<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/tools/testing/cxl, branch master</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (c files)</title>
<updated>2026-07-03T05:38:17+00:00</updated>
<author>
<name>Uwe Kleine-König (The Capable Hub)</name>
<email>u.kleine-koenig@baylibre.com</email>
</author>
<published>2026-06-30T09:24:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=995832b2cebe6969d1b42635db698803ee31294d'/>
<id>995832b2cebe6969d1b42635db698803ee31294d</id>
<content type='text'>
Replace the #include of &lt;linux/mod_devicetable.h&gt; by the more specific
&lt;linux/device-id/*.h&gt; where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Acked-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace the #include of &lt;linux/mod_devicetable.h&gt; by the more specific
&lt;linux/device-id/*.h&gt; where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Acked-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'for-7.2/cxl-type2-attach-region' into cxl-for-next</title>
<updated>2026-06-12T20:47:53+00:00</updated>
<author>
<name>Dave Jiang</name>
<email>dave.jiang@intel.com</email>
</author>
<published>2026-06-12T20:47:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f72af41a43e16276c46d44cf8a833cc0f9ba9d48'/>
<id>f72af41a43e16276c46d44cf8a833cc0f9ba9d48</id>
<content type='text'>
cxl: Add dummy function for cxl_memdev_attach_region for !CONFIG_CXL_REGION
cxl/region: Introduce devm_cxl_probe_mem()
cxl/memdev: Introduce cxl_class_memdev_type
cxl/memdev: Pin parents for entire memdev lifetime
cxl/region: Resolve region deletion races
cxl/region: Block region delete during region creation
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
cxl: Add dummy function for cxl_memdev_attach_region for !CONFIG_CXL_REGION
cxl/region: Introduce devm_cxl_probe_mem()
cxl/memdev: Introduce cxl_class_memdev_type
cxl/memdev: Pin parents for entire memdev lifetime
cxl/region: Resolve region deletion races
cxl/region: Block region delete during region creation
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/region: Introduce devm_cxl_probe_mem()</title>
<updated>2026-06-12T20:47:30+00:00</updated>
<author>
<name>Dan Williams</name>
<email>djbw@kernel.org</email>
</author>
<published>2026-05-19T21:01:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d8dcb0b74b045e36d627935a959c3cf4c8cb2f7c'/>
<id>d8dcb0b74b045e36d627935a959c3cf4c8cb2f7c</id>
<content type='text'>
To date, platform firmware maps accelerator memory and accelerator drivers
simply want an address range that they can map themselves. This typically
results in a single region being auto-assembled upon registration of a
memory device.  Use the @attach mechanism of devm_cxl_add_memdev()
parameter to retrieve that region while also adhering to CXL subsystem
locking and lifetime rules. As part of adhering to current object lifetime
rules, if the region or the CXL port topology is invalidated, the CXL core
arranges for the accelertor driver to be detached as well.

The locking and lifetime rules were validated with Dave's work-in-progress
cxl-type-2 support for cxl_test.

devm_cxl_add_classdev() supports the general memory expansion flow where
region assembly is optional, dynamic, and user controlled.

Cc: Alejandro Lucero &lt;alucerop@amd.com&gt;
Signed-off-by: Dan Williams &lt;djbw@kernel.org&gt;
Reviewed-by: Alejandro Lucero &lt;alucerop@amd.com&gt;
Tested-by: Alejandro Lucero &lt;alucerop@amd.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260519210158.1499795-6-djbw@kernel.org
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
To date, platform firmware maps accelerator memory and accelerator drivers
simply want an address range that they can map themselves. This typically
results in a single region being auto-assembled upon registration of a
memory device.  Use the @attach mechanism of devm_cxl_add_memdev()
parameter to retrieve that region while also adhering to CXL subsystem
locking and lifetime rules. As part of adhering to current object lifetime
rules, if the region or the CXL port topology is invalidated, the CXL core
arranges for the accelertor driver to be detached as well.

The locking and lifetime rules were validated with Dave's work-in-progress
cxl-type-2 support for cxl_test.

devm_cxl_add_classdev() supports the general memory expansion flow where
region assembly is optional, dynamic, and user controlled.

