From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,MSGID_FROM_MTA_HEADER,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B957FC433E0 for ; Thu, 25 Feb 2021 15:25:38 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 167A464F14 for ; Thu, 25 Feb 2021 15:25:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 167A464F14 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 7F1EC6B007B; Thu, 25 Feb 2021 10:25:37 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 79F026B007D; Thu, 25 Feb 2021 10:25:37 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F29A6B007E; Thu, 25 Feb 2021 10:25:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0097.hostedemail.com [216.40.44.97]) by kanga.kvack.org (Postfix) with ESMTP id 45F206B007B for ; Thu, 25 Feb 2021 10:25:37 -0500 (EST) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id EAF7818041916 for ; Thu, 25 Feb 2021 15:25:36 +0000 (UTC) X-FDA: 77857164714.06.572DAAD Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) by imf13.hostedemail.com (Postfix) with ESMTP id 19C44E005F24 for ; Thu, 25 Feb 2021 15:25:26 +0000 (UTC) Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11PFOlFK159612; Thu, 25 Feb 2021 15:25:21 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2020-01-29; bh=OHiCVLTTDdFAwUyswoLOIbjN09wVQZgvTUJz4iLbJ1M=; b=aj5PMCie7zHKbUUBr4sttYyPdLq5ylTh+yNTSNjvC3UcXeIzeE0Xk+yFtJH5cGYM5Ds/ p4RksDc9hjCtbVuU9pXsN+3dMbYOlS7htdYRWmxgOt8o3YNLHGvcQ5h23n6oLzZdqtjD JAilvew+BXiX+mlKn5aA9q0WCNx4DmXLTMU/mMVqRzDTiRV/kWX6IwMUEhJ0s9VS0Dss /Oo9v/zIh7CSppKbpYniv7NWN3b0JWuBzKOt1Rw2joeP36wzXxpuKFIWuaTV46p6autY JS/52dgBRrY2qVQerZ7hex9u46AY2nyhYD/OFk2Q74hac4PvxmGtxPpR+aZ9tZpcEWpC Ug== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2120.oracle.com with ESMTP id 36ugq3nq6q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Feb 2021 15:25:21 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11PFAcu2033837; Thu, 25 Feb 2021 15:25:21 GMT Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2100.outbound.protection.outlook.com [104.47.55.100]) by userp3030.oracle.com with ESMTP id 36ucc1br8h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Feb 2021 15:25:21 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Md8QntdmpcjpKcda6WOomRQNp9zpUoVUZXZCVkW+JocJGMECoso7GQboMycKgkcVI778lWreu+eyDv+93Ep6fnaQyPOg6n2ztjc8/5ySZCwZ3Pbf29elSHvVbz9oro6/FkuiSfM95U9bBLAoyfpWV39xsog/uqSjGlp9m3Nzhu9k+eJnSJE6cF9ZKlI+DJ5f7EdPXAdtvdAGuqsruut0sy8z8EYxjR9thHiDe1hrDdl9XrAFWDQ08OO7R+l9mv6aWE1dP95SbdkeEFugGhm9/FL66ZWyL7Nk6/6EG/vgp6D4bf9igZIySQ3Kn2q+6atwcLATJbwmKZsYypObaSVWcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OHiCVLTTDdFAwUyswoLOIbjN09wVQZgvTUJz4iLbJ1M=; b=RbJcuNbm5rSf1jA9IO+jEzg8ugsr5rAbggzXieRwHGjgbQcWNr8wy9guEom2+qBQq7s9dgJ9H+5FyQdHDktXTybGy5ndFpywVy5h5FBCf+lftbiOJN5kEsE/F/5EL7vdw59PRD/EMC+Iyx8rVgvDd9xoMzA59/Ea4rE57Zq0QbqJv1IDKH7zDtQeYqFm9Vw7kLHdrYPyzvORkwQipBWxEicij99ieih3PKnSvpc33FzVjxQX7Co48C5OBTcYl4Z7Vei4/U94vb2a7ms+e97Tp+ld+ZSh/xcksd3NCm3Yc7/cW81Bve51eSnIsbog+piyI9D4XujBqE4/J7NQ6K4zpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OHiCVLTTDdFAwUyswoLOIbjN09wVQZgvTUJz4iLbJ1M=; b=JLlq/3H9J2OHDB4KBuNsP6tAHBo/cnsQJsMW/IsfS6A4fUuJpjFLJ2RkM0tq73NhMFVWKKZ4aauALPJtDYoQ+uk4bHFm1v1XQy+quen0Z42VgJwSc/pnw2NJw5QX2yOpbRX+3IgKd1QMZLMr4yhFVanKzQu9nGAWhuwEdpZ0Drg= Received: from BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) by BYAPR10MB2469.namprd10.prod.outlook.com (2603:10b6:a02:b0::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Thu, 25 Feb 2021 15:25:18 +0000 Received: from BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd]) by BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd%6]) with mapi id 15.20.3868.033; Thu, 25 Feb 2021 15:25:18 +0000 Subject: Re: [kbuild] [linux-next:master 6931/12022] drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' To: Alex Williamson Cc: Dan Carpenter , kbuild@lists.01.org, lkp@intel.com, kbuild-all@lists.01.org, Linux Memory Management List , Cornelia Huck References: <20210222141043.GW2222@kadam> <20210222155145.50e2d513@omen.home.shazbot.org> <20210222161753.7acc4e92@omen.home.shazbot.org> <20210223104535.17986dee@omen.home.shazbot.org> <6527a7db-3b13-2572-3450-157e7de598c0@oracle.com> <20210223141001.765ae37f@omen.home.shazbot.org> <57e47f93-e8f2-fdc6-ad26-dfb6bdbe3a25@oracle.com> <9b1b847d-502d-2d6d-6610-a43ff5c7ba26@oracle.com> <20210224155524.7371d438@omen.home.shazbot.org> From: Steven Sistare Organization: Oracle Corporation Message-ID: <7846d18a-36bd-6cfd-798c-3d6dc7ee1457@oracle.com> Date: Thu, 25 Feb 2021 10:25:16 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 In-Reply-To: <20210224155524.7371d438@omen.home.shazbot.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [24.62.106.7] X-ClientProxiedBy: SN2PR01CA0009.prod.exchangelabs.com (2603:10b6:804:2::19) To BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.92] (24.62.106.7) by SN2PR01CA0009.prod.exchangelabs.com (2603:10b6:804:2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Thu, 25 Feb 2021 15:25:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5fc5f077-efb3-4122-c4f8-08d8d9a18f11 X-MS-TrafficTypeDiagnostic: BYAPR10MB2469: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3wjzIJ6jxx3e4EkmVU8ta9QPa4y3e5OsSML3HaOaahxFuW5y8/CeWh4altcEDcnlSXxKL++ZltMzL6yZBo9/RlJfQIP4a0Qbo55a5A0t6RkLIyJcradf8pI1vIVTRBYPKqewQ0yv+g0X3Q2gW9dP0w0fk2b/yEKWfzPOt1P7wMuufZioS+5wtgp+RaIU0DTC0wm81OcIkB8XzfyKPxQpgJhCHLU3OQkXAmD3AM3Qae2f9VPKKxbO3uLhwRmsUC6kHqc7jxn2tfZh3bT/7iqUtUPUnmEe18Neh/kssPRQ6Akzg3rtKWXLcMOkSHFPS+h5SuTihIks564uUwDkcoSF6B5koZoS2u6/gGJ117NrHXWpac+YSVzJlL2XxvwmItnBj5a11OFztfiBFS624Xfnh+s6D22PAJCNBHQCYH0nzej12lYBZrJrEr6IUv5MXmrqmUbFLZC6zp1BnCCFG/hGIv5smmJB1NL7U/LDJLQ+OF4EstS3BCXju68T/PlY1BHRziT9ItkBF6r9veF+CS9AFUc/expWFUMfg5hlh2E57Dg16nFMOhHeRNMySpGDeUn+MDI1Vgbw9n4lyXrzFsQMcoPgtcTSq0VGGC8ZSlNoJZHKhYSo99t7kZMNGd6YeDiM2m16pJKx8fG2P/9xs0eZkVLHmhoVg5P2vOqwiLm9JDw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3240.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(39860400002)(396003)(366004)(376002)(346002)(136003)(4001150100001)(5660300002)(44832011)(83380400001)(31696002)(956004)(86362001)(6916009)(26005)(6486002)(478600001)(966005)(316002)(53546011)(8676002)(16576012)(66476007)(4326008)(2906002)(54906003)(31686004)(66556008)(2616005)(36916002)(36756003)(66946007)(186003)(16526019)(8936002)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?R21iUGkyNk1oeXhySy95eUxrQTBYYjRCSkl3czhtTHB5WFlTUG5yaEw1L29G?= =?utf-8?B?QVNORDRGQklRd0ZvNC9xOWtNUHVMbXhaK0hCT1dOTGVBSERNTXF6TWI2UUVk?= =?utf-8?B?bkFLVEIyajNEaFdZNEw4TGVpTnZGSWZYYmZybExvMkZlUUFWTWQ5bURaTDQ3?= =?utf-8?B?M1B2SG9CSmNuRGtwZ3dTSGNUd1NWbHhaQkRGc0ZwWDYwRXNzY1hoOXJiZUk0?= =?utf-8?B?RnZyZVBCS3JrV1h6cE1CMjF6MlRCZmdZamdMcUZzdGd6SnppbEh6aWp5b2xl?= =?utf-8?B?b0xOcXVNc2s3Tmd4RmdNQjlWVU5UK0cvcWRyalBrdGhtNTRPODA0cWZEeEpM?= =?utf-8?B?Mk0wTlRFKytDT2F3U2RrV2Yxa3BLclplNHNrV2tGVmxaaDVOZC9VK1hYK0RD?= =?utf-8?B?WERLVmZqdlp5ZTVzUUIxQm52S2FvL2hNODNvL3RtRllicU9pUWkzL0taUWIy?= =?utf-8?B?dnJiQUgwdUg2NlZRdmdLUDdqbEZRZWNmVGJ6UWovK0hhd2s4MGtlbUVpdUVS?