From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,MSGID_FROM_MTA_HEADER,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17ED3C433E0 for ; Tue, 23 Feb 2021 23:58:31 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 84C5D64EC3 for ; Tue, 23 Feb 2021 23:58:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 84C5D64EC3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 226268D0001; Tue, 23 Feb 2021 18:58:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1D6976B006E; Tue, 23 Feb 2021 18:58:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0A00C8D0001; Tue, 23 Feb 2021 18:58:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0028.hostedemail.com [216.40.44.28]) by kanga.kvack.org (Postfix) with ESMTP id E332C6B006C for ; Tue, 23 Feb 2021 18:58:29 -0500 (EST) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id B197E180177FF for ; Tue, 23 Feb 2021 23:58:29 +0000 (UTC) X-FDA: 77851199538.30.74F71F5 Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) by imf23.hostedemail.com (Postfix) with ESMTP id 6DF82A0009E8 for ; Tue, 23 Feb 2021 23:58:28 +0000 (UTC) Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11NNtPUe144200; Tue, 23 Feb 2021 23:58:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : references : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2020-01-29; bh=7J77fgs+CZXcpEeJD1CN0aUHRmfsTa5WMj2cC9CS13w=; b=EQQeTRRhREV5mP9sv5VzB9jUciNg99G/Fnoj91At3CoB8ekdy875paOR0K7mMzBJlJRz GeBTlIof2UEKyDPk8yRb//WsdIj5M//worbAGN+oMvVEYsZZUnI3M1SyrI9WRpzU6SLh nw2pM6CKKSka+V/skOBDCAAIjC1JHaaunLDpEEMhg6Y+MMIv8OrvmqhROa1P7pScWHps e1zc4++Rl4dyztPN59K1K6Yg5puRSwmGjd1pb9S7Fqvb4Obq7HLadEgjaltIn/RMkA3V 7gb5nw2LMjaTsM2RH4OTcp4T0lqE2Rlu8vZx+daO2/3f4apwtbi5OGaXci/Ieubaf4Kq PA== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2130.oracle.com with ESMTP id 36tsur18as-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Feb 2021 23:58:26 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11NNuUHv005174; Tue, 23 Feb 2021 23:58:26 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2108.outbound.protection.outlook.com [104.47.58.108]) by userp3030.oracle.com with ESMTP id 36ucby5mq1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Feb 2021 23:58:25 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YLIuZYYmT+plA6at9pUQe/JnNWhNVWsg3Ux7/mVghjg/VQ5nAe87OFkPE7v28jYpwGDNIHrdQPWr6k56SVyGJtu9k7xWWrfbvjQLMXA4wErPj72RbbBRV5+uYPuM1F5I1lclkTfLN3LdK18yi5TnBl1G3wgpBEKB1KFx8jc723MY30GX1xAidzzli4V51Yc7ccq1T4jT+6NSMIIk110GHThzD8JUpDzLxNk7bdz3ryPm7jT4ng6hsA4TZleT+JW3JLGGjBsim1U2tlsksVj2sFAqBeOiGkCb28UBqzQewIzWSAeRRE3vXhtDFimUnsvrwoKHWvI/7qaaQXNb/t4UOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7J77fgs+CZXcpEeJD1CN0aUHRmfsTa5WMj2cC9CS13w=; b=Xtg8US5mcWG77EwUt1jECw+x/6elzczj+r5QjvDPNj/tFrhTjQ+aOtuLFb+S8stU2NhNiaD92oO7D1oGaXjLGAU9QARSmVNMMxK1sodTz5PeLKfQgV0hBUVV59V4dPsCKZeCDYABkPh6mjNHqwi54SQVBv/G7eRNIsl7X9CEjc4G5eWBOkcqhWsPgq9Ru0kYxNOdijM2tQeNwBH/t1UJRrxhlw9m+eWAAuxWcpZt3lVmGAx8Iia69DApzNkaaNCOkzcd53AuAWYBUn6vq8h/RUn94Vz766o06bN41xRXD58CFLWG8Chnk14GDgOkEACBTaGmPKAnvGO14S6rgt3V1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7J77fgs+CZXcpEeJD1CN0aUHRmfsTa5WMj2cC9CS13w=; b=EF7FEX4YslQRRPM6zL9n4Ke9j6yE7nsjph44UVrS3uKdAB2wx8NvEcSNwyi6TWUHm+Rd9RBlq1qfJQUfnzgtL5a2o9myHXOK1nbY7FJSAA/S/HPRg6Rr3rdNtenvo3fmDIBZ3U4YbRlP1yvkmcNQvqYx0NozAS/ZpnqHNuZlDPI= Received: from BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) by BYAPR10MB3063.namprd10.prod.outlook.com (2603:10b6:a03:89::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.33; Tue, 23 Feb 2021 23:58:23 +0000 Received: from BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd]) by BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd%6]) with mapi id 15.20.3868.033; Tue, 23 Feb 2021 23:58:23 +0000 Subject: Re: [kbuild] [linux-next:master 6931/12022] drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' From: Steven Sistare To: Alex Williamson Cc: Dan Carpenter , kbuild@lists.01.org, lkp@intel.com, kbuild-all@lists.01.org, Linux Memory Management List , Cornelia Huck References: <20210222141043.GW2222@kadam> <20210222155145.50e2d513@omen.home.shazbot.org> <20210222161753.7acc4e92@omen.home.shazbot.org> <20210223104535.17986dee@omen.home.shazbot.org> <6527a7db-3b13-2572-3450-157e7de598c0@oracle.com> <20210223141001.765ae37f@omen.home.shazbot.org> <57e47f93-e8f2-fdc6-ad26-dfb6bdbe3a25@oracle.com> Organization: Oracle Corporation Message-ID: <9b1b847d-502d-2d6d-6610-a43ff5c7ba26@oracle.com> Date: Tue, 23 Feb 2021 18:58:18 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 In-Reply-To: <57e47f93-e8f2-fdc6-ad26-dfb6bdbe3a25@oracle.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [24.62.106.7] X-ClientProxiedBy: BL1PR13CA0207.namprd13.prod.outlook.com (2603:10b6:208:2be::32) To BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.92] (24.62.106.7) by BL1PR13CA0207.namprd13.prod.outlook.com (2603:10b6:208:2be::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.12 via Frontend Transport; Tue, 23 Feb 2021 23:58:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a223675f-b408-40f4-4ea0-08d8d856e739 X-MS-TrafficTypeDiagnostic: BYAPR10MB3063: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YVbLxRUDWqdfF0AKm9f2RavoV9HfNKcMTruwGVUzyvrLLbcILgDvyYvsese3GSn2ydYYsz57WU8MFPVoaLilTtFe7Z4d9Lv+dSUvN5hKAD6cJZUtYoPzZ4PFqBIcOTyvAsDAKSgUCuWg/qVgtv4WvcMxnJ8TPxWrCPtuTWLQ8pegiCdKfK84NIax5/bgDVDk/dtXkvPm7MiURdsyEkE6VzV+NIfT+ugYCihDg/QCxwFHA2egjnYU92SPfIKeXmHeoYwHNdtz5C4WiS2PSjH0mSVGv2YPC4IWD05vTIlR2y4MuH+vjQWghW9gBYspyYw420Iq/WidTBBrRhV2xfKWAX++qHrBPedhfYkcxGqA7Riojc705ywlxxa0XeXF16eeV7wp+Qi1ea65L6Wo7V6YInu55hsmWqTTMVzzycMGgPSLMbvASbAB5AYT/PTcWeZ+jqUq9iRco3i3ykOAp40wrWkIuRw7dTIe5YDFUrukwt8wKLmX0FxlGWFgwttBad2sdcI/Hovthkr7Thu1pJCQKdlCYdXtL1qrzm4HVjuChrs8hUSnXpn0aV/9s8xL8WTKmz8lz4Eg/pmsa024uRWzS/P8RSelOtBRSnT7X4vDdaGc3Y8449xGA1rRnDQ/Sqo98xiOYd1lA6DJ8RKa5vOZ0HoSRvjAiZks1AbiTkGDCFW9DIPPyIXl6NeX4kJwjMmv X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3240.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(346002)(366004)(39860400002)(136003)(376002)(66556008)(966005)(8676002)(31696002)(186003)(4326008)(956004)(83380400001)(36756003)(5660300002)(16576012)(66946007)(30864003)(66476007)(44832011)(54906003)(316002)(2906002)(6666004)(26005)(2616005)(36916002)(6916009)(53546011)(16526019)(31686004)(4001150100001)(86362001)(6486002)(8936002)(478600001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?WXk2Z3BwMGozSWFXUTNpWFMyL3ZnUUxFMkVTaGxFRU1tMm1ZWTdpYjhEVUVE?= =?utf-8?B?cUNwcEk2N3pmcUxpSU9ITFdLRnVYa21XcnA2eGwzeDN4bkc0emtYdVNmTUJI?= =?utf-8?B?OHBnNU5SNDdkRkdqcVhSMTE1UGE0ZTBhTGN5ZVBTNzBKTW1taUNwVG02UjRS?= =?utf-8?B?a2tqMnprU25sYXBYUUlPUFBpNk45QlZmMU5IUkNtaEdhVndlMThGeWs5eDFB?= =?utf-8?B?akpJMC9ObFh4dG45S1M4c29EeWhNZ1lLTm5OMlV1RWw1VGsyYUhCNVZxRGZy?= =?utf-8?B?WFZORzBCM1pIV1o2V3hjam5DUVZVQVU1MWpLRFhTcTY5NG1CSHVtUHFFVFJm?= =?utf-8?B?V3BqR3NhZ3NkUlp5UmVyaUxrcnl2cFE2S3BXNkpJNUk1dGN3c0hvWmRTZmNX?