On 2/11/2023 4:25 AM, Lukas Wunner wrote: > cxl_cdat_get_length() only checks whether the DOE response size is > sufficient for the Table Access response header (1 dword), but not the > succeeding CDAT header (1 dword length plus other fields). > > It thus returns whatever uninitialized memory happens to be on the stack > if a truncated DOE response with only 1 dword was received. Fix it. > > Fixes: c97006046c79 ("cxl/port: Read CDAT table") > Reported-by: Ming Li <ming4.li@xxxxxxxxx> > Tested-by: Ira Weiny <ira.weiny@xxxxxxxxx> > Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx> Reviewed-by: Ming Li <ming4.li@xxxxxxxxx>