Received: by 10.223.185.111 with SMTP id b44csp350757wrg; Fri, 9 Mar 2018 06:07:03 -0800 (PST) X-Google-Smtp-Source: AG47ELtNgf7t6DsICod9w4GhEvCc5igNU2DRyKQSyG455OMclfzXiY0k7C/j3073eFKPkmhWzQNk X-Received: by 2002:a17:902:27:: with SMTP id 36-v6mr27887133pla.128.1520604423685; Fri, 09 Mar 2018 06:07:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520604423; cv=none; d=google.com; s=arc-20160816; b=XWs7nOsHmkmNpHujtdnqiHAyczaTL0go/CkDQDFgudDeSVN8MYzHcphN4n9Ns9kpct 8GvpN/d23yJ1K5i8qRD2/ajl+4AHVCj+jhmgsg1+t30Dd419D+0aJutvj6D0VOg9VKeO SOaTtotUyuYfINmaoaUnjM5Wpr4cRpnUJXJXUID8nPBBX0XkKmTRTbCquhRd6/tS69Sj s2lYSxreZKG98taPXck8WqLPPMhsBP8KLQKE1ZB4DoZnlcbqGlLMg/AwTFYEQXQ/nqNL l4uKvlMc4Y1y+N0QSOcYbfBl+q9MSJJ4i623JbEIVDc9vKAnuhBygUMlkQTIVLO79XIy FteA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:dkim-signature :arc-authentication-results; bh=TH++1hNK+4fKApynGDn00mBHegJ5O4zMLbUmtVmQJgI=; b=jWlW9xdzpV1uP0xUuuCAe1L9znOLCp+7/F+bX5YOLgDiPaGYpYxU9ltvg8EHDdqWtB NF4pAk/2ZmcgbPIEHFP9t6o/9CmyfwJPR8UKYPQ+M5XRhu3R2VIX2bVN08Y54HU9edj4 j/LvLq6ZMwV8ciD2rcIU0UThpSLMEU9BSHsUcEFMCvSfR/6wasv7p509XY6Eb47ZBIik GKw+s18L6BVz+fnBHBxApHKgVndQUODrNZEBN1ZS13aIoyXZBgxWI+WdAGQegFzrrjv4 9dPky7Fv8vJ0KcwAWbdJ18m5fTDDzrwYIR3qAlYjOlMZ1zuDTsNJr9uKS3mdWcRr2W0u KoVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ursulin-net.20150623.gappssmtp.com header.s=20150623 header.b=oh3CPyq/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1-v6si898549pld.647.2018.03.09.06.06.49; Fri, 09 Mar 2018 06:07:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ursulin-net.20150623.gappssmtp.com header.s=20150623 header.b=oh3CPyq/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932233AbeCIOFF (ORCPT + 99 others); Fri, 9 Mar 2018 09:05:05 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:36115 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751263AbeCIOFC (ORCPT ); Fri, 9 Mar 2018 09:05:02 -0500 Received: by mail-wm0-f67.google.com with SMTP id 188so4109752wme.1 for ; Fri, 09 Mar 2018 06:05:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ursulin-net.20150623.gappssmtp.com; s=20150623; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=TH++1hNK+4fKApynGDn00mBHegJ5O4zMLbUmtVmQJgI=; b=oh3CPyq/1V8kaaAOKTfRRfpX2mvdbloqnYaECYDLA9AqKwfE5BkYmFGmBJwxvNFepK a/ijkzuYNaU0Vs0vEylnkG4rRQJSU4vb123edkbWh4WE1XilCJ5l8ytNMLCaYm+Ekb6X Yf7N8d5+ViHv5kK3HxG7kK2OrF1noam8bosWFAip3eRAq9WqBN4jdHqw9nJ/shoeqdAf BS/GuH9I52QaiuG39rbxHRzef/2khfG70Mvp2I2nLRiBMGBf6vCOV+cQ2zf/K/K8AZzc q+NfXDh9/cQ/RcK1G961RKGkrlb4ISdNAAzeJPpbt+51RXloBi76mcq6l0CIyOa9Ws9y QXow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=TH++1hNK+4fKApynGDn00mBHegJ5O4zMLbUmtVmQJgI=; b=nJ/5aaIVldv+4IClCIMVgocSScCcB5zgopCpmutqneME06Y9UI8toUDggPxuN+GcvA 0j5dmwCgyk/FQtjpKZxrUwoHoz6+dvNwxxDfy18jL3QdkXkGOr2xVoNDwRFC7khbw2zf fgHw7XHmq5UhxCcSyGp3tHKhXEvFSbsGdWWBSIGk8Tqz7c44EXihtrIssP1ahE93jKQe pf1c00XDx5RrM2OmA3SBHI8/gr21dgFY5qx5HHNZKNukW5ja7T3VoKk9IOc2ONOwMT9I JZf6qYhenMckwEhUz4Tg67xZ94x3moK9jQQrw1+l2/zIS/d9+E/Fg1hamSzXZyvNkodd IA3g== X-Gm-Message-State: AElRT7EEEW6YNe6JVCTlH/NC41Ps/v1/6kyAw8UgLtcF48uChGeZwpqB K9SCCy5tBDtvMqs52IsxqJonkOAs X-Received: by 10.28.13.67 with SMTP id 64mr2027509wmn.5.1520604300835; Fri, 09 Mar 2018 06:05:00 -0800 (PST) Received: from [192.168.0.153] ([95.146.144.186]) by smtp.googlemail.com with ESMTPSA id c14sm1771043wmi.16.2018.03.09.06.04.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Mar 2018 06:04:56 -0800 (PST) Subject: Re: [PATCH 1/6] lib/scatterlist: Tidy types and fix overflow checking in sgl_alloc_order From: Tvrtko Ursulin To: Bart Van Assche , "linux-kernel@vger.kernel.org" Cc: "tvrtko.ursulin@intel.com" , "hare@suse.com" , "jthumshirn@suse.de" , "axboe@kernel.dk" References: <20180307124712.14963-1-tvrtko.ursulin@linux.intel.com> <20180307124712.14963-2-tvrtko.ursulin@linux.intel.com> <1520439036.2890.13.camel@wdc.com> Message-ID: <95276f59-754a-f69d-acb2-52a5079939eb@ursulin.net> Date: Fri, 9 Mar 2018 14:04:55 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/03/18 17:06, Tvrtko Ursulin