Cc: Alejandro Lucero &lt;alucerop@amd.com&gt;
Signed-off-by: Dan Williams &lt;djbw@kernel.org&gt;
Reviewed-by: Alejandro Lucero &lt;alucerop@amd.com&gt;
Tested-by: Alejandro Lucero &lt;alucerop@amd.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260519210158.1499795-6-djbw@kernel.org
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tools/testing/cxl: Resolve auto-region decoder targets like real HW</title>
<updated>2026-06-12T15:14:46+00:00</updated>
<author>
<name>Richard Cheng</name>
<email>icheng@nvidia.com</email>
</author>
<published>2026-06-12T01:12:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=769f0b350c81ab147fff37b92637e12190f1be29'/>
<id>769f0b350c81ab147fff37b92637e12190f1be29</id>
<content type='text'>
The mock auto-region created at module load wrote switch and host-bridge
decoder target[] directly, in addition to target_map[]. Real HW programs
only target_map[] and resolves target[] as dports enumerate, via
update_decoder_targets(). Region replay already follows that ordering,
the initial auto-region did not.

Drop the direct target[] writes and call
cxl_port_update_decoder_targets() so target[] is resolved the same way
as real HW and region replay, exercising more of the auto-region driver
path.

This is inspired by the discussion [1] below:

[1]: https://lore.kernel.org/all/20260521084806.28232-1-icheng@nvidia.com/

Suggested-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Signed-off-by: Richard Cheng &lt;icheng@nvidia.com&gt;
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com?&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Tested-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260612011227.4220-1-icheng@nvidia.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The mock auto-region created at module load wrote switch and host-bridge
decoder target[] directly, in addition to target_map[]. Real HW programs
only target_map[] and resolves target[] as dports enumerate, via
update_decoder_targets(). Region replay already follows that ordering,
the initial auto-region did not.

Drop the direct target[] writes and call
cxl_port_update_decoder_targets() so target[] is resolved the same way
as real HW and region replay, exercising more of the auto-region driver
path.

This is inspired by the discussion [1] below:

[1]: https://lore.kernel.org/all/20260521084806.28232-1-icheng@nvidia.com/

Suggested-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Signed-off-by: Richard Cheng &lt;icheng@nvidia.com&gt;
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com?&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Tested-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260612011227.4220-1-icheng@nvidia.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/test: Add check after kzalloc() memory in alloc_mock_res()</title>
<updated>2026-06-12T01:08:34+00:00</updated>
<author>
<name>Dave Jiang</name>
<email>dave.jiang@intel.com</email>
</author>
<published>2026-06-11T23:03:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=dfe28c8592538152e9611341dae6f7be1735b3f1'/>
<id>dfe28c8592538152e9611341dae6f7be1735b3f1</id>
<content type='text'>
alloc_mock_res() calls kzalloc() without checking the return value.
Add scope based resource management to deal with the allocated memory
cleanly.

Reported-by: sashiko-bot
Fixes: 67dcdd4d3b83 ("tools/testing/cxl: Introduce a mocked-up CXL port hierarchy")
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Link: https://patch.msgid.link/20260611230305.197390-1-dave.jiang@intel.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
alloc_mock_res() calls kzalloc() without checking the return value.
Add scope based resource management to deal with the allocated memory
cleanly.

Reported-by: sashiko-bot
Fixes: 67dcdd4d3b83 ("tools/testing/cxl: Introduce a mocked-up CXL port hierarchy")
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Link: https://patch.msgid.link/20260611230305.197390-1-dave.jiang@intel.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/test: Unregister cxl_acpi in cxl_test_init() error path</title>
<updated>2026-06-12T01:08:02+00:00</updated>
<author>
<name>Dave Jiang</name>
<email>dave.jiang@intel.com</email>
</author>
<published>2026-06-11T23:03:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=50cc34be04a0ea7522b739c9c7a71367cfbc489c'/>
<id>50cc34be04a0ea7522b739c9c7a71367cfbc489c</id>
<content type='text'>
In cxl_test_init(), Once cxl_mock_platform_device_add() succeeds, all
error paths after needs to call platform_device_unregister() instead of
platform_device_put() to clean up.

