Re: [v2 PATCH] iommu/arm-smmu-v3: Fix L1 stream table index calculation for 32-bit sid size
From: Yang Shi
Date: Wed Oct 02 2024 - 16:05:27 EST
On 10/2/24 12:40 PM, Jason Gunthorpe wrote:
On Wed, Oct 02, 2024 at 12:22:48PM -0700, Nicolin Chen wrote:
On Wed, Oct 02, 2024 at 12:04:32PM -0700, Yang Shi wrote:
On Wed, Oct 02, 2024 at 10:55:14AM -0700, Yang Shi wrote:
+static inline unsigned int arm_smmu_strtab_max_sid(struct arm_smmu_device *smmu)
+{
+ return (1ULL << smmu->sid_bits);
+}
+
Hmm, why ULL gets truncated to unsigned int here?
No particular reason, but it should be better to not truncate here. Will
fix it.
Yea, and looks like we are going to do with:
static inline u64 arm_smmu_strtab_num_sids(struct arm_smmu_device *smmu);
Then let's be careful at those return-value holders too:
-----------------------------------------------------------
static int arm_smmu_init_strtab_linear(struct arm_smmu_device *smmu)
{
u32 size;
struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
size = (1 << smmu->sid_bits) * sizeof(struct arm_smmu_ste);
^^^^
overflow?
[...]
cfg->linear.num_ents = 1 << smmu->sid_bits;
^^^^^^^^
This is u32
-----------------------------------------------------------
It would make some sense to have something like:
u64 size = arm_smmu_strtab_max_sid()
/* Would require too much memory */
if (size > SZ_512M)
return -EINVAL;
Why not just check smmu->sid_bits?
For example,
if (smmu->sid_bits > 28)
return -EINVAL;
The check can happen before the shift.
Just to reject bad configuration rather than truncate the allocation
and overflow STE array memory or something. Having drivers be robust
to this kind of stuff is a confidential compute topic :\
Jason