Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3960860ybz; Tue, 28 Apr 2020 03:23:39 -0700 (PDT) X-Google-Smtp-Source: APiQypL9hGaCbdFI6OSzySpSFaIf6exxeDZH1rucp1ZH0HztL4vRjYLr87bRgZ1W+v04/OcJzjzq X-Received: by 2002:a17:906:328c:: with SMTP id 12mr22567034ejw.69.1588069419718; Tue, 28 Apr 2020 03:23:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588069419; cv=none; d=google.com; s=arc-20160816; b=z455Nb+XVPpKf0HSJna3cI5VniZ3LeWQhWXXkJPERo5GBDTgKsKuouB3VQbGnfV0cq jBm9H4IdB51ylpG3v0tX+X7oO8tLG7bur7sp2OtAUALzOHuKgkd5dY4lGgymqqJC3AUn ghTSiHVIOAIavXdeGFmneVThdz+gZK2ZMKiJAGPCuATcX3mCTBU9oK41UxhJ39rINq0J 0zXewH8x5TZiUx5lCnBb9kqSPQQFn9Ypspfi9ryKFRLv1Xb0hA/wPI+JjljV4K3ZFgUr nTEXoTxm/BYGkL7Y9RSO7WPsrZNzjUAaaCisUu4xpdviLeNcedGbWB1qOb0nytnd8iW7 puug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=IhwWtmMTrVkzxF7MdOb6i2LvWQBAHDXU59fG0z0HoU8=; b=Y2TT6kMWQgF0kaNOI4B68thQQBq7EXc4UdHUXYgbIdf9qPzM/u7Zl5xr6LT4HJRFmD pdbzAX46iDMGtkYVp1FpPYfGAhl9igFP4zB9y6qMPUUZdNgqr674neaTOH9H9zhf7djn Aztk7yQu/vZqyz3Z713TiS3xaPsPDXibCM9CMqfrv3TgYgFZtAYUgwYZmGZ1EUfldYji iqbsdSZ3r/nIDerIhWajQBy7eXbaNiKQOgixugLqP66XFiBhsUTDxAixgVUECOvGPqht 24Mloa+iktwz+8hNKUCL02hxypAwk2yWN3MsD2rUD2VHBiQKzOP2882wU5WYZlVOeUxc MVJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dd5si1400431edb.34.2020.04.28.03.23.16; Tue, 28 Apr 2020 03:23:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727949AbgD1KTo (ORCPT + 99 others); Tue, 28 Apr 2020 06:19:44 -0400 Received: from mx2.suse.de ([195.135.220.15]:56606 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727803AbgD1KTo (ORCPT ); Tue, 28 Apr 2020 06:19:44 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id E60A4AED6; Tue, 28 Apr 2020 10:19:41 +0000 (UTC) Subject: Re: [PATCH] xen/swiotlb: correct the check for xen_destroy_contiguous_region To: Peng Fan , "konrad.wilk@oracle.com" , "boris.ostrovsky@oracle.com" , "sstabellini@kernel.org" Cc: "xen-devel@lists.xenproject.org" , "iommu@lists.linux-foundation.org" , "linux-kernel@vger.kernel.org" , dl-linux-imx References: <1588059225-11245-1-git-send-email-peng.fan@nxp.com> <1c01e97a-adcd-a703-55b5-8975b4ce4d2c@suse.com> From: =?UTF-8?B?SsO8cmdlbiBHcm/Dnw==?= Message-ID: Date: Tue, 28 Apr 2020 12:19:41 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 28.04.20 10:25, Peng Fan wrote: >> Subject: Re: [PATCH] xen/swiotlb: correct the check for >> xen_destroy_contiguous_region >> >> On 28.04.20 09:33, peng.fan@nxp.com wrote: >>> From: Peng Fan >>> >>> When booting xen on i.MX8QM, met: >>> " >>> [ 3.602128] Unable to handle kernel paging request at virtual address >> 0000000000272d40 >>> [ 3.610804] Mem abort info: >>> [ 3.613905] ESR = 0x96000004 >>> [ 3.617332] EC = 0x25: DABT (current EL), IL = 32 bits >>> [ 3.623211] SET = 0, FnV = 0 >>> [ 3.626628] EA = 0, S1PTW = 0 >>> [ 3.630128] Data abort info: >>> [ 3.633362] ISV = 0, ISS = 0x00000004 >>> [ 3.637630] CM = 0, WnR = 0 >>> [ 3.640955] [0000000000272d40] user address but active_mm is >> swapper >>> [ 3.647983] Internal error: Oops: 96000004 [#1] PREEMPT SMP >>> [ 3.654137] Modules linked in: >>> [ 3.677285] Hardware name: Freescale i.MX8QM MEK (DT) >>> [ 3.677302] Workqueue: events deferred_probe_work_func >>> [ 3.684253] imx6q-pcie 5f000000.pcie: PCI host bridge to bus 0000:00 >>> [ 3.688297] pstate: 60000005 (nZCv daif -PAN -UAO) >>> [ 3.688310] pc : xen_swiotlb_free_coherent+0x180/0x1c0 >>> [ 3.693993] pci_bus 0000:00: root bus resource [bus 00-ff] >>> [ 3.701002] lr : xen_swiotlb_free_coherent+0x44/0x1c0 >>> " >>> >>> In xen_swiotlb_alloc_coherent, if !(dev_addr + size - 1 <= dma_mask) >>> or range_straddles_page_boundary(phys, size) are true, it will create >>> contiguous region. So when free, we need to free contiguous region use >>> upper check condition. >> >> No, this will break PV guests on x86. > > Could you share more details why alloc and free not matching for the check? xen_create_contiguous_region() is needed only in case: - the bus address is not within dma_mask, or - the memory region is not physically contiguous (can happen only for PV guests) In any case it should arrange for the memory to be suitable for the DMA operation, so to be contiguous and within dma_mask afterwards. So xen_destroy_contiguous_region() should only ever called for areas which match above criteria, as otherwise we can be sure xen_create_contiguous_region() was not used for making the area DMA-able in the beginning. And this is very important in the PV case, as in those guests the page tables are containing the host-PFNs, not the guest-PFNS, and xen_create_contiguous_region() will fiddle with host- vs. guest-PFN arrangements, and xen_destroy_contiguous_region() is reverting this fiddling. Any call of xen_destroy_contiguous_region() for an area it was not intended to be called for might swap physical pages beneath random virtual addresses, which was the reason for this test to be added by me. Juergen > > Thanks, > Peng. > >> >> I think there is something wrong with your setup in combination with the ARM >> xen_create_contiguous_region() implementation. >> >> Stefano? >> >> >> Juergen >> >>> >>> Signed-off-by: Peng Fan >>> --- >>> drivers/xen/swiotlb-xen.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c >>> index b6d27762c6f8..ab96e468584f 100644 >>> --- a/drivers/xen/swiotlb-xen.c >>> +++ b/drivers/xen/swiotlb-xen.c >>> @@ -346,8 +346,8 @@ xen_swiotlb_free_coherent(struct device *hwdev, >> size_t size, void *vaddr, >>> /* Convert the size to actually allocated. */ >>> size = 1UL << (order + XEN_PAGE_SHIFT); >>> >>> - if (!WARN_ON((dev_addr + size - 1 > dma_mask) || >>> - range_straddles_page_boundary(phys, size)) && >>> + if (((dev_addr + size - 1 > dma_mask) || >>> + range_straddles_page_boundary(phys, size)) && >>> TestClearPageXenRemapped(virt_to_page(vaddr))) >>> xen_destroy_contiguous_region(phys, order); >>> >>> >