= =?utf-8?B?bC8yOS8vOEVBZkdVblhRaTdSKzdNRlY4c3BBNmZuY21SSFFTTU1TVFBDUFp3?= =?utf-8?B?OERxM2dlZXpweUM4VUxlQWFBMFZxd1VnRmZ3cVVPZmFEK1dFUHdWUFYrRVQ5?= =?utf-8?B?dnkzUFl2YmFUQlpWUHBMaFhUd3ZPUW5tRjFSYTlBblQvcURJcXA1WmpIWUxY?= =?utf-8?B?aGMrN1RRM2Y3SHBKMlM3M3luZnNiTmFSU2xTRjlYdyt1aUJwSmd3OGdiYVRh?= =?utf-8?B?dzhqY2lsa014cDBqVWtsYTlZMzVMSnc0bVN6RXdtTTZYd0N3VnhIQnhIelBj?= =?utf-8?B?QWI5cDFkN0hXaTN5S0I4Z2N3dlNTTVZVMW5jRnRpU3ErZkhpYjYrWG5qdDE3?= =?utf-8?B?VUZpek9MTmFGMEQxTVhjMG1SWjdjSFQ5R2tEa1dCZnpCZm9Vd2lleUUrNzNh?= =?utf-8?B?N3V1SWtpYjZVd2dnY2wrZjBiSFQxZlVGeDJ3NmVSNTRwZndkMk5DeHI4UEFO?= =?utf-8?B?Z1o3emhIZy9ncXFiMUU3Wi9yaXJ1cEtrWkxUV0pPd2p1WnRldEo5Vk1UQ3Zv?= =?utf-8?B?QlBSaEhvVmZjRDdzdzFvSkg5TnZRNG9yeUFHMXZvSVhMcWRZOVpWbkJuMGx4?= =?utf-8?B?UXBKTWF5VlJPbFcrckI2cGhDVDJaV3R6Qk1xSHEreWJNY25CSCtPWHRsOE1N?= =?utf-8?B?V29DNnlZVE5wM20xbU1vL3JHWlB2bTJ6R3dQWERaY3hRdGF6aG5GMjVndS9q?= =?utf-8?B?dU5GVUdPbWxlVzU2c2FNVmF6UU9DQWdtc0RBVkhWLytZTC9ERUJuNTBqdlJL?= =?utf-8?B?dldIVXBSOVYyU2N1WXJ5L3BNWno4TFhlRGtEUXJwZE1ORWNnVFpoVjR1dHhZ?= =?utf-8?B?UjRROGNCRmx1K25PQno4MTdjVXQ3bE5Fekdla0lCYnJVUVhubGE2UU1sUEJC?= =?utf-8?B?R1A5M2pUUjVLeUFJLzRZZUozeHdJODJSK3lwT0RkRllnMHFueDRMcStIZ3F4?= =?utf-8?B?K1IyUXdicklOVnVESzVXU0Zlb0w2alQ0ME1Jdy9VcmhHWDZPRTFBTEJMUWNV?= =?utf-8?B?dk1KRmxVODExaTd1eFpVcCthakc4RDQwc2FvSE5sdGJUbXNEMzBmQjJEeXoy?= =?utf-8?B?UStKd0M3UEJKaTRGendtV3BmeDhrSG1tSjA4MjlacGRja3VYVDFlMHU2UXFK?= =?utf-8?B?WEZGSlowK0loMVpKRTJjdGdhNVlxYlBEOHVNeEpnbXlyY1RhR0ZTTUxkN040?= =?utf-8?B?SGowczlySnZwdWU3VDF2TTBnaytJRS9zVGZhMUptTzVJVUdUMjF2dVByazA1?= =?utf-8?B?eXl4am5KbTE4WVdObFBFVHpISzRFbU50R2h4TEh4MXJpTzByQklRTkIxYXNW?= =?utf-8?Q?bppOe708stQEQg+EDtSlWOv+e/FsdebJl2LagSP?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: a223675f-b408-40f4-4ea0-08d8d856e739 X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3240.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Feb 2021 23:58:23.5062 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: c/VEIyoxouv3Ar0fjlXlkd+FKpCBGTHA0rHPwZFDmETJefM5sgUOVBGrlHYjmOtgZvs09hlPAX9D1alXfXwmFWRp3gpcCJ6dl7JCMV8Z0aI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR10MB3063 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9904 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 adultscore=0 phishscore=0 spamscore=0 suspectscore=0 bulkscore=0 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102230202 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9904 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 spamscore=0 priorityscore=1501 impostorscore=0 bulkscore=0 mlxscore=0 malwarescore=0 clxscore=1015 phishscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102230202 X-Stat-Signature: cuudctxt3wq8auhgats11cnjp8xrbfji X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 6DF82A0009E8 Received-SPF: none (oracle.com>: No applicable sender policy available) receiver=imf23; identity=mailfrom; envelope-from=""; helo=userp2130.oracle.com; client-ip=156.151.31.86 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614124708-25385 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2/23/2021 4:52 PM, Steven Sistare wrote: > On 2/23/2021 4:10 PM, Alex Williamson wrote: >> On Tue, 23 Feb 2021 15:37:31 -0500 >> Steven Sistare wrote: >> >>> On 2/23/2021 12:45 PM, Alex Williamson wrote: >>>> On Tue, 23 Feb 2021 08:56:36 -0500 >>>> Steven Sistare wrote: >>>> >>>>> On 2/22/2021 6:17 PM, Alex Williamson wrote: >>>>>> On Mon, 22 Feb 