From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,MSGID_FROM_MTA_HEADER,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B80EC433E0 for ; Tue, 23 Feb 2021 20:37:44 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 829BD64EC1 for ; Tue, 23 Feb 2021 20:37:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 829BD64EC1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 19A846B0005; Tue, 23 Feb 2021 15:37:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 125036B0006; Tue, 23 Feb 2021 15:37:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EBA778D0001; Tue, 23 Feb 2021 15:37:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0113.hostedemail.com [216.40.44.113]) by kanga.kvack.org (Postfix) with ESMTP id CA7D86B0005 for ; Tue, 23 Feb 2021 15:37:42 -0500 (EST) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 93B508248047 for ; Tue, 23 Feb 2021 20:37:42 +0000 (UTC) X-FDA: 77850693564.16.B00D906 Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) by imf07.hostedemail.com (Postfix) with ESMTP id 0CDEFA0000FD for ; Tue, 23 Feb 2021 20:37:40 +0000 (UTC) Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11NKYT1D070317; Tue, 23 Feb 2021 20:37:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2020-01-29; bh=p2A42JA+o43W48SkUXAE99ADHE/Psd8VjoaL2bayDzQ=; b=lLki/g9WeOEnwqPZTk0KQ6iUdzLOWwmAr9X+c1k+wDaQFa8f8+SO/YyEWnKFZDXoeaQs fO+G4UrnH+XYuIA/CI0yX5WCDniu0cXu82tKj8ByJiVVcAbyCI1+cIKlIS4y6ioojQb9 yjtn0kRpW44M5OuPDJG2V4B0r2wrBA59G0HoZp9Q+ih9qdw17/6slqnij1D6ShgAFd5Y S1bNwSSUe0ITQa0QKLSHjv15eaIpOK8AOmkbKoU5FwrqRe20xq7ZjoM7ccoCYzHg848h tflyL7tmdPc4LvdcD/v9qFfTUOJ6TK8vTdNkvlJLgwj0nrY0PBQYhkF2dYmVlXyf4YuO 5A== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2120.oracle.com with ESMTP id 36ugq3fmuq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Feb 2021 20:37:38 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11NKa9ci028506; Tue, 23 Feb 2021 20:37:38 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2104.outbound.protection.outlook.com [104.47.58.104]) by userp3020.oracle.com with ESMTP id 36uc6s8hkg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Feb 2021 20:37:38 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c5oPnmnM4SH6/cwbvIo3TqLu2feYrwFgMr9r8uoLP9uIQRnylSywSBhFAoh/0INCwmNwd1K6UHKq8pHpp3wyAnfpv6usvkzyB50Po1PCYnDKAiu83+Dpn61Sse1Ugp/7MYxBzUglmj5xF7h3D3cpCXZTOAirdqXMVZXhJr0lYJ5KLbZS6sFm7ou9Ux1kM9LdZ4UgpL4ih1ZLvA09gwMqqTGrFwsoXLx/SI+3zgfAfknlJX2pmHdMAt38nPs0SI5smK8IPnmTD+37C2d6k7KBh49VcSVzOxQj6fwuJ7T1OOuUL45d+oFRASDcc4Nza0kUJ2y8S3MKu/fSoh9OowkLNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p2A42JA+o43W48SkUXAE99ADHE/Psd8VjoaL2bayDzQ=; b=m2IQxpsfduFsS8R/zFg5IN9imnOR/usIQ9r/zUbh8Jt7/xBa6qCgYWwvMJMm7tduUFA8xNY7pBw3Jw8C8WLQtNG5SdqEJWD8R6i55P4SuZGyCe8XAEEezvnl/JvGOZaBvSPkLZCUOLL/nupC6mi5PNt16iIjnxqImxynO55whGut89aUckVKSMaicvUQWNAz8ztOrbddM/8Bo2RtFsXK8uhZE62vWQkpE3pUFwiJmjOHkBa0EQKxkymfkXz1vA3vY5t+m3MtobMuMLOVbUswCXl7VX6cECkd4pLac5HQqVIVC2BRtCw9CPy67TWSl3ExuD6vCuqkFl0r6U/BWaJ/tA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p2A42JA+o43W48SkUXAE99ADHE/Psd8VjoaL2bayDzQ=; b=BoSmpIboSv/kCFUsTlBLjxi77dUJ0gyY610hlC2lPwvTALLsIgjkdOfzOKsCbnJt/gU/HOV5tZJ3e/+R6WXAQz3IAVcj8nes8rCA/g1JLS2lSYcJVxNhlJDAHmaGVUmo/aYZSXRQmO9Gzx24aap1OpnoS6CNqmeC3Ed/yMdhCZM= Received: from BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) by SJ0PR10MB4766.namprd10.prod.outlook.com (2603:10b6:a03:2ac::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.27; Tue, 23 Feb 2021 20:37:36 +0000 Received: from BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd]) by BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd%6]) with mapi id 15.20.3868.033; Tue, 23 Feb 2021 