Fixes: 67dcdd4d3b83 ("tools/testing/cxl: Introduce a mocked-up CXL port hierarchy")
Reported-by: sashiko-bot
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Link: https://patch.msgid.link/20260611230355.198912-1-dave.jiang@intel.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In cxl_test_init(), Once cxl_mock_platform_device_add() succeeds, all
error paths after needs to call platform_device_unregister() instead of
platform_device_put() to clean up.

Fixes: 67dcdd4d3b83 ("tools/testing/cxl: Introduce a mocked-up CXL port hierarchy")
Reported-by: sashiko-bot
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Link: https://patch.msgid.link/20260611230355.198912-1-dave.jiang@intel.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/test: Zero out LSA backing memory to avoid leaking to user</title>
<updated>2026-06-10T18:20:04+00:00</updated>
<author>
<name>Dave Jiang</name>
<email>dave.jiang@intel.com</email>
</author>
<published>2026-06-05T18:44:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=60f065dbaf46e65830da62a0041761f0c039e086'/>
<id>60f065dbaf46e65830da62a0041761f0c039e086</id>
<content type='text'>
Memory through vmalloc() is not zeroed out. When this memory is copied
into output payload, it leaks memory content to user. Use vzalloc()
instead to zero out the memory.

Suggested-by: sashiko-bot
Link: https://lore.kernel.org/linux-cxl/20260605173146.2B9A31F00893@smtp.kernel.org/
Fixes: 7d3eb23c4ccf ("tools/testing/cxl: Introduce a mock memory device + driver")
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Link: https://patch.msgid.link/20260605184426.4070913-1-dave.jiang@intel.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Memory through vmalloc() is not zeroed out. When this memory is copied
into output payload, it leaks memory content to user. Use vzalloc()
instead to zero out the memory.

Suggested-by: sashiko-bot
Link: https://lore.kernel.org/linux-cxl/20260605173146.2B9A31F00893@smtp.kernel.org/
Fixes: 7d3eb23c4ccf ("tools/testing/cxl: Introduce a mock memory device + driver")
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Link: https://patch.msgid.link/20260605184426.4070913-1-dave.jiang@intel.com
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/test: Fix integer overflow in mock LSA bounds checks</title>
<updated>2026-06-10T18:19:10+00:00</updated>
<author>
<name>Dave Jiang</name>
<email>dave.jiang@intel.com</email>
</author>
<published>2026-06-05T17:12:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=81eafcada109b653977c4dfbd2b6a72470025a01'/>
<id>81eafcada109b653977c4dfbd2b6a72470025a01</id>
<content type='text'>
Pre-existing issue discovered by sashiko-bot.

mock_get_lsa() and mock_set_lsa() validate the requested LSA range with
"offset + length &gt; LSA_SIZE". Both offset and length are u32 and, in
mock_get_lsa(), both are taken directly from the user-supplied payload.
The addition is evaluated modulo 2^32, so a large offset combined with a
small length wraps around and passes the check.

Rewrite the checks to first bound offset, then compare length against the
remaining LSA size.

Suggested-by: sashiko-bot
Fixes: 7d3eb23c4ccf ("tools/testing/cxl: Introduce a mock memory device + driver")
Link: https://lore.kernel.org/linux-cxl/20260605143748.235271F00893@smtp.kernel.org/
Assisted-by: Claude:claude-opus-4-8
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pre-existing issue discovered by sashiko-bot.

mock_get_lsa() and mock_set_lsa() validate the requested LSA range with
"offset + length &gt; LSA_SIZE". Both offset and length are u32 and, in
mock_get_lsa(), both are taken directly from the user-supplied payload.
The addition is evaluated modulo 2^32, so a large offset combined with a
small length wraps around and passes the check.

Rewrite the checks to first bound offset, then compare length against the
remaining LSA size.

Suggested-by: sashiko-bot
Fixes: 7d3eb23c4ccf ("tools/testing/cxl: Introduce a mock memory device + driver")
Link: https://lore.kernel.org/linux-cxl/20260605143748.235271F00893@smtp.kernel.org/
Assisted-by: Claude:claude-opus-4-8
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/test: Verify cmd-&gt;size_in before accessing payload</title>
<updated>2026-06-10T17:50:35+00:00</updated>
<author>
<name>Dave Jiang</name>
<email>dave.jiang@intel.com</email>
</author>
<published>2026-06-05T18:15:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=71a1def165267bc0947d4236f7336f490739c379'/>
<id>71a1def165267bc0947d4236f7336f490739c379</id>
<content type='text'>
Several mock mailbox handlers access input payload fields before
verifying that cmd-&gt;size_in is large enough for the corresponding
structure.