wrote: > On 07/03/18 16:10, Bart Van Assche wrote: >> On Wed, 2018-03-07 at 12:47 +0000, Tvrtko Ursulin wrote: >>> sgl_alloc_order explicitly takes a 64-bit length (unsigned long long) >>> but >>> then rejects it in overflow checking if greater than 4GiB allocation was >>> requested. This is a consequence of using unsigned int for the right >>> hand >>> side condition which then natuarally overflows when shifted left, >>> earlier >>> than nent otherwise would. >>> >>> Fix is to promote the right hand side of the conditional to unsigned >>> long. >> >> Agreed. >> >>> It is also not useful to allow for 64-bit lenght on 32-bit platforms so >>> I have changed this type to a natural unsigned long. Like this it >>> changes >>> size naturally depending on the architecture. >> >> I do not agree. Although uncommon, it is possible that e.g. a SCSI >> initiator >> sends a transfer of more than 4 GB to a target system and that that >> transfer >> must not be split. Since this code is used by the SCSI target, I think >> that's >> an example of an application where it is useful to allow allocations >> of more >> than 4 GB at once on a 32-bit system. > > If it can work on 32-bit (it can DMA from highmem or what?) and > allocation can realistically succeed then  I'm happy to defer to storage > experts on this one. Furthermore on this specific point, the only caller of sgl_alloc_order in the tree passes in u32 for length. So even if there will be some realistic use case for >4GiB allocations on 32-bit systems (where unsigned long is 32-bit, to be more precise) I don't see a problem with my patch right now. First five patches from the series are all IMO fixes and cleanup of unused parts of the API. Regards, Tvrtko >> >>> 2. >>> >>> elem_len should not be explicitly sized u32 but unsigned int, to match >>> the underlying struct scatterlist nents type. Same for the nent_p output >>> parameter type. >> >> Are you sure it is useful to support allocations with an order that >> exceeds >> (31 - PAGE_SHIFT)? Since memory gets fragmented easily in the Linux >> kernel I >> think that it's unlikely that such allocations will succeed. > > Not sure what you are getting at here. > > There are not explicit width types anywhere in the SGL API apart this > u32 elem_lem. > > So I changed it to unsigned int not to confuse. It gets passed in to > sg_set_page which takes unsigned int. So no reason for it to be u32. > >> >>> I renamed this to chunk_len and consolidated its use throughout the >>> function. >> >> Please undo this change such that the diff remains as short as possible. > > Name change only? Yeah can do that. Even though chunk as a term is > somewhat established elsewhere in lib/scatterlist.c. > >>> -void sgl_free_n_order(struct scatterlist *sgl, int nents, int order) >>> +void sgl_free_n_order(struct scatterlist *sgl, unsigned int nents, >>> +              unsigned int order) >>>   { >>>       struct scatterlist *sg; >>>       struct page *page; >>> -    int i; >>> +    unsigned int i; >>>       for_each_sg(sgl, sg, nents, i) { >>>           if (!sg) >>> @@ -583,9 +587,9 @@ EXPORT_SYMBOL(sgl_free_n_order); >>>    * @sgl: Scatterlist with one or more elements >>>    * @order: Second argument for __free_pages() >>>    */ >>> -void sgl_free_order(struct scatterlist *sgl, int order) >>> +void sgl_free_order(struct scatterlist *sgl, unsigned int order) >>>   { >>> -    sgl_free_n_order(sgl, INT_MAX, order); >>> +    sgl_free_n_order(sgl, UINT_MAX, order); >>>   } >>>   EXPORT_SYMBOL(sgl_free_order); >> >> Do you have an application that calls these functions to allocate more >> than >> INT_MAX * PAGE_SIZE bytes at once? If not, please leave these changes >> out. > > There is no reason to used signed int here and it is even inconsistent > with itself because sgl_alloc_order returns you nents in an unsigned > int. And sg_init_table takes unsigned int for nents. So really I see no > reason to have signed types for nents on sgl_free side of the API. > > Regards, > > Tvrtko