2021 15:51:45 -0700 >>>>>> Alex Williamson wrote: >>>>>> >>>>>>> On Mon, 22 Feb 2021 17:10:43 +0300 >>>>>>> Dan Carpenter wrote: >>>>>>> >>>>>>>> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master >>>>>>>> head: 37dfbfbdca66834bc0f64ec9b35e09ac6c8898da >>>>>>>> commit: 0f53afa12baec8c00f5d1d6afb49325ada105253 [6931/12022] vfio/type1: unmap cleanup >>>>>>> >>>>>>> It's always the patches that claim no functional change... ;) >>>>>>> >>>>>>>> config: i386-randconfig-m021-20210222 (attached as .config) >>>>>>>> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 >>>>>>>> >>>>>>>> If you fix the issue, kindly add following tag as appropriate >>>>>>>> Reported-by: kernel test robot >>>>>>>> Reported-by: Dan Carpenter >>>>>>>> >>>>>>>> New smatch warnings: >>>>>>>> drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' >>>>>>>> >>>>>>>> vim +1093 drivers/vfio/vfio_iommu_type1.c >>>>>>>> >>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1071 static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1072 struct vfio_iommu_type1_dma_unmap *unmap, >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1073 struct vfio_bitmap *bitmap) >>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1074 { >>>>>>>> c086de818dd81c Kirti Wankhede 2016-11-17 1075 struct vfio_dma *dma, *dma_last = NULL; >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1076 size_t unmapped = 0, pgsize; >>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1077 int ret = -EINVAL, retries = 0; >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1078 unsigned long pgshift; >>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1079 dma_addr_t iova = unmap->iova; >>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1080 unsigned long size = unmap->size; >>>>>>>> ^^^^^^^^^^^^^^^^^^ >>>>>>>> >>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1081 >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1082 mutex_lock(&iommu->lock); >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1083 >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1084 pgshift = __ffs(iommu->pgsize_bitmap); >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1085 pgsize = (size_t)1 << pgshift; >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1086 >>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1087 if (iova & (pgsize - 1)) >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1088 goto unlock; >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1089 >>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 1090 if (!size || size & (pgsize - 1)) >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1091 goto unlock; >>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1092 >>>>>>>> 0f53afa12baec8 Steve Sistare 2021-01-29 @1093 if (iova + size - 1 < iova || size > SIZE_MAX) >>>>>>>> >>>>>>>> size is unsigned long and SIZE_MAX is ULONG_MAX so "size > SIZE_MAX" >>>>>>>> does not make sense. >>>>>>> >>>>>>> I think it made sense before the above commit, where unmap->size is a >>>>>>> __u64 and a user could provide a value that exceeds SIZE_MAX on ILP32. >>>>>>> Seems like the fix is probably to use a size_t for the local variable >>>>>>> and restore this test to compare (unmap->size > SIZE_MAX). Steve? >>>>>> >>>>>> Actually it seems like VFIO_DMA_UNMAP_FLAG_ALL doesn't work when >>>>>> PHYS_ADDR_MAX != SIZE_MAX (ex. x86 PAE - I think). >>>>> >>>>> It seems like PAE causes problems even before