On 2020-05-26 08:19, guptap@xxxxxxxxxxxxxx wrote:
On 2020-05-22 14:54, Robin Murphy wrote:
On 2020-05-22 07:25, guptap@xxxxxxxxxxxxxx wrote:Sorry for delayed response, it was a long weekend.
On 2020-05-22 01:46, Robin Murphy wrote:
On 2020-05-21 12:30, Prakash Gupta wrote:
I agree that invalid DMA API call can result in unexpected issues and client
should fix it, but then the present behavior makes it difficult to catch cases
when driver is making wrong DMA API calls. When invalid iova pfn is passed it
doesn't fail then and there, though DMA layer is aware of iova being invalid. It
fails much after that in the context of an valid map/unmap, with BUG_ON().
Downgrading BUG_ON() to WARN_ON() in iova_magazine_free_pfns() will not help
much as invalid iova will cause NULL pointer dereference.
Obviously I didn't mean a literal s/BUG/WARN/ substitution - some
additional control flow to actually handle the error case was implied.
I'll write up the patch myself, since it's easier than further debating.
I see no reason why DMA layer wants to free an iova for which unmapped failed.
IMHO queuing an invalid iova (which already failed unmap) to rcache which
eventually going to crash the system looks like iommu-dma layer issue.
What if the unmap fails because the address range is already entirely
unmapped? Freeing the IOVA (or at least attempting to) would be
logically appropriate in that case. In fact some IOMMU drivers might
not even consider that a failure, so the DMA layer may not even be
aware that it's been handed a bogus unallocated address.
The point is that unmapping *doesn't* fail under normal and correct
operation, so the DMA layer should not expect to have to handle it.
Even if it does happen, that's a highly exceptional case that the DMA
layer cannot recover from by itself; at best it can just push the
problem elsewhere. It's pretty hard to justify doing extra work to
simply move an exceptional problem around without really addressing
And in this particular case, personally I would *much* rather see
warnings spewing from both the pagetable and IOVA code as early as
possible to clearly indicate that the DMA layer itself has been thrown
out of sync, than just have warnings that might represent some other
source of pagetable corruption (or at worst, depending on the
pagetable code, no warnings at all and only have dma_map_*() calls
quietly start failing much, much later due to all the IOVA space
having been leaked by bad unmaps).