Received: by 10.223.185.116 with SMTP id b49csp5279819wrg;
        Wed, 7 Mar 2018 09:08:05 -0800 (PST)
X-Google-Smtp-Source: AG47ELu8HMkcZMzc60Vf2Or9eN/PPvdLx+R8CNirT1SCY/johcB7MHSODqQfmaAJdsEeGB/qH/a6
X-Received: by 10.101.91.199 with SMTP id o7mr19074536pgr.9.1520442485064;
        Wed, 07 Mar 2018 09:08:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520442485; cv=none;
        d=google.com; s=arc-20160816;
        b=yApWzGlVnqMvf9tR0r3oUgT/UBD6vqajZ5KwK8x66mHiVBN42KtvpInrWJmKp/0YrU
         Xruqiyh/IY91jf91tP4XTHfNsuemCQmX7h0fTUsuUU13eThPSQ+f+jbncst+SupbYMAR
         nHkH0Dl9mrGjlaSkooSbXlBJ6UM0OAS8vp8qlhb8MPcl+K1jZqNf2zHq7PpTNRRivzfB
         sAEhwzKVpgXCKahDFOO16iNhBioEhhgsTy21ze1vLYbAAj1JCyzACabYTSfnkAWrQdia
         WFId/hsDcrDLFcho+squ/ms67qAvuoNPR1pdpRDAR7zH+P/9abCgmTLXg0YFFJ8dMSce
         wkhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=EFGOZDF4rC4qupCzTWRgYIx9n9QP6JdUzTIedYqVxL4=;
        b=0l8W0HP43cWQ72Bbv6fj7fWC1XTqApEU2XBQOnA7I3aiTLsMxoe3HOer//r23vLXZ+
         DM2AhMIAQbNp8VbvDWXbiOeJYQDNe1kpqgJNzNntvLIYsPYjUwb3WiPH7u2iNaHcf+0K
         yjciRMNVkaSh1fvBuOpOPdpfpFhMgQBPaKPnqvtkYMWb7f/8P1Soy89HwPS3CcPGQOeL
         g/hW1U5esdgZnYujOuyEH8TmdQnFPZ2N9VH0XyZUsosE64Sk60E0kTD5896DB5cg75jC
         5vfEO9pdFUi69CPjJwXXlTyw9adzMWWjZ0N/SYKxvP6VBluIDKOhpWg6naKfg3EQyriB
         DgHw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ursulin-net.20150623.gappssmtp.com header.s=20150623 header.b=t4fC9iV2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h1-v6si13079991plt.728.2018.03.07.09.07.33;
        Wed, 07 Mar 2018 09:08:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ursulin-net.20150623.gappssmtp.com header.s=20150623 header.b=t4fC9iV2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933953AbeCGRGL (ORCPT <rfc822;schlichte.alexander@gmail.com>
        + 99 others); Wed, 7 Mar 2018 12:06:11 -0500
Received: from mail-wr0-f193.google.com ([209.85.128.193]:43780 "EHLO
        mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933468AbeCGRGJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 7 Mar 2018 12:06:09 -0500
Received: by mail-wr0-f193.google.com with SMTP id u49so2904049wrc.10
        for <linux-kernel@vger.kernel.org>; Wed, 07 Mar 2018 09:06:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ursulin-net.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=EFGOZDF4rC4qupCzTWRgYIx9n9QP6JdUzTIedYqVxL4=;
        b=t4fC9iV2+2i3W2vF3RX+ttzMeb8QmmMihEIQtABe0IPFZMnLf2uj2twpv92bwxP7PJ
         iTx42F+Dxr1D8yKX1RSeL4naw6rWlVQSAY4nDcE4vNjb+fymU2MO23Fceei6EBNIoJSR
         bA8mgRtMczqiL303jSZcwU0Yx3IP+oz3TLvD84GQbMIsVAV/JrywU8wWHjBXxMZz/QFK
         HG+10nQ/VwkBkMVY+E8FLosVpBp9w22sMtOcJ8Xl8CaPSDpYrQpg4vcfZhnIDFRCBhoo
         o2V5sxbsENjtdXOqjK4XlJ/qwNEWhGRmybuP5RuK5GyisV2UOzEQKPzCvlbhhKDMi3/t
         YPRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=EFGOZDF4rC4qupCzTWRgYIx9n9QP6JdUzTIedYqVxL4=;
        b=H0V4/L0NEsEo3he65lAJApjolw5+guNKuhGZl0pjpkB21uaN2o02b3veZVS+xqk+/m
         ojSZ9CMk8FlTNF8W93MbaHTC+WuwixnTPeMFVC97DAvPqg74rjE6TcQG7bFzjHUDPD/v
         ZPb5e8aMa3dCY9GMJaicVkrZ/K4aSid1MPysERjxdlEhgTONH/FkHaJW00UFCQzd4VNb
         jZp/j1MTtXmfrvcJ7iU9V3tBU8ue9qSHwaaAq3C7TYw9So0K0rQotqVIHDf0Pkl/Yo9k
         o6qYkbGkgW/yDmvN+BfgkxN972lVswmsWqu27FPQzBIvbofhvMIuMGNi8pJ0zu4SOGyP
         RF6Q==
X-Gm-Message-State: APf1xPCOqFy2xlfwG+InZttvt6I5l5lcrN+fFQAV3nYP5FJe2DlcplbF
        hNbvazaGJeL86asYbkAgV3wQsA==
X-Received: by 10.223.153.230 with SMTP id y93mr19162169wrb.215.1520442368075;
        Wed, 07 Mar 2018 09:06:08 -0800 (PST)
Received: from [192.168.0.153] ([95.146.144.186])
        by smtp.googlemail.com with ESMTPSA id l38sm29962708wrc.96.2018.03.07.09.06.07
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Mar 2018 09:06:07 -0800 (PST)
Subject: Re: [PATCH 1/6] lib/scatterlist: Tidy types and fix overflow checking
 in sgl_alloc_order
To:     Bart Van Assche <Bart.VanAssche@wdc.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc:     "tvrtko.ursulin@intel.com" <tvrtko.ursulin@intel.com>,
        "hare@suse.com" <hare@suse.com>,
        "jthumshirn@suse.de" <jthumshirn@suse.de>,
        "axboe@kernel.dk" <axboe@kernel.dk>
References: <20180307124712.14963-1-tvrtko.ursulin@linux.intel.com>
 <20180307124712.14963-2-tvrtko.ursulin@linux.intel.com>
 <1520439036.2890.13.camel@wdc.com>
From:   Tvrtko Ursulin <tursulin@ursulin.net>
Message-ID: <e85a8ad8-b9ba-33e2-49a8-80453a8b9281@ursulin.net>
Date:   Wed, 7 Mar 2018 17:06:06 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <1520439036.2890.13.camel@wdc.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 07/03/18 16:10, Bart Van Assche wrote:
> On Wed, 2018-03-07 at 12:47 +0000, Tvrtko Ursulin wrote:
>> sgl_alloc_order explicitly takes a 64-bit length (unsigned long long) but
>> then rejects it in overflow checking if greater than 4GiB allocation was
>> requested. This is a consequence of using unsigned int for the right hand
>> side condition which then natuarally overflows when shifted left, earlier
>> than nent otherwise would.
>>
>> Fix is to promote the right hand side of the conditional to unsigned long.
> 
> Agreed.
> 
>> It is also not useful to allow for 64-bit lenght on 32-bit platforms so
>> I have changed this type to a natural unsigned long. Like this it changes
>> size naturally depending on the architecture.
> 
> I do not agree. Although uncommon, it is possible that e.g. a SCSI initiator
> sends a transfer of more than 4 GB to a target system and that that transfer
> must not be split. Since this code is used by the SCSI target, I think that's
> an example of an application where it is useful to allow allocations of more
> than 4 GB at once on a 32-bit system.