To ensure invalid commands are rejected before any payload data is
consumed, add missing size checks and move existing checks ahead of
the first payload field access.

[dj: Updated commit log per Alison's comments. ]

Fixes: 7d3eb23c4ccf ("tools/testing/cxl: Introduce a mock memory device + driver")
Fixes: d1dca858f058 ("cxl/test: Add generic mock events")
Fixes: f6448cb5f2f3 ("tools/testing/cxl: add firmware update emulation to CXL memdevs")
Fixes: e77e9c107978 ("cxl/test: Add Get Feature support to cxl_test")
Link: https://lore.kernel.org/linux-cxl/20260605143748.235271F00893@smtp.kernel.org/
Suggested-by: sashiko-bot
Tested-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Several mock mailbox handlers access input payload fields before
verifying that cmd-&gt;size_in is large enough for the corresponding
structure.

To ensure invalid commands are rejected before any payload data is
consumed, add missing size checks and move existing checks ahead of
the first payload field access.

[dj: Updated commit log per Alison's comments. ]

Fixes: 7d3eb23c4ccf ("tools/testing/cxl: Introduce a mock memory device + driver")
Fixes: d1dca858f058 ("cxl/test: Add generic mock events")
Fixes: f6448cb5f2f3 ("tools/testing/cxl: add firmware update emulation to CXL memdevs")
Fixes: e77e9c107978 ("cxl/test: Add Get Feature support to cxl_test")
Link: https://lore.kernel.org/linux-cxl/20260605143748.235271F00893@smtp.kernel.org/
Suggested-by: sashiko-bot
Tested-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cxl/test: Fix __fortify_panic</title>
<updated>2026-06-04T15:44:00+00:00</updated>
<author>
<name>Dan Williams</name>
<email>djbw@kernel.org</email>
</author>
<published>2026-05-19T22:12:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=08326b92c7a414a73b5b308d1daf0e91e0134dfc'/>
<id>08326b92c7a414a73b5b308d1daf0e91e0134dfc</id>
<content type='text'>
Fix a runtime assertion in setup_xor_mapping(). Fortify complains that it
is potentially overflowing the xormaps array per __counted_by(nr_maps).
Quiet the false positive by initializing @nr_maps earlier.

 memcpy: detected buffer overflow: 32 byte write of buffer size 0
 WARNING: lib/string_helpers.c:1036 at __fortify_report+0x4d/0xa0, CPU#8: modprobe/2728
 Call Trace:
  __fortify_panic+0xd/0xf
  setup_xor_mapping+0x6c/0xa0 [cxl_translate]

[ dj: Fixed up @nr_entries to @nr_maps in commit log. ]

Fixes: 06377c54a133 ("cxl/test: Add cxl_translate module for address translation testing")
Signed-off-by: Dan Williams &lt;djbw@kernel.org&gt;
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260519221204.1517773-3-djbw@kernel.org
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix a runtime assertion in setup_xor_mapping(). Fortify complains that it
is potentially overflowing the xormaps array per __counted_by(nr_maps).
Quiet the false positive by initializing @nr_maps earlier.

 memcpy: detected buffer overflow: 32 byte write of buffer size 0
 WARNING: lib/string_helpers.c:1036 at __fortify_report+0x4d/0xa0, CPU#8: modprobe/2728
 Call Trace:
  __fortify_panic+0xd/0xf
  setup_xor_mapping+0x6c/0xa0 [cxl_translate]

[ dj: Fixed up @nr_entries to @nr_maps in commit log. ]

Fixes: 06377c54a133 ("cxl/test: Add cxl_translate module for address translation testing")
Signed-off-by: Dan Williams &lt;djbw@kernel.org&gt;
Reviewed-by: Alison Schofield &lt;alison.schofield@intel.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260519221204.1517773-3-djbw@kernel.org
Signed-off-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
