| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 May 2019 11:27:58 +0100
From: Robin Murphy <robin.murphy@....com>
To: Srinath Mannam <srinath.mannam@...adcom.com>
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Eric Auger <eric.auger@...hat.com>,
Joerg Roedel <joro@...tes.org>, poza@...eaurora.org,
Ray Jui <rjui@...adcom.com>,
BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>,
linux-pci@...r.kernel.org, iommu@...ts.linux-foundation.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 2/3] iommu/dma: Reserve IOVA for PCIe inaccessible DMA
address
On 03/05/2019 06:23, Srinath Mannam wrote:
> Hi Robin, Lorenzo,
>
> Thanks for review and guidance.
> AFAIU, conclusion of discussion is, to return error if dma-ranges list
> is not sorted.
>
> So that, Can I send a new patch with below change to return error if
> dma-ranges list is not sorted?
>
> -static void iova_reserve_pci_windows(struct pci_dev *dev,
> +static int iova_reserve_pci_windows(struct pci_dev *dev,
> struct iova_domain *iovad)
> {
> struct pci_host_bridge *bridge = pci_find_host_bridge(dev->bus);
> @@ -227,11 +227,15 @@ static void iova_reserve_pci_windows(struct pci_dev *dev,
> resource_list_for_each_entry(window, &bridge->dma_ranges) {
> end = window->res->start - window->offset;
> resv_iova:
> - if (end - start) {
> + if (end > start) {
> lo = iova_pfn(iovad, start);
> hi = iova_pfn(iovad, end);
> reserve_iova(iovad, lo, hi);
> + } else {
> + dev_err(&dev->dev, "Unsorted dma_ranges list\n");
> + return -EINVAL;
> }
> +
>
> Please provide your inputs if any more changes required. Thank you,
You also need to handle and return this error where
iova_reserve_pci_windows() is called from iova_reserve_iommu_regions().
Robin.
> Regards,
> Srinath.
>
> On Thu, May 2, 2019 at 7:45 PM Robin Murphy <robin.murphy@....com> wrote:
>>
>> On 02/05/2019 14:06, Lorenzo Pieralisi wrote:
>>> On Thu, May 02, 2019 at 12:27:02PM +0100, Robin Murphy wrote:
>>>> Hi Lorenzo,
>>>>
>>>> On 02/05/2019 12:01, Lorenzo Pieralisi wrote:
>>>>> On Wed, May 01, 2019 at 11:06:25PM +0530, Srinath Mannam wrote:
>>>>>> dma_ranges field of PCI host bridge structure has resource entries in
>>>>>> sorted order of address range given through dma-ranges DT property. This
>>>>>> list is the accessible DMA address range. So that this resource list will
>>>>>> be processed and reserve IOVA address to the inaccessible address holes in
>>>>>> the list.
>>>>>>
>>>>>> This method is similar to PCI IO resources address ranges reserving in
>>>>>> IOMMU for each EP connected to host bridge.
>>>>>>
>>>>>> Signed-off-by: Srinath Mannam <srinath.mannam@...adcom.com>
>>>>>> Based-on-patch-by: Oza Pawandeep <oza.oza@...adcom.com>
>>>>>> Reviewed-by: Oza Pawandeep <poza@...eaurora.org>
>>>>>> Acked-by: Robin Murphy <robin.murphy@....com>
>>>>>> ---
>>>>>> drivers/iommu/dma-iommu.c | 19 +++++++++++++++++++
>>>>>> 1 file changed, 19 insertions(+)
>>>>>>
>>>>>> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
>>>>>> index 77aabe6..da94844 100644
>>>>>> --- a/drivers/iommu/dma-iommu.c
>>>>>> +++ b/drivers/iommu/dma-iommu.c
>>>>>> @@ -212,6 +212,7 @@ static void iova_reserve_pci_windows(struct pci_dev *dev,
>>>>>> struct pci_host_bridge *bridge = pci_find_host_bridge(dev->bus);
>>>>>> struct resource_entry *window;
>>>>>> unsigned long lo, hi;
>>>>>> + phys_addr_t start = 0, end;
>>>>>> resource_list_for_each_entry(window, &bridge->windows) {
>>>>>> if (resource_type(window->res) != IORESOURCE_MEM)
>>>>>> @@ -221,6 +222,24 @@ static void iova_reserve_pci_windows(struct pci_dev *dev,
>>>>>> hi = iova_pfn(iovad, window->res->end - window->offset);
>>>>>> reserve_iova(iovad, lo, hi);
>>>>>> }
>>>>>> +
>>>>>> + /* Get reserved DMA windows from host bridge */
>>>>>> + resource_list_for_each_entry(window, &bridge->dma_ranges) {
>>>>>
>>>>> If this list is not sorted it seems to me the logic in this loop is
>>>>> broken and you can't rely on callers to sort it because it is not a
>>>>> written requirement and it is not enforced (you know because you
>>>>> wrote the code but any other developer is not supposed to guess
>>>>> it).