20:37:36 +0000 Subject: Re: [kbuild] [linux-next:master 6931/12022] drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' To: Alex Williamson Cc: Dan Carpenter , kbuild@lists.01.org, lkp@intel.com, kbuild-all@lists.01.org, Linux Memory Management List , Cornelia Huck References: <20210222141043.GW2222@kadam> <20210222155145.50e2d513@omen.home.shazbot.org> <20210222161753.7acc4e92@omen.home.shazbot.org> <20210223104535.17986dee@omen.home.shazbot.org> From: Steven Sistare Organization: Oracle Corporation Message-ID: <6527a7db-3b13-2572-3450-157e7de598c0@oracle.com> Date: Tue, 23 Feb 2021 15:37:31 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 In-Reply-To: <20210223104535.17986dee@omen.home.shazbot.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [24.62.106.7] X-ClientProxiedBy: CY4PR13CA0083.namprd13.prod.outlook.com (2603:10b6:903:152::21) To BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.92] (24.62.106.7) by CY4PR13CA0083.namprd13.prod.outlook.com (2603:10b6:903:152::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.8 via Frontend Transport; Tue, 23 Feb 2021 20:37:34 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5a521168-68a8-416a-38df-08d8d83ada7f X-MS-TrafficTypeDiagnostic: SJ0PR10MB4766: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 98BU6Fyn0ex7UgjVwSQuhKJYJkAtCZpg2T6RD6lB6MAhI3J/whps6DdXJQVbc8syS6eNUJXH2yJV7/DpSkT1VXi6TadGhMhgywpWZD3WdT06dWw/BTCa/cw4ccJYoZq7zOyd5WvA/G9S/WMMu9k3iOYK7ix1cDQ6seIE9Dv+m3/VLflhQZV3ZXGNVDRWyaLIgxq3An+EL0fw8tJbA5DYU8b4swdcwY60y9GYU4FAZ4a254AleIC31u4LNatlOzJyZREySyKlLOEKKmiL+yk4D58B788AbBjYSa63y3thW1R+oBDCJyjzLjdm+PxA5gVpft4OTNpUTuOsErFHUfeI42kDj16TMfgTHo9YDB9OG3A8R3LNhSULQyf87aEcBL9zn4aIacLvy52tBj36Gy4phOetFT2DQ1Qk9y1K0z7XtaDa4DtsVYDAIHpmDFdorvOY8H6t4VJ0OJqWGwHOj7K9V0NSUcg0ex7qRYUDjXjV/pELlMx+cWu/IEVwbZf8llHpnUUlRk9S34bDkxHTYhpEKdh6HdbgAN2AvW8NOJsCMKlnblIxQg2MZPJdsZjr+jORCgxmumRbhqd0/R9MTlB5fM80+vVxeKqfW7GhTAIrzigNbgaw0UOUtYuXFX9V4oWJ+gHmfa6lzOtuPjkbg5X+pfKSiRKaP5LOY0Fsy1Fklfv8GDOc3dO5BOlKoPEqb/Y4 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3240.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(136003)(346002)(39860400002)(376002)(396003)(366004)(44832011)(186003)(5660300002)(66476007)(53546011)(4001150100001)(8936002)(31696002)(4326008)(26005)(16526019)(8676002)(16576012)(66556008)(36916002)(316002)(83380400001)(2616005)(6916009)(6666004)(54906003)(66946007)(36756003)(2906002)(31686004)(966005)(956004)(86362001)(6486002)(478600001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?MDlXMk5tT1NCVFQyRWp5a21NZk9ONS9ENkNiNUNiZzlIS0xmOXJZVGdTek0v?= =?utf-8?B?Wmo4aXBtOGpIdWV6Y2U3enRCcGgwY0ttK09ONTkvK3YrNkljSHBvZzFCbFhn?= =?utf-8?B?L1prZWlXQ0tIdjU2Ti8wOWFQaXdQMURtK0p1dFBMSHl5aFljV2hSdStQaEZE?= =?utf-8?B?UXZpN2dqM09YMEdzcDJaT1hIM0wzWmNLcDhPWCs4SE5PdHVoT1J4NXo4TTJR?= =?utf-8?B?eXRUeVFwNjRMNTZtNHFVZnN0K2lYbFdXWGVTTDJXZktCYTBucjNTUDJlSWxz?= =?utf-8?B?SnVvdUZJcGNjNkxxL05nZW5veUM2dXluekQ1d0YzVHBUUE1XU25aOW1CSnZt?= =?utf-8?B?OHhXL2NUT2wyVSt0MjFGYi9FR0J5WW5BSUY0T2owZHorSG1BNFNpY09KNXAz?= =?utf-8?B?VG9uWmp4THZER3F2U1dPYWJPdnFoVk52R2lRUXoxd3cxOXhGN1pZQ3VTS2pY?= =?utf-8?B?ZkVSTmxhRmJuWTlGT0wzcEsxMURHaldKUmdZUnEzS1AxL3ZKYzNXNWl4OGt2?= =?utf-8?B?dlMxWFN1bmhiUlFCeEtqQkorc1Rxb2xvOThkQnM5Mk1lRkkySWFKUUVXYkww?= =?utf-8?B?U1R2MzJFNzVNUTFWM25CRjI3TmRYa3RLaVJ0ZHJvR21tSVpiVzZkTk9qR1BI?= =?utf-8?B?c1JldmhwQmZzQWc1a1RKSUxnZGFFSE9MRmo0M1VHTFVVMlpHb3FqZlhWYjhK?= =?utf-8?B?SEJ6RWIrQzIrVUdBVGhQV2daWkkrdG5zdExWVFVYM3hJTEJ6bGQzTENxS0lq?= =?utf-8?B?Um1KbXBaUVNsZzZmazNuRS9EdGpGR2Zuc0JMYTFYN0xuTnVWOVZrZ3E4REtZ?= =?utf-8?B?aXNnZkZsQkFLdHQxbzQ3Yy8zL3oyTkNPSmIyUnNpQjNSMC9hSExKZHdDVlVn?= =?utf-8?B?LzljRzM2VEYzSmVLWENJcWR6UnZHY2V6RVhMclpEc1NuVXVYMzk1cXIwd1Zt?