Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp239213pxj; Thu, 3 Jun 2021 05:38:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwU7nmq1Pe4p9sNUwntTpq999qWVFN7xczeDR4XUF38Uy1FxhSILX4WmN1TkIZJ9+5F8LTy X-Received: by 2002:a50:9e2e:: with SMTP id z43mr42873881ede.70.1622723900209; Thu, 03 Jun 2021 05:38:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622723900; cv=none; d=google.com; s=arc-20160816; b=NNcGcoptQIb8sXyIlGu10pU5KT8auTV+bUTLtqFUR1VLDK8dz5iVGCcYQo5Gu71OFc ofOghaYtFAaLoN7RpVYQRtHQWKqdrzSciOYIAqlBWxO61d2IS5f8zMfZfyZwlVDArxyT Ko19XF46iKP174BWqDK6VqqZnT5tl9+U12Dhqs2d0olvsuPcBs4/bxWtdu+/DIdcwcVC xQ4xk49E0MToZZw3aTQyXov9nmG0oayo1TDlxQuVKOePSvcMiJoqMJ1tLCR67SPPy35s n3xBg8/E9QbVhv+Gua6M8RG+qNisEy/XZHkTcUrQZBaDhAFCwG158MRy0eZeF3fg2iy3 I7Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=lzC3r5624uRSR5sIPmiv+a3DfZfzJ0IrTgNv+U4BJ2U=; b=iCYmd+J9WrFTYfM8TL2cDCPahRa6XeG3+B0RHmNbovy1sjgKUaXxAblUp1aejAafqX j/Yz1ktJqdpYUiK4Tnm5SgeLkzsUCg1Q9IuCKVooLJtc1YGtFRZTlsAw6l83hfUozjCz PNDJuAvo74o766uiMR4S0yhWReaKgp6D9lrd1eiKf0xZUw0I0pXItrgV7A5RnX7QtzKL XCcMoSC/+Zy4Fv00Pm64sfC8c59bSbbo0imdNTDh6qFWmWVkscXDeMuepEdvTNpNFMJv xeObkmtzPyRI+6tJYon1U6rK8yoMzScNKgr/baTtaQocOQV0iQrLC4L8ZHsw34vrp7Zd zecQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y4si2336167edi.355.2021.06.03.05.37.57; Thu, 03 Jun 2021 05:38:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230188AbhFCMin (ORCPT + 99 others); Thu, 3 Jun 2021 08:38:43 -0400 Received: from mga06.intel.com ([134.134.136.31]:55086 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229966AbhFCMim (ORCPT ); Thu, 3 Jun 2021 08:38:42 -0400 IronPort-SDR: hSf7E9petHXXdovaPsOnzPGHbntXlZz795wFr9gkckrkAC0hWw98hRA1cy7lLzzBuJd1dHOUHO 0UNvcRT9K9kg== X-IronPort-AV: E=McAfee;i="6200,9189,10003"; a="265204211" X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="265204211" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 05:36:55 -0700 IronPort-SDR: DMsT4IunyzTkMTPF0j+HWuKSdADAefIJviCOAMI8H+DVHk0IbyopR6+wX1W0nFTnGGRm62w+1Y H1wyY/+b4K/Q== X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="550676961" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.209.7.237]) ([10.209.7.237]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 05:36:54 -0700 Subject: Re: [PATCH v1 6/8] dma: Add return value to dma_unmap_page To: Robin Murphy , mst@redhat.com Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, iommu@lists.linux-foundation.org, x86@kernel.org, sathyanarayanan.kuppuswamy@linux.intel.com, jpoimboe@redhat.com, linux-kernel@vger.kernel.org References: <20210603004133.4079390-1-ak@linux.intel.com> <20210603004133.4079390-7-ak@linux.intel.com> From: Andi Kleen Message-ID: Date: Thu, 3 Jun 2021 05:36:53 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > What it looks like to me is abusing SWIOTLB's internal housekeeping to > keep track of virtio-specific state. The DMA API does not attempt to > validate calls in general since in many cases the additional overhead > would be prohibitive. It has always been callers' responsibility to > keep track of what they mapped and make sure sync/unmap calls match, > and there are many, many, subtle and not-so-subtle ways for things to > go wrong if they don't. If virtio is not doing a good enough job of > that, what's the justification for making it the DMA API's problem? In this case it's not prohibitive at all. Just adding a few error returns, and checking the overlap (which seems to have been already solved anyways) I would argue the error returns are good practice anyways, so that API users can check that something bad happening and abort.  The DMA API was never very good at proper error handling, but there's no reason at all to continue being bad it forever. AFAIK the rest just works anyways, so it's not really a new problem to be solved. > >> A new callback is used to avoid changing all the IOMMU drivers. > > Nit: presumably by "IOMMU drivers" you actually mean arch DMA API > backends? Yes > >  Furthermore, AFAICS it's still not going to help against exfiltrating > guest memory by over-unmapping the original SWIOTLB slot *without* > going past the end of the whole buffer, That would be just exfiltrating data that is already shared, unless I'm misunderstanding you. -Andi