cxl/pmem: Fix failure to account for 8 byte header for writes to the device LSA.

Writes to the device must include an offset and size as defined in
CXL 2.0 8.2.9.5.2.4 Set LSA (Opcode 4103h)

Fixes tag is non obvious as this code has been through several
reworks and variable names + wasn't in use until the addition
of the region code.

Due to a bug in QEMU CXL emulation this overrun resulted in QEMU
crashing.

Reported-by: Bobo WL <lmw.bobo@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Fixes: 60b8f17215de ("cxl/pmem: Translate NVDIMM label commands to CXL label commands")
Link: https://lore.kernel.org/r/20220815154044.24733-3-Jonathan.Cameron@huawei.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c
index 7dc0a2fa1a6b612341576c0c5481d633bb1f0aa1..115a7b79f343960fcb562074bb51b6b245a8e2a0 100644 (file)
--- a/drivers/cxl/pmem.c
+++ b/drivers/cxl/pmem.c
@@ -107,7 +107,7 @@ static int cxl_pmem_get_config_size(struct cxl_dev_state *cxlds,
 
        *cmd = (struct nd_cmd_get_config_size) {
                 .config_size = cxlds->lsa_size,
-                .max_xfer = cxlds->payload_size,
+                .max_xfer = cxlds->payload_size - sizeof(struct cxl_mbox_set_lsa),
        };
 
        return 0;