= =?utf-8?B?ODdXbnNNWEV2Nlg2bjcxWjBMVk9tWjMybHE0eGhjbnZqUEU5akY1SEpMcDV5?= =?utf-8?B?OTFaMFowSnc4dTVjNkhqZ0xDYmxCcytOenhsV0hZSkZyWWw2dG1rN0pvMDdO?= =?utf-8?B?L1Fzb2pmV2RKRkpLbFZVWTVUR25FRkhLN2xiZlZ6NG1vWWVKSXloWUg4SEVp?= =?utf-8?B?VHBGOGNHQUI0TktPUGVQZkhIeDNnNWNaMEpRelN5UWRSWVRMSmJLUlFiMkFC?= =?utf-8?B?alhmL2t5VGlZcndYWUVyQWZMVXViL1N6djhSd200eEZQU09yZE9jRnFhbTdV?= =?utf-8?B?Z3NzSS9vTzNHTkhYTDhZeUsvMkxwelVFcHFBeTErSCtJZUNqRGNlM09tSmM4?= =?utf-8?B?Y3FHUkNmb2U4RHFxb3cvZjA1Um90UHM0MWpJWmExKzRkQWRyUkV1ZW84bTZa?= =?utf-8?B?NG0vZW5vajExWG9OZUk0K2JyMlJIRkpUdURNZUp4eWZ0RkpyQ0xESTRrNDVr?= =?utf-8?B?ZkJpMFZhU0RQSzhuaVo5aEJDcDNiT2RoNVlmbWRJT1ZMVXR0ck5HVnlEZDRB?= =?utf-8?B?bWNRV1Z1Y1VodDVtaHVQMStSNTFZMklkU0hYYWlwRlRUenVIcjA5SUpRY3dj?= =?utf-8?B?bXpuelhFSDlDbGRLdlkyNUoxN2ZLWE5hTWZXQ2hHeXZuZUpFN1g1UDBka1Fu?= =?utf-8?B?TXZRYU5qRUlpeEhzc2tmSUlMS3V3U0gxcWlzeXNVamVZTzdOQ1NJdHRRa2dh?= =?utf-8?B?Z0lWQ3BZR0JaNkFnU1VQTEs3N1BoOVd4TURZNDVTVTQwV3UzSkExWEdBLzBm?= =?utf-8?Q?XS9vj5NzYcWxOBFHcFwZ+TbPEntk+AQmwwpgwJR?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a521168-68a8-416a-38df-08d8d83ada7f X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3240.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Feb 2021 20:37:36.1996 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9+tgw98DK08QZK2dz+wGTGxJIbMGr8XCIZFv1RNNi7gtgj6QWpAW/gUkgF64rJnr3CBW1TwqSsl5Rr7z+yl5/efHs6s7cV+1CvMjhtAkLGU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR10MB4766 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9904 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxscore=0 spamscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102230174 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9904 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 malwarescore=0 spamscore=0 mlxscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102230174 X-Stat-Signature: 77xswenfx8j6yo36uj1muundqfqoe1xq X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 0CDEFA0000FD Received-SPF: none (oracle.com>: No applicable sender policy available) receiver=imf07; identity=mailfrom; envelope-from=""; helo=userp2120.oracle.com; client-ip=156.151.31.85 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614112660-538482 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2/23/2021 12:45 PM, Alex Williamson wrote: > On Tue, 23 Feb 2021 08:56:36 -0500 > Steven Sistare wrote: > >> On 2/22/2021 6:17 PM, Alex Williamson wrote: >>> On Mon, 22 Feb 2021 15:51:45 -0700 >>> Alex Williamson wrote: >>> >>>> On Mon, 22 Feb 2021 17:10:43 +0300 >>>> Dan Carpenter wrote: >>>> >>>>> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master >>>>> head: 37dfbfbdca66834bc0f64ec9b35e09ac6c8898da >>>>> commit: 0f53afa12baec8c00f5d1d6afb49325ada105253 [6931/12022] vfio/type1: unmap cleanup >>>> >>>> It's always the patches that claim no functional change... ;) >>>> >>>>> config: i386-randconfig-m021-20210222 (attached as .config) >>>>> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 >>>>> >>>>> If you fix the issue, kindly add following tag as appropriate >>>>> Reported-by: kernel test robot >>>>> Reported-by: Dan Carpenter >>>>> >>>>> New smatch warnings: >>>>> drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' >>>>> >>>>> vim +1093 drivers/vfio/vfio_iommu_type1.c >>>>> >>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1071 static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1072 struct vfio_iommu_type1_dma_unmap *unmap, >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1073 struct vfio_bitmap *bitmap) >>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1074 { >>>>> c086de818dd81c Kirti Wankhede 2016-11-17 1075 