Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2362046pxu;
        Mon, 7 Dec 2020 04:49:46 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxOX/VuI2IzkuHbwHBmDYWlSsHfLFWG6HhWKwCxJIOHGUb+tcMxwpu+BFAUTabx7HAgwzii
X-Received: by 2002:a17:906:2445:: with SMTP id a5mr13497718ejb.330.1607345386238;
        Mon, 07 Dec 2020 04:49:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1607345386; cv=none;
        d=google.com; s=arc-20160816;
        b=vY1+mEM2vMfxANEvmgseKPDwHGnxogI4ejWgdrk6Iq7dln/z5z3GeIswAtFd2+TT8s
         Bii/1ECCSaxh0rBgzf+elES4f8sCeM2EOT533VHLivTBbg3LVqIvt+LW83/lWRONH8h+
         cqe2Hvv9JAjEcfx3+Rqa6ijWBBMatIERFe5Syv23bJbEPH0orPOw5er+cznqjOdCZB14
         Yr0JtxiBEQVHkzT24TvgAhLq+lwr6RJGlHhA/iChtVDEEgVdT8itn3AQO4/HzwCUTrIF
         YAH3vLPUKfIiV6Og8Yb3Xeu+p2RfiS+gmXUQCQ0/KeNHltC1keUY+20gEhYPWBADYYvZ
         Tn+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=ajmuVptWjG1EqOCbVXoUs2QmtLo6sBhe7yAbkCjITV8=;
        b=nyI4sD9LqmojXy7jd34e4bFA/haZHT5hg2yUlhGjzIDgXcOO9Sk671X73hxGaPWRDB
         EsmQU6b2NpqOpo7K67RkBbcDezrWXinipGNLvpijRqGYMqZsliNWa7SlwESdvA4d5OMA
         WLBruR9LwvAsGpvYCpZGe0NfcMkVdN4QHnCrIS1EwKf2pzdnschmRZaN5sbxc1v6Xsqa
         bFy+qpRH2GBf8Z2NjyRvggNqxXDomwhdmYBddDzGmNEPhsQsSdp9bSXQ+kRvhZ0n7uHE
         q/J+R5qH6MhDJjtdnecycxO8Xz1XCYrWYJVG55/42GvhToLGnfTHo2JJ0tGaYRrRmThI
         oZ0w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h26si6446168ejq.399.2020.12.07.04.49.23;
        Mon, 07 Dec 2020 04:49:46 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725939AbgLGMre (ORCPT <rfc822;wangyang4221683@gmail.com>
        + 99 others); Mon, 7 Dec 2020 07:47:34 -0500
Received: from foss.arm.com ([217.140.110.172]:49682 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725774AbgLGMrd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Dec 2020 07:47:33 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B6B401042;
        Mon,  7 Dec 2020 04:46:47 -0800 (PST)
Received: from [10.57.61.6] (unknown [10.57.61.6])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5403D3F718;
        Mon,  7 Dec 2020 04:46:45 -0800 (PST)
Subject: Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map
To:     zhukeqian <zhukeqian1@huawei.com>, Will Deacon <will@kernel.org>
Cc:     Suzuki K Poulose <suzuki.poulose@arm.com>,
        Marc Zyngier <maz@kernel.org>, jiangkunkun@huawei.com,
        linux-kernel@vger.kernel.org,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Alexios Zavras <alexios.zavras@intel.com>,
        iommu@lists.linux-foundation.org, Mark Brown <broonie@kernel.org>,
        James Morse <james.morse@arm.com>,
        Julien Thierry <julien.thierry.kdev@gmail.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        wanghaibin.wang@huawei.com, Thomas Gleixner <tglx@linutronix.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        linux-arm-kernel@lists.infradead.org
References: <20201205082957.12544-1-zhukeqian1@huawei.com>
 <b85e98c8-0117-49c5-97ad-896ff88f7b88@arm.com>
 <20201207120527.GA4474@willie-the-truck>
 <2b0ec25b-0fa4-65ca-7c1b-109ce766197f@huawei.com>
From:   Robin Murphy <robin.murphy@arm.com>
Message-ID: <9a6f31d7-3471-c045-368b-42ece5a2d34d@arm.com>
Date:   Mon, 7 Dec 2020 12:46:44 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101
 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <2b0ec25b-0fa4-65ca-7c1b-109ce766197f@huawei.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2020-12-07 12:15, zhukeqian wrote:
> Hi,
> 
> On 2020/12/7 20:05, Will Deacon wrote:
>> On Mon, Dec 07, 2020 at 12:01:09PM +0000, Robin Murphy wrote:
>>> On 2020-12-05 08:29, Keqian Zhu wrote:
>>>> ... then we have more chance to detect wrong code logic.
>>>
>>> I don't follow that justification - it's still the same check with the same
>>> outcome, so how does moving it have any effect on the chance to detect
>>> errors?
> 
>>>
>>> AFAICS the only difference it would make is to make some errors *less*
>>> obvious - if a sufficiently broken caller passes an empty prot value
>>> alongside an invalid size or already-mapped address, this will now quietly
>>> hide the warnings from the more serious condition(s).
>>>
>>> Yes, it will bail out a bit faster in the specific case where the prot value
>>> is the only thing wrong, but since when do we optimise for fundamentally
>>> incorrect API usage?
>>
>> I thought it was the other way round -- doesn't this patch move the "empty
>> prot" check later, so we have a chance to check the size and addresses
>> first?
> 
> Yes, this is my original idea.
> For that we treat iommu_prot with no permission as success at early start, defer
> this early return can expose hidden errors.

...oh dear, my apologies. I've just had a week off and apparently in 
that time I lost the ability to read :(

I was somehow convinced that the existing check happened at the point 
where we go to install the PTE, and this patch was moving it earlier. 
Looking at the whole code in context now I see I got it completely 
backwards. Sorry for being an idiot.

I guess that only goes to show that a more descriptive commit message 
would definitely be a good thing :)

Robin.

> 
> Thanks,
> Keqian
>>
>> Will
>>
>>>> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
>>>> ---
>>>>    drivers/iommu/io-pgtable-arm.c | 8 ++++----
>>>>    1 file changed, 4 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
>>>> index a7a9bc08dcd1..8ade72adab31 100644
>>>> --- a/drivers/iommu/io-pgtable-arm.c
>>>> +++ b/drivers/iommu/io-pgtable-arm.c
>>>> @@ -444,10 +444,6 @@ static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
>>>>    	arm_lpae_iopte prot;
>>>>    	long iaext = (s64)iova >> cfg->ias;
>>>> -	/* If no access, then nothing to do */
>>>> -	if (!(iommu_prot & (IOMMU_READ | IOMMU_WRITE)))
>>>> -		return 0;
>>>> -
>>>>    	if (WARN_ON(!size || (size & cfg->pgsize_bitmap) != size))
>>>>    		return -EINVAL;
>>>> @@ -456,6 +452,10 @@ static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
>>>>    	if (WARN_ON(iaext || paddr >> cfg->oas))
>>>>    		return -ERANGE;
>>>> +	/* If no access, then nothing to do */
>>>> +	if (!(iommu_prot & (IOMMU_READ | IOMMU_WRITE)))
>>>> +		return 0;
>>>> +
>>>>    	prot = arm_lpae_prot_to_pte(data, iommu_prot);
>>>>    	ret = __arm_lpae_map(data, iova, paddr, size, prot, lvl, ptep, gfp);
>>>>    	/*
>>>>
>> .
>>
> _______________________________________________
> iommu mailing list
> iommu@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/iommu
>