CXL_TYPE3_GET_CLASS(ct3d); uint32_t offset, length; =20 - get_lsa =3D (void *)payload; + get_lsa =3D (void *)payload_in; offset =3D get_lsa->offset; length =3D get_lsa->length; =20 if (offset + length > cvc->get_lsa_size(ct3d)) { - *len =3D 0; + *len_out =3D 0; return CXL_MBOX_INVALID_INPUT; } =20 - *len =3D cvc->get_lsa(ct3d, get_lsa, length, offset); + *len_out =3D cvc->get_lsa(ct3d, payload_out, length, offset); return CXL_MBOX_SUCCESS; } =20 static CXLRetCode cmd_ccls_set_lsa(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct set_lsa_pl { uint32_t offset; uint32_t rsvd; uint8_t data[]; } QEMU_PACKED; - struct set_lsa_pl *set_lsa_payload =3D (void *)payload; + struct set_lsa_pl *set_lsa_payload =3D (void *)payload_in; CXLType3Dev *ct3d =3D container_of(cxl_dstate, CXLType3Dev, cxl_dstate= ); CXLType3Class *cvc =3D CXL_TYPE3_GET_CLASS(ct3d); const size_t hdr_len =3D offsetof(struct set_lsa_pl, data); - uint16_t plen =3D *len; =20 - *len =3D 0; - if (!plen) { + *len_out =3D 0; + if (!len_in) { return CXL_MBOX_SUCCESS; } =20 - if (set_lsa_payload->offset + plen > cvc->get_lsa_size(ct3d) + hdr_len= ) { + if (set_lsa_payload->offset + len_in > cvc->get_lsa_size(ct3d) + hdr_l= en) { return CXL_MBOX_INVALID_INPUT; } - plen -=3D hdr_len; + len_in -=3D hdr_len; =20 - cvc->set_lsa(ct3d, set_lsa_payload->data, plen, set_lsa_payload->offse= t); + cvc->set_lsa(ct3d, set_lsa_payload->data, len_in, set_lsa_payload->off= set); return CXL_MBOX_SUCCESS; } =20 @@ -480,9 +503,11 @@ static CXLRetCode cmd_ccls_set_lsa(const struct cxl_cm= d *cmd, * testing that kernel functionality. */ static CXLRetCode cmd_media_get_poison_list(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { struct get_poison_list_pl { uint64_t pa; @@ -502,8 +527,8 @@ static CXLRetCode cmd_media_get_poison_list(const struc= t cxl_cmd *cmd, } QEMU_PACKED records[]; } QEMU_PACKED; =20 - struct get_poison_list_pl *in =3D (void *)payload; - struct get_poison_list_out_pl *out =3D (void *)payload; + struct get_poison_list_pl *in =3D (void *)payload_in; + struct get_poison_list_out_pl *out =3D (void *)payload_out; CXLType3Dev *ct3d =3D container_of(cxl_dstate, CXLType3Dev, cxl_dstate= ); uint16_t record_count =3D 0, i =3D 0; uint64_t query_start, query_length; @@ -552,14 +577,16 @@ static CXLRetCode cmd_media_get_poison_list(const str= uct cxl_cmd *cmd, stq_le_p(&out->overflow_timestamp, ct3d->poison_list_overflow_ts); } stw_le_p(&out->count, record_count); - *len =3D out_pl_len; + *len_out =3D out_pl_len; return CXL_MBOX_SUCCESS; } =20 static CXLRetCode cmd_media_inject_poison(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len_unused) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { CXLType3Dev *ct3d =3D container_of(cxl_dstate, CXLType3Dev, cxl_dstate= ); CXLPoisonList *poison_list =3D &ct3d->poison_list; @@ -567,7 +594,7 @@ static CXLRetCode cmd_media_inject_poison(const struct = cxl_cmd *cmd, struct inject_poison_pl { uint64_t dpa; }; - struct inject_poison_pl *in =3D (void *)payload; + struct inject_poison_pl *in =3D (void *)payload_in; uint64_t dpa =3D ldq_le_p(&in->dpa); CXLPoison *p; =20 @@ -592,14 +619,17 @@ static CXLRetCode cmd_media_inject_poison(const struc= t cxl_cmd *cmd, */ QLIST_INSERT_HEAD(poison_list, p, node); ct3d->poison_list_cnt++; + *len_out =3D 0; =20 return CXL_MBOX_SUCCESS; } =20 static CXLRetCode cmd_media_clear_poison(const struct cxl_cmd *cmd, - uint8_t *payload, - CXLDeviceState *cxl_dstate, - uint16_t *len_unused) + uint8_t *payload_in, + size_t len_in, + uint8_t *payload_out, + size_t *len_out, + CXLDeviceState *cxl_dstate) { CXLType3Dev *ct3d =3D container_of(cxl_dstate, CXLType3Dev, cxl_dstate= ); CXLPoisonList *poison_list =3D &ct3d->poison_list; @@ -611,7 +641,7 @@ static CXLRetCode cmd_media_clear_poison(const struct c= xl_cmd *cmd, CXLPoison *ent; uint64_t dpa; =20 - struct clear_poison_pl *in =3D (void *)payload; + struct clear_poison_pl *in =3D (void *)payload_in; =20 dpa =3D ldq_le_p(&in->dpa); if (dpa + CXL_CACHE_LINE_SIZE > cxl_dstate->mem_size) { @@ -672,6 +702,7 @@ static CXLRetCode cmd_media_clear_poison(const struct c= xl_cmd *cmd, } /* Any fragments have been added, free original entry */ g_free(ent); + *len_out =3D 0; =20 return CXL_MBOX_SUCCESS; } @@ -724,15 +755,24 @@ void cxl_process_mailbox(CXLDeviceState *cxl_dstate) =20 uint8_t set =3D FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND_S= ET); uint8_t cmd =3D FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND); - uint16_t len =3D FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH); + uint16_t len_in =3D FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, LENGT= H); uint8_t *pl =3D cxl_dstate->mbox_reg_state + A_CXL_DEV_CMD_PAYLOAD; + /* + * Copy taken to avoid need for individual command handlers to care + * about aliasing. + */ + g_autofree uint8_t *pl_in_copy =3D NULL; + size_t len_out =3D 0; =20 + pl_in_copy =3D g_memdup2(pl, len_in); + /* Avoid stale data - including from earlier commands */ + memset(pl, 0, CXL_MAILBOX_MAX_PAYLOAD_SIZE); cxl_cmd =3D &cxl_dstate->cxl_cmd_set[set][cmd]; h =3D cxl_cmd->handler; if (h) { - if (len =3D=3D cxl_cmd->in || cxl_cmd->in =3D=3D ~0) { - ret =3D (*h)(cxl_cmd, pl, cxl_dstate, &len); - assert(len <=3D cxl_dstate->payload_size); + if (len_in =3D=3D cxl_cmd->in || cxl_cmd->in =3D=3D ~0) { + ret =3D (*h)(cxl_cmd, pl_in_copy, len_in, pl, &len_out, cxl_ds= tate); + assert(len_out <=3D cxl_dstate->payload_size); } else { ret =3D CXL_MBOX_INVALID_PAYLOAD_LENGTH; } @@ -748,7 +788,7 @@ void cxl_process_mailbox(CXLDeviceState *cxl_dstate) /* Set the return length */ command_reg =3D FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND_S= ET, 0); command_reg =3D FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND, = 0); - command_reg =3D FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH, l= en); + command_reg =3D FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH, l= en_out); =20 cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_CMD] =3D command_reg; cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_STS] =3D status_reg; --=20 MST