= =?utf-8?B?aEZEd3VYcEh2MmVkT2ZwTHBEYy9Gc3U1RnM5eWFFNzRzNDB5VStzMjl6QmQr?= =?utf-8?B?ZGpSUDRUVTRBWTlKNWdkdjBCOXFnVFUwc1pVbFNIWjZjWlFMZi9HU3pzQ1hL?= =?utf-8?B?bzJnV1pHMCswalMrRHdFcmVjZGV1M0pEV1R1bVlRdmdvRUdVemlqWjI5MnJn?= =?utf-8?B?Q0dPMkpIZkRvSk8vV3pHd2k1Y21QRlljMVg2N21UcjVldjI5YzgySHhIai9G?= =?utf-8?B?d1lWSVZHNkh0cWRIdEZmancyNlJ6bmZ5WU81eDlGV1hGQlpRcTUyYW04OWVK?= =?utf-8?B?WGFpMXEyWllDUU5PYUdtZHlyMkJleE9KbGJTckhZS0UwTmdkUGExWXUyZDhF?= =?utf-8?B?OFV4cHBtbkRqYU9mT3VSbG1JWVdQcG5nMGdHYkI4MFhLL2t6ZjZUUmN4alBp?= =?utf-8?B?L3l4N0lVZVpvMmJCT3B4enMyalVtb3hEWnJNOFVjRnNhdUpSN2RuV3ZEZlBE?= =?utf-8?B?NGtFcDR5dTFxSUh5L3Vxa3kzNlNlZS9wdmcyb215emFjR2oyaXZFaDdVcllZ?= =?utf-8?B?VTc4bHhXeEdJQ0V3RHVVS0MvZWNTWm5vSDd2dzRrL0RWblZnbUtvT0IxS2h0?= =?utf-8?B?VUNoS0lqZnVYTFB5NTEzaWt4S3NlZWlyeXM4c0V6bHFOcW5yY0szUitvZFJo?= =?utf-8?B?ZHlOOGtxWXdYV3hZN3hrMUdhcm1RYVdzWmRXakR2R0xKSWx0TWdZM2hITUxt?= =?utf-8?B?Y1BHNTYwMXlmWEdiNzFkMVdtbXpyZnk0Q0JhdFY1bVU1N3QzcGYwSFE3RGFx?= =?utf-8?B?bkZKWm5pbHplT2g1SVBBcW5RSlYzeHo4TTR5OVFJTm5Mc1lNajB4UGVmS1dq?= =?utf-8?B?aDZrMFE2dFV0UWJnbURVM3diRGpzYTJzdEQrN1BtYnNkd0xQTEViY3FCM09x?= =?utf-8?B?YTB0cnRmMVJyd2IxMlJzSktzYldtNlhVTUtWZjRmelB4dFlRRWYyYXhSRkt4?= =?utf-8?B?c1BsY1d3ODFWWW16bDY3dmd2Tmtkbi85OGo4OURSZXJkTTNGTGRUempuSE1o?= =?utf-8?B?QzNaWDEwWEEycytDSEZmQkRZUTcvWjRBL2RtL283SWxEVk1oQlJKYjFnWlQ3?= =?utf-8?B?eUVJY0NiUnNDY1U2dUtEV2xHWGg5OEs3VzVvRlhrWFROZEVsY094QlVUR3Qv?= =?utf-8?B?bWhjdTJyYlEwWjZoWDBYbFRZbFFZQ1YwTHF0MUNab0lBaDVDdGFKdGYyN2RG?= =?utf-8?Q?4MtdhHVNYNMxM7t8ov8g3KlRj9ApEgz6pcfX3ww?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5fc5f077-efb3-4122-c4f8-08d8d9a18f11 X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3240.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2021 15:25:18.8152 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CF6E8B8Nsi1/aXcww0Kym9ZEUikPOPwE+LqOH997SxmkJYtPgqm9iPFgNlsLMWy6wJH6OaCJCA6DtShNt64fRIXKGm/eRqa5h07sctdfDko= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR10MB2469 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9905 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 adultscore=0 phishscore=0 spamscore=0 suspectscore=0 bulkscore=0 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102250124 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9905 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 malwarescore=0 spamscore=0 mlxscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102250125 X-Stat-Signature: j7gxob3d7rt1r9znmo1q3hxi56dciyyw X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 19C44E005F24 Received-SPF: none (oracle.com>: No applicable sender policy available) receiver=imf13; identity=mailfrom; envelope-from=""; helo=userp2120.oracle.com; client-ip=156.151.31.85 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614266726-475657 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2/24/2021 5:55 PM, Alex Williamson wrote: > On Tue, 23 Feb 2021 18:58:18 -0500 > Steven Sistare wrote: > >> On 2/23/2021 4:52 PM, Steven Sistare wrote: >>> On 2/23/2021 4:10 PM, Alex Williamson wrote: >>>> On Tue, 23 Feb 2021 15:37:31 -0500 >>>> Steven Sistare wrote: >>>> >>>>> On 2/23/2021 12:45 PM, Alex Williamson wrote: >>>>>> On Tue, 23 Feb 2021 08:56:36 -0500 >>>>>> Steven Sistare wrote: >>>>>> >>>>>>> On 2/22/2021 6:17 PM, Alex Williamson wrote: >>>>>>>> On Mon, 22 Feb 2021 15:51:45 -0700 >>>>>>>> Alex Williamson wrote: >>>>>>>> >>>>>>>>> On Mon, 22 Feb 2021 17:10:43 +0300 >>>>>>>>> Dan Carpenter wrote: >>>>>>>>> >>>>>>>>>> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master >>>>>>>>>> head: 