struct vfio_dma *dma, *dma_last = NULL; >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1076 size_t unmapped = 0, pgsize; >>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1077 int ret = -EINVAL, retries = 0; >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1078 unsigned long pgshift; >>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1079 dma_addr_t iova = unmap->iova; >>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1080 unsigned long size = unmap->size; >>>>> ^^^^^^^^^^^^^^^^^^ >>>>> >>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1081 >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1082 mutex_lock(&iommu->lock); >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1083 >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1084 pgshift = __ffs(iommu->pgsize_bitmap); >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1085 pgsize = (size_t)1 << pgshift; >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1086 >>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1087 if (iova & (pgsize - 1)) >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1088 goto unlock; >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1089 >>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1090 if (!size || size & (pgsize - 1)) >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1091 goto unlock; >>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1092 >>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 @1093 if (iova + size - 1 < iova || size > SIZE_MAX) >>>>> >>>>> size is unsigned long and SIZE_MAX is ULONG_MAX so "size > SIZE_MAX" >>>>> does not make sense. >>>> >>>> I think it made sense before the above commit, where unmap->size is a >>>> __u64 and a user could provide a value that exceeds SIZE_MAX on ILP32. >>>> Seems like the fix is probably to use a size_t for the local variable >>>> and restore this test to compare (unmap->size > SIZE_MAX). Steve? >>> >>> Actually it seems like VFIO_DMA_UNMAP_FLAG_ALL doesn't work when >>> PHYS_ADDR_MAX != SIZE_MAX (ex. x86 PAE - I think). >> >> It seems like PAE causes problems even before VFIO_DMA_UNMAP_FLAG_ALL. > > This wouldn't surprise me, I don't know of any actual non-64bit users > and pure 32bit support was only lightly validated ages ago. > >> In the previous vfio_dma_do_unmap code, the u64 unmap->size would be >> truncated when passed to vfio_find_dma. > > We would have failed with -EINVAL before we get there due to this > SIZE_MAX test. I think the existing (previous) PAE interface is at > least self consistent; I see the mapping path also attempts to check > that casting map->size as size_t still matches the original value. Good point, and it also checks for vaddr and iova overflow and wrap: vfio_dma_do_map() if (map->size != size || map->vaddr != vaddr || map->iova != iova) return -EINVAL; if (iova + size - 1 < iova || vaddr + size - 1 < vaddr) { ret = -EINVAL; With that, I don't see a problem with PAE, for unmap-all or otherwise. We just need "u64 size" in vfio_dma_do_unmap to avoid the smatch warning. - Steve >> For unmap, these fixes should suffice, and I would rather do this than >> disable the unmap-all flag for a corner case: >> >> vfio_dma_do_unmap() >> size_t unmapped = 0; >> unsigned long size = unmap->size; >> ==> >> u64 unmapped = 0; >> u64 size = unmap->size; >> >> static struct rb_node *vfio_find_dma_first_node( >> struct vfio_iommu *iommu, dma_addr_t start, size_t size) >> ==> >> static struct rb_node *vfio_find_dma_first_node( >> struct vfio_iommu *iommu, dma_addr_t start, u64 size) >> >> And maybe use dma_addr_t instead of u64 in the above (which is 64 bits for >> CONFIG_X86_PAE). >> >> However, there are other places in the existing code that need tweaking >> to be safe for PAE, the vfio_find_dma() size arg for one. > > Yes, it looks like the IOMMU aperture checking using vfio_find_dma() > could have issues where dma_addr_t > size_t. Do you want to propose a > patch? Thanks, > > Alex > >>> I can't say I'm >>> really interested in adding complexity to make it work in such a case >>> either. Maybe we can just not expose it, ex: >>> >>> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c >>> index ed03f3fcb07e..6b69a74b3db0 100644 >>> --- a/drivers/vfio/vfio_iommu_type1.c >>> +++ b/drivers/vfio/vfio_iommu_type1.c >>> @@ -1207,7 +1207,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>> int ret = -EINVAL, retries = 0; >>> unsigned long pgshift; >>> dma_addr_t iova = unmap->iova; >>> - unsigned long size = unmap->size; >>> + size_t size = unmap->size; >>> bool unmap_all = unmap->flags & VFIO_DMA_UNMAP_FLAG_ALL; >>> bool invalidate_vaddr = unmap->flags & VFIO_DMA_UNMAP_FLAG_VADDR; >>> struct rb_node *n, *first_n; >>> @@ -1228,7 +1228,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>> goto unlock; >>> } >>> >>> - if (iova + size - 1 < iova || size > SIZE_MAX) >>> + if (iova + size - 1 < iova || unmap->size > SIZE_MAX) >>> goto unlock; >>> >>> /* When dirty tracking is enabled, allow only min supported pgsize */ >>> @@ -2657,9 +2657,10 @@ static int vfio_iommu_type1_check_extension(struct vfio_iommu *iommu, >>> case VFIO_TYPE1_IOMMU: >>> case VFIO_TYPE1v2_IOMMU: >>> case VFIO_TYPE1_NESTING_IOMMU: >>> - case VFIO_UNMAP_ALL: >>> case VFIO_UPDATE_VADDR: >>> return 1; >>> + case VFIO_UNMAP_ALL: >>> + return PHYS_ADDR_MAX == SIZE_MAX ? 1 : 0; >>> case VFIO_DMA_CC_IOMMU: >>> if (!iommu) >>> return 0; >>> @@ -2868,6 +2869,10 @@ static int vfio_iommu_type1_unmap_dma(struct vfio_iommu *iommu, >>> VFIO_DMA_UNMAP_FLAG_VADDR))) >>> return -EINVAL; >>> >>> + if ((PHYS_ADDR_MAX != SIZE_MAX) && >>> + (unmap.flags & VFIO_DMA_UNMAP_FLAG_ALL)) >>> + return -EINVAL; >>> + >>> if (unmap.flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) { >>> unsigned long pgshift; >>> >>> >>> >>> >>> >>>>> Is the " - 1" intentional on the other overflow check? As in it's okay >>>>> to wrap around to zero but not further than that? Sometimes this is >>>>> intentional but it requires more subsystem expertise than I possess. >>>> >>>> Yes, since we're dealing with a start + length we need to account for >>>> the -1 in the end value, otherwise the user could never unmap the last >>>> page of the address space. Thanks for the report! >>>> >>>> Alex >>>> >>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1094 goto unlock; >>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1095 >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1096 /* When dirty tracking is enabled, allow only min supported pgsize */ >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1097 if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) && >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1098 (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) { >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1099 goto unlock; >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1100 } >>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1101 >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1102 WARN_ON((pgsize - 1) & PAGE_MASK); >>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1103 again: >>>>> 1ef3e2bc04223f Alex Williamson 2014-02-26 1104 /* >>>>> >>>>> --- >>>>> 0-DAY CI Kernel Test Service, Intel Corporation >>>>> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org >>>> >>> >> >