lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 30 Aug 2022 12:13:02 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Jinpu Wang <jinpu.wang@...os.com>
Cc:     Christoph Hellwig <hch@....de>, jgg@...pe.ca,
        linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] RDMA: dma-mapping: Return an unsigned int from
 ib_dma_map_sg{,_attrs}

On Tue, Aug 30, 2022 at 10:23:46AM +0200, Jinpu Wang wrote:
> On Tue, Aug 30, 2022 at 10:01 AM Leon Romanovsky <leon@...nel.org> wrote:
> >
> > On Mon, Aug 29, 2022 at 03:19:14PM +0200, Jinpu Wang wrote:
> > > On Mon, Aug 29, 2022 at 2:06 PM Leon Romanovsky <leon@...nel.org> wrote:
> > > >
> > > > On Mon, Aug 29, 2022 at 11:40:40AM +0200, Jinpu Wang wrote:
> > > > > On Sun, Aug 28, 2022 at 1:09 PM Leon Romanovsky <leon@...nel.org> wrote:
> > > > > >
> > > > > > On Fri, Aug 26, 2022 at 11:56:15AM +0200, Jack Wang wrote:
> > > > > > > Following 2a047e0662ae ("dma-mapping: return an unsigned int from dma_map_sg{,_attrs}")
> > > > > > > change the return value of ib_dma_map_sg{,attrs} to unsigned int.
> > > > > > >
> > > > > > > Cc: Jason Gunthorpe <jgg@...pe.ca>
> > > > > > > Cc: Leon Romanovsky <leon@...nel.org>
> > > > > > > Cc: Christoph Hellwig <hch@....de>
> > > > > > > Cc: linux-rdma@...r.kernel.org
> > > > > > > Cc: linux-kernel@...r.kernel.org
> > > > > > >
> > > > > > > Signed-off-by: Jack Wang <jinpu.wang@...os.com>
> > > > > > > ---
> > > > > > >  drivers/infiniband/core/device.c | 2 +-
> > > > > > >  include/rdma/ib_verbs.h          | 6 +++---
> > > > > > >  2 files changed, 4 insertions(+), 4 deletions(-)
> > > > > >
> > > > > > You forgot to change ib_dma_map_sgtable_attrs() and various
> > > > > > ib_dma_map_sg*() callers.
> > > > > No, they are different.
> > > > > ib_dma_map_sgtable_attrs and dma_map_sgtable return negative on errors.
> > > >
> > > > It is not the point. You changed ib_dma_virt_map_sg() to be unsigned,
> > > > so now the following lines are not correct:
> > > >
> > > >   4138         int nents;
> > > >   4139
> > > >   4140         if (ib_uses_virt_dma(dev)) {
> > > >   4141                 nents = ib_dma_virt_map_sg(dev, sgt->sgl, sgt->orig_nents);
> > > >
> > > > "int nents" should be changed to "unsigned int".
> > > >
> > > > Thanks
> > > ok, I can do it.
> > > just to check if we are on the same page:
> > > For all the callers of ib_dma_map_sg,  would it be better to fix it
> > > one patch per driver or do it in a single bigger patch.
> > > I feel it's better to do it per driver, and there are drivers from
> > > different subsystems e.g. nvme/rds/etc.
> >
> > I don't know, everything here looks not nice to me.
> >
> > After commit 2a047e0662ae ("dma-mapping: return an unsigned int from dma_map_sg{,_attrs}"),
> > all callers left in limbo state where they expect that dma_map_sg{,_attrs} will return
> > upto INT_MAX. However now, the API can return upto UINT_MAX, which is not the case now
> > due to internal implementation of dma_map_sg_*(), but can be changed any second.
> >
> > Can we simply revert that commit and restore the "int" return type?
> > I don't see any benefit in having "unsigned int" if compiler doesn't enforce it.
> I feel different, the dma_map_sg api since the kernel 2.x, is
> documented in DMA-API.txt[1]:
> "
> 
> int
> dma_map_sg(struct device *dev, struct scatterlist *sg,
> int nents, enum dma_data_direction direction)
> 
> Returns: the number of physical segments mapped (this may be shorter
> than <nents> passed in if some elements of the scatter/gather list are
> physically or virtually adjacent and an IOMMU maps them with a single
> entry).
> 
> Please note that the sg cannot be mapped again if it has been mapped once.
> The mapping process is allowed to destroy information in the sg.
> 
> As with the other mapping interfaces, dma_map_sg can fail. When it
> does, 0 is returned and a driver must take appropriate action. It is
> critical that the driver do something, in the case of a block driver
> aborting the request or even oopsing is better than doing nothing and
> corrupting the filesystem.
> 
> "
> It seems the return range for dma_map_sg never returns a negative
> value. I think it's just the API
> should have been defined to return "unsigned int"  IMHO. We should
> update the documentation in the Documentation there
> too. in core-api/dma-api.rst

If you need documentation and implementation to use API, it is not best API [1].
According to Rusty's manifesto it is "2. Read the implementation and you'll get it right.".

You need to dig into the function to understand that UINT_MAX is not
possible, instead of relying on compiler that will prevent such number
if callers are not updated to be unsigned int safe.

So commit 2a047e0662ae "downgraded" API from level "3. Read the documentation and
you'll get it right." to level 2.

Thanks

[1] http://sweng.the-davies.net/Home/rustys-api-design-manifesto

> 
> 
> 
> [1] https://elixir.bootlin.com/linux/v2.6.39.4/source/Documentation/DMA-API.txt
> 
> 
> >
> > Thanks
> >
> > >
> > > Thx!
> > >
> > >
> > > >
> > > > > >
> > > > > > Thanks
> > > > > Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