37dfbfbdca66834bc0f64ec9b35e09ac6c8898da >>>>>>>>>> commit: 0f53afa12baec8c00f5d1d6afb49325ada105253 [6931/12022] vfio/type1: unmap cleanup >>>>>>>>> >>>>>>>>> It's always the patches that claim no functional change... ;) >>>>>>>>> >>>>>>>>>> config: i386-randconfig-m021-20210222 (attached as .config) >>>>>>>>>> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 >>>>>>>>>> >>>>>>>>>> If you fix the issue, kindly add following tag as appropriate >>>>>>>>>> Reported-by: kernel test robot >>>>>>>>>> Reported-by: Dan Carpenter >>>>>>>>>> >>>>>>>>>> New smatch warnings: >>>>>>>>>> drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' >>>>>>>>>> >>>>>>>>>> vim +1093 drivers/vfio/vfio_iommu_type1.c >>>>>>>>>> >>>>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1071 static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>>>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1072 struct vfio_iommu_type1_dma_unmap *unmap, >>>>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1073 struct vfio_bitmap *bitmap) >>>>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1074 { >>>>>>>>>> c086de818dd81c Kirti Wankhede 2016-11-17 1075 struct vfio_dma *dma, *dma_last = NULL; >>>>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1076 size_t unmapped = 0, pgsize; >>>>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1077 int ret = -EINVAL, retries = 0; >>>>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1078 unsigned long pgshift; >>>>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1079 dma_addr_t iova = unmap->iova; >>>>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1080 unsigned long size = unmap->size; >>>>>>>>>> ^^^^^^^^^^^^^^^^^^ >>>>>>>>>> >>>>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1081 >>>>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1082 mutex_lock(&iommu->lock); >>>>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1083 >>>>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1084 pgshift = __ffs(iommu->pgsize_bitmap); >>>>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1085 pgsize = (size_t)1 << pgshift; >>>>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1086 >>>>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1087 if (iova & (pgsize - 1)) >>>>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1088 goto unlock; >>>>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1089 >>>>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1090 if (!size || size & (pgsize - 1)) >>>>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1091 goto unlock; >>>>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1092 >>>>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 @1093 if (iova + size - 1 < iova || size > SIZE_MAX) >>>>>>>>>> >>>>>>>>>> size is unsigned long and SIZE_MAX is ULONG_MAX so "size > SIZE_MAX" >>>>>>>>>> does not make sense. >>>>>>>>> >>>>>>>>> I think it made sense before the above commit, where unmap->size is a >>>>>>>>> __u64 and a user could provide a value that exceeds SIZE_MAX on ILP32. >>>>>>>>> Seems like the fix is probably to use a size_t for the local variable >>>>>>>>> and restore this test to compare (unmap->size > SIZE_MAX). Steve? >>>>>>>> >>>>>>>> Actually it seems like VFIO_DMA_UNMAP_FLAG_ALL doesn't work when >>>>>>>> PHYS_ADDR_MAX != SIZE_MAX (ex. x86 PAE - I think). >>>>>>> >>>>>>> It seems like PAE causes problems even before VFIO_DMA_UNMAP_FLAG_ALL. >>>>>> >>>>>> This wouldn't surprise me, I don't know of any actual non-64bit users >>>>>> and pure 32bit