VFIO_DMA_UNMAP_FLAG_ALL. >>>> >>>> This wouldn't surprise me, I don't know of any actual non-64bit users >>>> and pure 32bit support was only lightly validated ages ago. >>>> >>>>> In the previous vfio_dma_do_unmap code, the u64 unmap->size would be >>>>> truncated when passed to vfio_find_dma. >>>> >>>> We would have failed with -EINVAL before we get there due to this >>>> SIZE_MAX test. I think the existing (previous) PAE interface is at >>>> least self consistent; I see the mapping path also attempts to check >>>> that casting map->size as size_t still matches the original value. >>> >>> Good point, and it also checks for vaddr and iova overflow and wrap: >>> >>> vfio_dma_do_map() >>> if (map->size != size || map->vaddr != vaddr || map->iova != iova) >>> return -EINVAL; >>> if (iova + size - 1 < iova || vaddr + size - 1 < vaddr) { >>> ret = -EINVAL; >>> >>> With that, I don't see a problem with PAE, for unmap-all or otherwise. >>> We just need "u64 size" in vfio_dma_do_unmap to avoid the smatch warning. >> >> I'm not convinced. My understanding is that on PAE phys_addr_t is >> 64-bit while size_t is 32-bit. dma_addr_t (iova above) seems to follow >> phys_addr_t. That suggests to me that our {un}map.iova lives in a >> 64-bit address space, but each mapping is limited to 32-bits. The > > OK, the "map->iova != iova" test does not help because dma_addr_t is 64-bit. My bad. > So, I re-propose my fix for unmap-all from previous email. > > I am not keen on proposing a fix for the potential legacy bugs, vfio_find_dma() and > its callers, if no one is reporting bugs and no one uses it with vfio. It has the > potential for regression with no upside. ... but there are no legacy bugs because size is constrained to 32-bits in do_map as you pointed out, so all calls to vfio_find_dma are safe. - Steve >> unmap-all logic only looks for a first entry to unmap in the >> [0..SIZE_MAX] range. If an entry happens to exist there, we'll unmap >> everything, but the user would have no requirement to have a mapping >> within that range, their first mapping could exist at iova = (SIZE_MAX >> + 1). So unmap-all would effectively need a special case to use >> rb_first(), which mostly negates the reason we added >> vfio_find_dma_first_node(). Right? Thanks, >> >> Alex >> >> >>>>> For unmap, these fixes should suffice, and I would rather do this than >>>>> disable the unmap-all flag for a corner case: >>>>> >>>>> vfio_dma_do_unmap() >>>>> size_t unmapped = 0; >>>>> unsigned long size = unmap->size; >>>>> ==> >>>>> u64 unmapped = 0; >>>>> u64 size = unmap->size; >>>>> >>>>> static struct rb_node *vfio_find_dma_first_node( >>>>> struct vfio_iommu *iommu, dma_addr_t start, size_t size) >>>>> ==> >>>>> static struct rb_node *vfio_find_dma_first_node( >>>>> struct vfio_iommu *iommu, dma_addr_t start, u64 size) >>>>> >>>>> And maybe use dma_addr_t instead of u64 in the above (which is 64 bits for >>>>> CONFIG_X86_PAE). >>>>> >>>>> However, there are other places in the existing code that need tweaking >>>>> to be safe for PAE, the vfio_find_dma() size arg for one. >>>> >>>> Yes, it looks like the IOMMU aperture checking using vfio_find_dma() >>>> could have issues where dma_addr_t > size_t. Do you want to propose a >>>> patch? Thanks, >>>> >>>> Alex >>>> >>>>>> I can't say I'm >>>>>> really interested in adding complexity to make it work in such a case >>>>>> either. Maybe we can just not expose