If it can work on 32-bit (it can DMA from highmem or what?) and 
allocation can realistically succeed then  I'm happy to defer to storage 
experts on this one.

> 
>> 2.
>>
>> elem_len should not be explicitly sized u32 but unsigned int, to match
>> the underlying struct scatterlist nents type. Same for the nent_p output
>> parameter type.
> 
> Are you sure it is useful to support allocations with an order that exceeds
> (31 - PAGE_SHIFT)? Since memory gets fragmented easily in the Linux kernel I
> think that it's unlikely that such allocations will succeed.

Not sure what you are getting at here.

There are not explicit width types anywhere in the SGL API apart this 
u32 elem_lem.

So I changed it to unsigned int not to confuse. It gets passed in to 
sg_set_page which takes unsigned int. So no reason for it to be u32.

> 
>> I renamed this to chunk_len and consolidated its use throughout the
>> function.
> 
> Please undo this change such that the diff remains as short as possible.

Name change only? Yeah can do that. Even though chunk as a term is 
somewhat established elsewhere in lib/scatterlist.c.

>> -void sgl_free_n_order(struct scatterlist *sgl, int nents, int order)
>> +void sgl_free_n_order(struct scatterlist *sgl, unsigned int nents,
>> +		      unsigned int order)
>>   {
>>   	struct scatterlist *sg;
>>   	struct page *page;
>> -	int i;
>> +	unsigned int i;
>>   
>>   	for_each_sg(sgl, sg, nents, i) {
>>   		if (!sg)
>> @@ -583,9 +587,9 @@ EXPORT_SYMBOL(sgl_free_n_order);
>>    * @sgl: Scatterlist with one or more elements
>>    * @order: Second argument for __free_pages()
>>    */
>> -void sgl_free_order(struct scatterlist *sgl, int order)
>> +void sgl_free_order(struct scatterlist *sgl, unsigned int order)
>>   {
>> -	sgl_free_n_order(sgl, INT_MAX, order);
>> +	sgl_free_n_order(sgl, UINT_MAX, order);
>>   }
>>   EXPORT_SYMBOL(sgl_free_order);
> 
> Do you have an application that calls these functions to allocate more than
> INT_MAX * PAGE_SIZE bytes at once? If not, please leave these changes out.

There is no reason to used signed int here and it is even inconsistent 
with itself because sgl_alloc_order returns you nents in an unsigned 
int. And sg_init_table takes unsigned int for nents. So really I see no 
reason to have signed types for nents on sgl_free side of the API.

Regards,

Tvrtko