>>>>>
>>>>> Can't we rewrite this loop so that it does not rely on list
>>>>> entries order ?
>>>>
>>>> The original idea was that callers should be required to provide a sorted
>>>> list, since it keeps things nice and simple...
>>>
>>> I understand, if it was self-contained in driver code that would be fine
>>> but in core code with possible multiple consumers this must be
>>> documented/enforced, somehow.
>>>
>>>>> I won't merge this series unless you sort it, no pun intended.
>>>>>
>>>>> Lorenzo
>>>>>
>>>>>> + end = window->res->start - window->offset;
>>>>
>>>> ...so would you consider it sufficient to add
>>>>
>>>> if (end < start)
>>>> dev_err(...);
>>>
>>> We should also revert any IOVA reservation we did prior to this
>>> error, right ?
>>
>> I think it would be enough to propagate an error code back out through
>> iommu_dma_init_domain(), which should then end up aborting the whole
>> IOMMU setup - reserve_iova() isn't really designed to be undoable, but
>> since this is the kind of error that should only ever be hit during
>> driver or DT development, as long as we continue booting such that the
>> developer can clearly see what's gone wrong, I don't think we need
>> bother spending too much effort tidying up inside the unused domain.
>>
>>> Anyway, I think it is best to ensure it *is* sorted.
>>>
>>>> here, plus commenting the definition of pci_host_bridge::dma_ranges
>>>> that it must be sorted in ascending order?
>>>
>>> I don't think that commenting dma_ranges would help much, I am more
>>> keen on making it work by construction.
>>>
>>>> [ I guess it might even make sense to factor out the parsing and list
>>>> construction from patch #3 into an of_pci core helper from the beginning, so
>>>> that there's even less chance of another driver reimplementing it
>>>> incorrectly in future. ]
>>>
>>> This makes sense IMO and I would like to take this approach if you
>>> don't mind.
>>
>> Sure - at some point it would be nice to wire this up to
>> pci-host-generic for Juno as well (with a parallel version for ACPI
>> _DMA), so from that viewpoint, the more groundwork in place the better :)
>>
>> Thanks,
>> Robin.
>>
>>>
>>> Either this or we move the whole IOVA reservation and dma-ranges
>>> parsing into PCI IProc.
>>>
>>>> Failing that, although I do prefer the "simple by construction"
>>>> approach, I'd have no objection to just sticking a list_sort() call in
>>>> here instead, if you'd rather it be entirely bulletproof.
>>>
>>> I think what you outline above is a sensible way forward - if we
>>> miss the merge window so be it.
>>>
>>> Thanks,
>>> Lorenzo
>>>
>>>> Robin.
>>>>
>>>>>> +resv_iova:
>>>>>> + if (end - start) {
>>>>>> + lo = iova_pfn(iovad, start);
>>>>>> + hi = iova_pfn(iovad, end);
>>>>>> + reserve_iova(iovad, lo, hi);
>>>>>> + }
>>>>>> + start = window->res->end - window->offset + 1;
>>>>>> + /* If window is last entry */
>>>>>> + if (window->node.next == &bridge->dma_ranges &&
>>>>>> + end != ~(dma_addr_t)0) {
>>>>>> + end = ~(dma_addr_t)0;
>>>>>> + goto resv_iova;
>>>>>> + }
>>>>>> + }
>>>>>> }
>>>>>> static int iova_reserve_iommu_regions(struct device *dev,
>>>>>> --
>>>>>> 2.7.4
>>>>>>
Powered by blists - more mailing lists