it, ex: >>>>>> >>>>>> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c >>>>>> index ed03f3fcb07e..6b69a74b3db0 100644 >>>>>> --- a/drivers/vfio/vfio_iommu_type1.c >>>>>> +++ b/drivers/vfio/vfio_iommu_type1.c >>>>>> @@ -1207,7 +1207,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>>>>> int ret = -EINVAL, retries = 0; >>>>>> unsigned long pgshift; >>>>>> dma_addr_t iova = unmap->iova; >>>>>> - unsigned long size = unmap->size; >>>>>> + size_t size = unmap->size; >>>>>> bool unmap_all = unmap->flags & VFIO_DMA_UNMAP_FLAG_ALL; >>>>>> bool invalidate_vaddr = unmap->flags & VFIO_DMA_UNMAP_FLAG_VADDR; >>>>>> struct rb_node *n, *first_n; >>>>>> @@ -1228,7 +1228,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>>>>> goto unlock; >>>>>> } >>>>>> >>>>>> - if (iova + size - 1 < iova || size > SIZE_MAX) >>>>>> + if (iova + size - 1 < iova || unmap->size > SIZE_MAX) >>>>>> goto unlock; >>>>>> >>>>>> /* When dirty tracking is enabled, allow only min supported pgsize */ >>>>>> @@ -2657,9 +2657,10 @@ static int vfio_iommu_type1_check_extension(struct vfio_iommu *iommu, >>>>>> case VFIO_TYPE1_IOMMU: >>>>>> case VFIO_TYPE1v2_IOMMU: >>>>>> case VFIO_TYPE1_NESTING_IOMMU: >>>>>> - case VFIO_UNMAP_ALL: >>>>>> case VFIO_UPDATE_VADDR: >>>>>> return 1; >>>>>> + case VFIO_UNMAP_ALL: >>>>>> + return PHYS_ADDR_MAX == SIZE_MAX ? 1 : 0; >>>>>> case VFIO_DMA_CC_IOMMU: >>>>>> if (!iommu) >>>>>> return 0; >>>>>> @@ -2868,6 +2869,10 @@ static int vfio_iommu_type1_unmap_dma(struct vfio_iommu *iommu, >>>>>> VFIO_DMA_UNMAP_FLAG_VADDR))) >>>>>> return -EINVAL; >>>>>> >>>>>> + if ((PHYS_ADDR_MAX != SIZE_MAX) && >>>>>> + (unmap.flags & VFIO_DMA_UNMAP_FLAG_ALL)) >>>>>> + return -EINVAL; >>>>>> + >>>>>> if (unmap.flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) { >>>>>> unsigned long pgshift; >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>> Is the " - 1" intentional on the other overflow check? As in it's okay >>>>>>>> to wrap around to zero but not further than that? Sometimes this is >>>>>>>> intentional but it requires more subsystem expertise than I possess. >>>>>>> >>>>>>> Yes, since we're dealing with a start + length we need to account for >>>>>>> the -1 in the end value, otherwise the user could never unmap the last >>>>>>> page of the address space. Thanks for the report! >>>>>>> >>>>>>> Alex >>>>>>> >>>>>>>> cade075f265b25 Kirti Wankhede 2020-05-29 1094 goto unlock; >>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1095 >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1096 /* When dirty tracking is enabled, allow only min supported pgsize */ >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1097 if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) && >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1098 (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) { >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1099 goto unlock; >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1100 } >>>>>>>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1101 >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1102 WARN_ON((pgsize - 1) & PAGE_MASK); >>>>>>>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1103 again: >>>>>>>> 1ef3e2bc04223f Alex Williamson 2014-02-26 1104 /* >>>>>>>> >>>>>>>> --- >>>>>>>> 0-DAY CI Kernel Test Service, Intel Corporation >>>>>>>> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org >>>>>>> >>>>>> >>>>> >>>> >>> >>