From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,MSGID_FROM_MTA_HEADER,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D916C433DB for ; Tue, 23 Feb 2021 13:56:51 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D922A64E5C for ; Tue, 23 Feb 2021 13:56:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D922A64E5C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 4364F6B0005; Tue, 23 Feb 2021 08:56:50 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 40B636B0006; Tue, 23 Feb 2021 08:56:50 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2AEA08D0001; Tue, 23 Feb 2021 08:56:50 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0223.hostedemail.com [216.40.44.223]) by kanga.kvack.org (Postfix) with ESMTP id 10EE66B0005 for ; Tue, 23 Feb 2021 08:56:50 -0500 (EST) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id D18648248047 for ; Tue, 23 Feb 2021 13:56:49 +0000 (UTC) X-FDA: 77849683338.10.22C5B7A Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) by imf21.hostedemail.com (Postfix) with ESMTP id D9B8EE000114 for ; Tue, 23 Feb 2021 13:56:45 +0000 (UTC) Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11NDsSIv172178; Tue, 23 Feb 2021 13:56:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2020-01-29; bh=pa1YV0RfUOuhjFejxcPHl9vNzBZi6oVVtW42753z/sc=; b=NZ5TBJr3FCVt4/EMGJMjTc3Wz3DDo6H8nY7gdbYBSzcAl9EN72SI2A1aZowftu1phZMN 4Fa+fq1Hg+EJc0l+qi0wEM+84Khg6wMMtGH/oPE43th+Fy3mKZ3Hmr81U6DHXDYAh1aF 2soLTb4TQr0VLwWgLywBFue4ywcebWr47ygCJN5291fKuft1/HTcZVfH9G2UT2JjlhpP EQIfWNuIF6uGWoHSdoTf3F79mhHPSXWBWl7/V1ZwNNjX/UvBbPoDlrbnsrkBwx2eqTto xXoPCoHLS0P0W+taUUHij3l7Wy1NiuyS/Z74B+qo6aAXs54dUS24MF933MbKu5ONDHRo Gg== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by userp2120.oracle.com with ESMTP id 36ugq3e4r4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Feb 2021 13:56:46 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11NDuY4W051302; Tue, 23 Feb 2021 13:56:46 GMT Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2169.outbound.protection.outlook.com [104.47.59.169]) by aserp3020.oracle.com with ESMTP id 36ucaycucc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Feb 2021 13:56:45 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dU7SCKmJ0NBfPQ9RK1INaYlO3FP4/XgxgpTIS9ffcmVe0pX3Qnkjuw+aQNJmo0czBKYHImaVS59PC+gSkrr6osVUbbwBlHbZLSIEO+/AKrL70dhfBeUIWlMfQVi+P5GZmg3kF1b906t+xFMh9Lt1njIQhXiR3ehhyOadegBNgi9QVH7EquiD7Z34MsuZaG6uv+uHwrXAv36lfhSoxv/ZnmOjXib92W0NYL6jia2nII1mW5HhD5WPrbGKdMXj9UfUjk7h2hCHKGCUvy+IBN2WiGc+yNfaHbVkM/jf69yyl2eUenYdPIlEmhmS9JoR+aOc8xcNW/jnJWXB5W1ORYbLZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pa1YV0RfUOuhjFejxcPHl9vNzBZi6oVVtW42753z/sc=; b=Xh98OfFZNHFUR3/kR+gsw2oGuVjBS8B4V/ODCtxAjfIHoNF9Dzz80/R0DKzrF+bDMEtis6Mbb5ZYC6IALwm6TlAtVYk3ulCkjzD8NL+SasjMwv/K+N6MBgn1yQBREXpCWWuUkgvarSlJxGMltDxIgsQpIxcGn6J/4kfPUk8QUaVr6+X0SL53SCSkXGlso1uYa9dnRoAYxYn6HQ+riCsW39tRhzGtiS+K+spo+XDEKh+7wih8E9nAC0YxrktML/xapdKh++kvbB1iPoPvBOrey/nv9XAGhlZ4nbbDbit+VEszlPNzCTIgif5kraOgDszRwWM1FCCUExTQUKqIyNWwOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pa1YV0RfUOuhjFejxcPHl9vNzBZi6oVVtW42753z/sc=; b=F27ocb65VUxuEYOQbNZYkp6MDsZMHWB5bNyZWloU99HLtvZRV0JBkVgEqpFI86NVOjZYMLetliVIAvIHzIlwDLxpjYnI5rNgHm5iBji55uAJmK8AIE5MRJGyGHSRDL4M+jH3GTZDaiFzvnXSd8mHKB2iVExuJDRe6EZiD3EsuU4= Received: from BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) by BY5PR10MB4129.namprd10.prod.outlook.com (2603:10b6:a03:210::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.32; Tue, 23 Feb 2021 13:56:44 +0000 Received: from BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd]) by BYAPR10MB3240.namprd10.prod.outlook.com ([fe80::7ccb:17c2:c957:65cd%6]) with mapi id 15.20.3868.033; Tue, 23 Feb 2021 13:56:44 +0000 Subject: Re: [kbuild] [linux-next:master 6931/12022] drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' To: Alex Williamson , Dan Carpenter Cc: kbuild@lists.01.org, lkp@intel.com, kbuild-all@lists.01.org, Linux Memory Management List , Cornelia Huck References: <20210222141043.GW2222@kadam> <20210222155145.50e2d513@omen.home.shazbot.org> <20210222161753.7acc4e92@omen.home.shazbot.org> From: Steven Sistare Organization: Oracle Corporation Message-ID: Date: Tue, 23 Feb 2021 08:56:36 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 In-Reply-To: <20210222161753.7acc4e92@omen.home.shazbot.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [24.62.106.7] X-ClientProxiedBy: SJ0PR03CA0368.namprd03.prod.outlook.com (2603:10b6:a03:3a1::13) To BYAPR10MB3240.namprd10.prod.outlook.com (2603:10b6:a03:155::17) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.92] (24.62.106.7) by SJ0PR03CA0368.namprd03.prod.outlook.com (2603:10b6:a03:3a1::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.28 via Frontend Transport; Tue, 23 Feb 2021 13:56:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7e68bc5f-31a1-412a-a30a-08d8d802da12 X-MS-TrafficTypeDiagnostic: BY5PR10MB4129: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1SpNNfWYEXxZY9sOrhuxWFCmGyCCoay3X1v9TLrH8bbfI84wPFJ68aVd7u4N+6bsIZF0cRd/agK9HrtlSmhyEmzH29GNQDcfqDsTQqJ+uPBk4d/JsAa5B8eumqZHHD6J5Z5cROgM1HftdoYlIKrPu47Fsmpb+dh9knREyPoaiy4YhXc3SpBYYlYY4RrFtZmg5j8MWOfdeD80MwiytbI7+thqlGC3Ay/gweVv5O+MGhThocQJcYnQcL3hnFjDZRpjQNrR601ZmQMQBRJOcc4w1rVIrEaxIlehnn/xnFU9k1CqCoTJrkpjvQTrg/AdOvRDxvSIyP2NI7w5U0dC07Gp512xv12sUvZ4Go7rsDIvxoPsAFI+wws6tYJ3qRpialqzvYjTakymy8yxfixcdvSkVhC9JrW2xQph04qUgGoadNM5ESBJ0uOElF/LdgqHQv9i9+EhFRaJBCmh2BczezhsF6asyx/4hzVwEMmHfaNwUMS2rUFtjkkK96C5vr+61xy01A3v8YRbn3h6+gBhifWCbB5A5FMMaaUxcGFGigimYYndelMk7aQQSbochHBVqakgGhoSjX3+DT7VZlomqZ/u95a6vNkigj8rl1dFI/3UlXdLqCbRM80gvfhn8wbniNYHQpDzm+c1ILHly7JpqhTxdyyLIeggG03hFAsCDhWYqSg8GPHlgbnNalQvo60iC9BT X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3240.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(396003)(376002)(39860400002)(136003)(346002)(2616005)(956004)(66556008)(44832011)(66476007)(36756003)(86362001)(26005)(6636002)(16526019)(4326008)(36916002)(8676002)(83380400001)(53546011)(66946007)(5660300002)(186003)(31686004)(2906002)(478600001)(316002)(31696002)(16576012)(966005)(54906003)(6666004)(4001150100001)(8936002)(110136005)(6486002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?L0V0eFluN1dwM280eEQ1dGpqWitnVXF5Q1pTYitIUy9YRk9rcTR6NS9zSjFY?= =?utf-8?B?RmJRN0trQ2FtV2lXUU5BV0RYYjF6MHVpcmY1b2V6TVRHbnphaHVEYk5YWllr?= =?utf-8?B?dmxTcURXV2ViWjNLcExDRHM4QVZmbDdkSmlRRHZVVVZZaG9PSWN3K2FNajdJ?= =?utf-8?B?MEphU3p5TnEzZVNEdko1YlJuQ2Fva2JHajl3SEZ3dlpzV1U3RWVUYks4YjJ3?= =?utf-8?B?ejRoTjBleVpXOHBrbThlUXY1ZjB5SGJTVXFwdWloekxoMG8vKytGaWlxeFhx?= =?utf-8?B?M0ZVM2Y5R0pDSDdmTk1xS2dSY3k0WEdkTkV1VjMzZDdsWjh4ck1EQ1FpSjRz?= =?utf-8?B?YVh0am4vQWttOWhFYUt5UTlndFNmRGVEeXk0U00yRmlsV0FrYUJZR1JtRW9X?= =?utf-8?B?Vm5zWFl1ZUtJaHFmZm5yUGxsVjQwbEJSNkNmT2NCc21pbVd2MEtKQ3hlOGZV?