support was only lightly validated ages ago. >>>>>> >>>>>>> In the previous vfio_dma_do_unmap code, the u64 unmap->size would be >>>>>>> truncated when passed to vfio_find_dma. >>>>>> >>>>>> We would have failed with -EINVAL before we get there due to this >>>>>> SIZE_MAX test. I think the existing (previous) PAE interface is at >>>>>> least self consistent; I see the mapping path also attempts to check >>>>>> that casting map->size as size_t still matches the original value. >>>>> >>>>> Good point, and it also checks for vaddr and iova overflow and wrap: >>>>> >>>>> vfio_dma_do_map() >>>>> if (map->size != size || map->vaddr != vaddr || map->iova != iova) >>>>> return -EINVAL; >>>>> if (iova + size - 1 < iova || vaddr + size - 1 < vaddr) { >>>>> ret = -EINVAL; >>>>> >>>>> With that, I don't see a problem with PAE, for unmap-all or otherwise. >>>>> We just need "u64 size" in vfio_dma_do_unmap to avoid the smatch warning. >>>> >>>> I'm not convinced. My understanding is that on PAE phys_addr_t is >>>> 64-bit while size_t is 32-bit. dma_addr_t (iova above) seems to follow >>>> phys_addr_t. That suggests to me that our {un}map.iova lives in a >>>> 64-bit address space, but each mapping is limited to 32-bits. The >>> >>> OK, the "map->iova != iova" test does not help because dma_addr_t is 64-bit. My bad. >>> So, I re-propose my fix for unmap-all from previous email. >>> >>> I am not keen on proposing a fix for the potential legacy bugs, vfio_find_dma() and >>> its callers, if no one is reporting bugs and no one uses it with vfio. It has the >>> potential for regression with no upside. >> >> ... but there are no legacy bugs because size is constrained to 32-bits in do_map as >> you pointed out, so all calls to vfio_find_dma are safe. > > Right, all legacy call paths are ok afaict, but the unmap-all flag > can't reach any mappings if there are none below an iova of SIZE_MAX. > We should either fix vfio_find_first_dma_node() for this scenario or > disable unmap-all where this is a possibility. Thanks, Changing size to u64 and using U64_MAX as the upper bound should do the trick: diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c index 6cf1dad..b1be0a6 100644 --- a/drivers/vfio/vfio_iommu_type1.c +++ b/drivers/vfio/vfio_iommu_type1.c @@ -181,7 +181,7 @@ static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu, } static struct rb_node *vfio_find_dma_first_node(struct vfio_iommu *iommu, - dma_addr_t start, size_t size) + dma_addr_t start, u64 size) { struct rb_node *res = NULL; struct rb_node *node = iommu->dma_list.rb_node; @@ -1184,7 +1184,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, int ret = -EINVAL, retries = 0; unsigned long pgshift; dma_addr_t iova = unmap->iova; - unsigned long size = unmap->size; + u64 size = unmap->size; bool unmap_all = unmap->flags & VFIO_DMA_UNMAP_FLAG_ALL; bool invalidate_vaddr = unmap->flags & VFIO_DMA_UNMAP_FLAG_VADDR; struct rb_node *n, *first_n; @@ -1200,14 +1200,12 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, if (unmap_all) { if (iova || size) goto unlock; - size = SIZE_MAX; - } else if (!size || size & (pgsize - 1)) { + size = U64_MAX; + } else if (!size || size & (pgsize - 1) || + iova + size - 1 < iova || size > SIZE_MAX) { goto unlock; } - if (iova + size - 1 < iova || size > SIZE_MAX) - goto unlock; - /* When dirty tracking is enabled, allow only min supported pgsize */ if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) && (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) {