Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map

From: Robin Murphy
Date: Mon Dec 07 2020 - 07:47:35 EST

Next message: David Hildenbrand: "Re: [External] Re: [PATCH v7 03/15] mm/hugetlb: Introduce a new config HUGETLB_PAGE_FREE_VMEMMAP"
Previous message: Petr Mladek: "Re: vprintk_store: was: [PATCH next v2 3/3] printk: remove logbuf_lock, add syslog_lock"
In reply to: zhukeqian: "Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map"
Next in thread: zhukeqian: "Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020-12-07 12:15, zhukeqian wrote:

Hi,

On 2020/12/7 20:05, Will Deacon wrote:

On Mon, Dec 07, 2020 at 12:01:09PM +0000, Robin Murphy wrote:

On 2020-12-05 08:29, Keqian Zhu wrote:

... then we have more chance to detect wrong code logic.

I don't follow that justification - it's still the same check with the same
outcome, so how does moving it have any effect on the chance to detect
errors?

AFAICS the only difference it would make is to make some errors *less*
obvious - if a sufficiently broken caller passes an empty prot value
alongside an invalid size or already-mapped address, this will now quietly
hide the warnings from the more serious condition(s).

Yes, it will bail out a bit faster in the specific case where the prot value
is the only thing wrong, but since when do we optimise for fundamentally
incorrect API usage?

I thought it was the other way round -- doesn't this patch move the "empty
prot" check later, so we have a chance to check the size and addresses
first?

Yes, this is my original idea.
For that we treat iommu_prot with no permission as success at early start, defer
this early return can expose hidden errors.

...oh dear, my apologies. I've just had a week off and apparently in that time I lost the ability to read :(

I was somehow convinced that the existing check happened at the point where we go to install the PTE, and this patch was moving it earlier. Looking at the whole code in context now I see I got it completely backwards. Sorry for being an idiot.

I guess that only goes to show that a more descriptive commit message would definitely be a good thing :)

Robin.

Thanks,
Keqian

Will

Signed-off-by: Keqian Zhu <zhukeqian1@xxxxxxxxxx>
---
drivers/iommu/io-pgtable-arm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
index a7a9bc08dcd1..8ade72adab31 100644
--- a/drivers/iommu/io-pgtable-arm.c
+++ b/drivers/iommu/io-pgtable-arm.c
@@ -444,10 +444,6 @@ static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
arm_lpae_iopte prot;
long iaext = (s64)iova >> cfg->ias;
- /* If no access, then nothing to do */
- if (!(iommu_prot & (IOMMU_READ | IOMMU_WRITE)))
- return 0;
-
if (WARN_ON(!size || (size & cfg->pgsize_bitmap) != size))
return -EINVAL;
@@ -456,6 +452,10 @@ static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
if (WARN_ON(iaext || paddr >> cfg->oas))
return -ERANGE;
+ /* If no access, then nothing to do */
+ if (!(iommu_prot & (IOMMU_READ | IOMMU_WRITE)))
+ return 0;
+
prot = arm_lpae_prot_to_pte(data, iommu_prot);
ret = __arm_lpae_map(data, iova, paddr, size, prot, lvl, ptep, gfp);
/*

.

_______________________________________________
iommu mailing list
iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/iommu

Next message: David Hildenbrand: "Re: [External] Re: [PATCH v7 03/15] mm/hugetlb: Introduce a new config HUGETLB_PAGE_FREE_VMEMMAP"
Previous message: Petr Mladek: "Re: vprintk_store: was: [PATCH next v2 3/3] printk: remove logbuf_lock, add syslog_lock"
In reply to: zhukeqian: "Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map"
Next in thread: zhukeqian: "Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]