= =?utf-8?B?Z3pJU2ljVEJlV3ZGMHdzNUJZTE9IWmgxd0RZSW9rSW44amNqeDd4aWJoNGxW?= =?utf-8?B?R3Uva1lvTUlzZUFlYzBldWtOaGdCc2diblBpUFFoMm9ZNkNMckNDVE9pVDhO?= =?utf-8?B?WnNjL2RTb291dHo4MW1WMFFpMUpoY2hJQ2ozVHpQNU56L25XOEZ0REVqcjVF?= =?utf-8?B?RC9EbkxXRFIvdDJjS2pCSWNGeVFjWlQzc0Ryd0I2aVc0SGcrS25MR2h1cmdF?= =?utf-8?B?Q0ZHdDlOQTR1OHB3bzBQc0xiRkk4alU2OWgrdlFyL2loN3JVeVN3MCtYbS9T?= =?utf-8?B?L0h6R0dlcHhpT2NXN2R0TzREZDA4RVlHaHdwVmFDc0hvRXBwdWpsQk1IUExF?= =?utf-8?B?OUlyd3RtL1hlenZQSlYwanpDZXUxL3ZscjhBeFZURVVjSGJLZkZGSmZCWUZX?= =?utf-8?B?WG5XYU82bW1KbHhRTDNid052US92bVNJWXArRmh1R3lvY3BiOVdubVBFYms1?= =?utf-8?B?UmhiQU9adDM2NndYU1NuS1l0NHA2TGJiT0JLY0ppSVMwSkg4ejBoQkFCa2JV?= =?utf-8?B?TnZsaDJFL2hISjA3bVdHM2lkbnBpT01HZUttZFJmalpxQ1lUTURVQ3F5UWov?= =?utf-8?B?T2Q1WXlUSkdqbEFQQzFFR2ZpNnZQNVJtT2ZzakR6bGtWSnMwdUpZNm5TcjQ1?= =?utf-8?B?UFpHMGdoL3ZDL09GK0FwUFpPOTg5RWd2SmI2ODZMdm1sSjlTandlbUtZNzFZ?= =?utf-8?B?TW12Ulg4SUZ1VU1TM1IxN0RyM0dPdG1pM3VXMEp0ZkVLL0lWZFNueWJvQlh5?= =?utf-8?B?aFo4TWt3RlhPT0xERkRTQVBXb09YaHBMNExIY2VkQ3JnNU1zdnVLb0duaC9Q?= =?utf-8?B?dGNHNEI2TkF2Q1B6d3hEMDdZTTNzMHM3L2ZoVG1mWVFRZnp0MnFPNWhRVFdU?= =?utf-8?B?RFU4MnByWHVDbXVmbFVZWDVqWnBrQXZ4NU92c3R2andSS005RGVCdVlNT2Jv?= =?utf-8?B?TURZUTNIT25FUjNHZStTN2FXU2Y1eTNUZDlLYmtUSHArV016a0R4WXJ6ZG5y?= =?utf-8?B?aTY2VUdOalRhSW4wcTc5QjZBbjNKWmFOVGo4Y0VLamRIVk5aRU9jUGUwWmNZ?= =?utf-8?B?VkdVZ09sNkZvMGRzUndqamtNOGlXaXNZZ0JLajdWU1MxbTFoR0pMZG9tYmhm?= =?utf-8?B?cVNneGVGVWFPMlNSTGxoMmtlLzE3dGhDQzYvcUEvM1BRQTBkTVk3Q0FBWHhE?= =?utf-8?B?YmxkcHlMK0pmT3NDNlErNmlqdFlGU2k1QWtONkZEaUd2eEpub01tMXpuZlBz?= =?utf-8?Q?1N1dTNjEoy05hHJ2tcnaoNMJtyz5bXZ+KwcnDW6?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e68bc5f-31a1-412a-a30a-08d8d802da12 X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3240.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Feb 2021 13:56:44.1758 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: USXv+CIODnvPKntCJ5OnTxRymbyFgM0HUcLa6wm1EDhYCcHAqk5yvMG96WP+0tbBjA5AahpRYK51hMfWHCjEtjPQKNZvcmxDMCpAvKfqbak= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB4129 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9903 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 mlxlogscore=999 adultscore=0 bulkscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102230118 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9903 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 malwarescore=0 spamscore=0 mlxscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102230118 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: D9B8EE000114 X-Stat-Signature: tjjtfrnpc3jaju5wnwsojoghb8xg1jny Received-SPF: none (oracle.com>: No applicable sender policy available) receiver=imf21; identity=mailfrom; envelope-from=""; helo=userp2120.oracle.com; client-ip=156.151.31.85 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614088605-753413 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2/22/2021 6:17 PM, Alex Williamson wrote: > On Mon, 22 Feb 2021 15:51:45 -0700 > Alex Williamson wrote: > >> On Mon, 22 Feb 2021 17:10:43 +0300 >> Dan Carpenter wrote: >> >>> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master >>> head: 37dfbfbdca66834bc0f64ec9b35e09ac6c8898da >>> commit: 0f53afa12baec8c00f5d1d6afb49325ada105253 [6931/12022] vfio/type1: unmap cleanup >> >> It's always the patches that claim no functional change... ;) >> >>> config: i386-randconfig-m021-20210222 (attached as .config) >>> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 >>> >>> If you fix the issue, kindly add following tag as appropriate >>> Reported-by: kernel test robot >>> Reported-by: Dan Carpenter >>> >>> New smatch warnings: >>> drivers/vfio/vfio_iommu_type1.c:1093 vfio_dma_do_unmap() warn: impossible condition '(size > (~0)) => (0-u32max > u32max)' >>> >>> vim +1093 drivers/vfio/vfio_iommu_type1.c >>> >>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1071 static int vfio_dma_do_unmap(struct vfio_iommu *iommu, >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1072 struct vfio_iommu_type1_dma_unmap *unmap, >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1073 struct vfio_bitmap *bitmap) >>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1074 { >>> c086de818dd81c Kirti Wankhede 2016-11-17 1075 struct vfio_dma *dma, *dma_last = NULL; >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1076 size_t unmapped = 0, pgsize; >>> 0f53afa12baec8 Steve Sistare 2021-01-29 1077 int ret = -EINVAL, retries = 0; >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1078 unsigned long pgshift; >>> 0f53afa12baec8 Steve Sistare 2021-01-29 1079 dma_addr_t iova = unmap->iova; >>> 0f53afa12baec8 Steve Sistare 2021-01-29 1080 unsigned long size = unmap->size; >>> ^^^^^^^^^^^^^^^^^^ >>> >>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1081 >>> cade075f265b25 Kirti Wankhede 2020-05-29 1082 mutex_lock(&iommu->lock); >>> cade075f265b25 Kirti Wankhede 2020-05-29 1083 >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1084 pgshift = __ffs(iommu->pgsize_bitmap); >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1085 pgsize = (size_t)1 << pgshift; >>> cade075f265b25 Kirti Wankhede 2020-05-29 1086 >>> 0f53afa12baec8 Steve Sistare 2021-01-29 1087 if (iova & (pgsize - 1)) >>> cade075f265b25 Kirti Wankhede 2020-05-29 1088 goto unlock; >>> cade075f265b25 Kirti Wankhede 2020-05-29 1089 >>> 0f53afa12baec8 Steve Sistare 2021-01-29 1090 if (!size || size & (pgsize - 1)) >>> cade075f265b25 Kirti Wankhede 2020-05-29 1091 goto unlock; >>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1092 >>> 0f53afa12baec8 Steve Sistare 2021-01-29 @1093 if (iova + size - 1 < iova || size > SIZE_MAX) >>> >>> size is unsigned long and SIZE_MAX is ULONG_MAX so "size > SIZE_MAX" >>> does not make sense. >> >> I think it made sense before the above commit, where unmap->size is a >> __u64 and a user could provide a value that exceeds SIZE_MAX on ILP32. >> Seems like the fix is probably to use a size_t for the local variable >> and restore this test to compare (unmap->size > SIZE_MAX). Steve? > > Actually it seems like VFIO_DMA_UNMAP_FLAG_ALL doesn't work when > PHYS_ADDR_MAX != SIZE_MAX (ex. x86 PAE - I think). It seems like PAE causes problems even before VFIO_DMA_UNMAP_FLAG_ALL. In the previous vfio_dma_do_unmap code, the u64 unmap->size would be truncated when passed to vfio_find_dma. For unmap, these fixes should suffice, and I would rather do this than disable the unmap-all flag for a corner case: vfio_dma_do_unmap() size_t unmapped = 0; unsigned long size = unmap->size; ==> u64 unmapped = 0; u64 size = unmap->size; static struct rb_node *vfio_find_dma_first_node( struct vfio_iommu *iommu, dma_addr_t start, size_t size) ==> static struct rb_node *vfio_find_dma_first_node( struct vfio_iommu *iommu, dma_addr_t start, u64 size) And maybe use dma_addr_t instead of u64 in the above (which is 64 bits for CONFIG_X86_PAE). However, there are other places in the existing code that need tweaking to be safe for PAE, the vfio_find_dma() size arg for one. - Steve > I can't say I'm > really interested in adding complexity to make it work in such a case > either. Maybe we can just not expose it, ex: > > diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c > index ed03f3fcb07e..6b69a74b3db0 100644 > --- a/drivers/vfio/vfio_iommu_type1.c > +++ b/drivers/vfio/vfio_iommu_type1.c > @@ -1207,7 +1207,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, > int ret = -EINVAL, retries = 0; > unsigned long pgshift; > dma_addr_t iova = unmap->iova; > - unsigned long size = unmap->size; > + size_t size = unmap->size; > bool unmap_all = unmap->flags & VFIO_DMA_UNMAP_FLAG_ALL; > bool invalidate_vaddr = unmap->flags & VFIO_DMA_UNMAP_FLAG_VADDR; > struct rb_node *n, *first_n; > @@ -1228,7 +1228,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, > goto unlock; > } > > - if (iova + size - 1 < iova || size > SIZE_MAX) > + if (iova + size - 1 < iova || unmap->size > SIZE_MAX) > goto unlock; > > /* When dirty tracking is enabled, allow only min supported pgsize */ > @@ -2657,9 +2657,10 @@ static int vfio_iommu_type1_check_extension(struct vfio_iommu *iommu, > case VFIO_TYPE1_IOMMU: > case VFIO_TYPE1v2_IOMMU: > case VFIO_TYPE1_NESTING_IOMMU: > - case VFIO_UNMAP_ALL: > case VFIO_UPDATE_VADDR: > return 1; > + case VFIO_UNMAP_ALL: > + return PHYS_ADDR_MAX == SIZE_MAX ? 1 : 0; > case VFIO_DMA_CC_IOMMU: > if (!iommu) > return 0; > @@ -2868,6 +2869,10 @@ static int vfio_iommu_type1_unmap_dma(struct vfio_iommu *iommu, > VFIO_DMA_UNMAP_FLAG_VADDR))) > return -EINVAL; > > + if ((PHYS_ADDR_MAX != SIZE_MAX) && > + (unmap.flags & VFIO_DMA_UNMAP_FLAG_ALL)) > + return -EINVAL; > + > if (unmap.flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) { > unsigned long pgshift; > > > > > >>> Is the " - 1" intentional on the other overflow check? As in it's okay >>> to wrap around to zero but not further than that? Sometimes this is >>> intentional but it requires more subsystem expertise than I possess. >> >> Yes, since we're dealing with a start + length we need to account for >> the -1 in the end value, otherwise the user could never unmap the last >> page of the address space. Thanks for the report! >> >> Alex >> >>> cade075f265b25 Kirti Wankhede 2020-05-29 1094 goto unlock; >>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1095 >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1096 /* When dirty tracking is enabled, allow only min supported pgsize */ >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1097 if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) && >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1098 (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) { >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1099 goto unlock; >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1100 } >>> 73fa0d10d077d9 Alex Williamson 2012-07-31 1101 >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1102 WARN_ON((pgsize - 1) & PAGE_MASK); >>> 331e33d2960c82 Kirti Wankhede 2020-05-29 1103 again: >>> 1ef3e2bc04223f Alex Williamson 2014-02-26 1104 /* >>> >>> --- >>> 0-DAY CI Kernel Test Service, Intel Corporation >>> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org >> >