Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp780704pxv; Thu, 22 Jul 2021 11:58:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUVTJPt4LF2YgojNmyHxnQGVjQtGUf7sz8jf6fvd8Jyls2f8teGYUOwSyHJLzExKx4M9Q6 X-Received: by 2002:a50:a456:: with SMTP id v22mr1152485edb.333.1626980322281; Thu, 22 Jul 2021 11:58:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626980322; cv=none; d=google.com; s=arc-20160816; b=RKLny5tlKhjkrtsIkVzlbFPccRYxvnF3rYH0spz5Z8zlySamJtxThFZHqULDXDMORP mi22jpTcyvvDqmul4CFCVYK2g43YvCsSMyEoU09OYqNkNgKuCtr7/edE1vmoj8CgaByX MBteZOqloxULdSn5oh+PJabxdpMZOs/1LvkdQNF77pTzVApgM8EEZzj1LxfGo6paicnE yqK4F4NOuvHe3AOGOCBbRVu1aqXLSmcIGT7mbDAHHDQobOycVOQHZhpi5x4jtLhQizTX jKzkT8P0X7qWouvrORPcVbuFkj2Lnoml3f71Mji863tGKwfqiC8J0+8aNKE+RfDEdgU2 xXoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:user-agent:date:message-id:subject:from:cc:to :dkim-signature; bh=sB8qp9ivM8n28sdXFVpMHUr9NTbiCrxpWCndjr7l/Ek=; b=KB0ksi9c0+Nb8OrMzlGURngqkBikV0VEeoU1cy1jHCW7n4cDMxXtdWIszA+Q47+pSe ehv/+jzGuch715wPfcUPtfJ/83+6OIg4hMCU5TmfrTi6Yfjr3zZVIO6MUAgPQs7OuZJ1 wPT0Ohk7+H1+UWvtTRgSyeIeJhszG/4dyG2Qhe7c23mpeW6m8PhC3IhY0uGu0UYnFaa+ +4zbtxidwNuG4/d99PqJyH+vmyx15lf/GMOBlw/qXaPr69eQbBaZLNefKam9Op2kIcJ7 T6iO/AENF+AOfKPKDx0zZq5w2V/4zdpiu2BTV1eRET0PywucR4waFv2b+BKGLEgb8MvW q7VA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=KEglPHnI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r16si33670873eda.37.2021.07.22.11.58.16; Thu, 22 Jul 2021 11:58:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=KEglPHnI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229710AbhGVSQV (ORCPT + 99 others); Thu, 22 Jul 2021 14:16:21 -0400 Received: from smtp-relay-canonical-0.canonical.com ([185.125.188.120]:42476 "EHLO smtp-relay-canonical-0.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229545AbhGVSQU (ORCPT ); Thu, 22 Jul 2021 14:16:20 -0400 Received: from [10.172.193.212] (1.general.cking.uk.vpn [10.172.193.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id EA4203F224; Thu, 22 Jul 2021 18:56:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1626980214; bh=sB8qp9ivM8n28sdXFVpMHUr9NTbiCrxpWCndjr7l/Ek=; h=To:Cc:From:Subject:Message-ID:Date:MIME-Version:Content-Type; b=KEglPHnIfPyfDBCZjvmNwouyrbJsRQxjjHiDf+Tfb8c+hbynbgcvSmeIncTGaUgGK t8S0lcMmHar7+C5y2/7H2wMPZwBNxqenj8Sph3PcTPsZmDSc/ZVWd7bTu2jP8OII8p CcagJR1ni3WbQDGryKgx5l4Vi4qE6pAf/SiqtWynZtdJDUDNfEej14v6vMtwDxq/vU blrKCqnikfuZxWHQ4vL5JCXXZ2P7MC+fj7WxM/kBTAoh0Ozdl3qmT8eyI99teIBtqJ HjbCFHcRGyDUAszLvoWOM5h71XBop+eOPnt03sJomt8u4L4K6/gRWa0/3KEpobesgj W8nS6M8t6SMfg== To: Dave Jiang Cc: Vinod Koul , dmaengine@vger.kernel.org, "linux-kernel@vger.kernel.org" From: Colin Ian King Subject: re: dmaengine: idxd: fix submission race window Message-ID: <92a5510c-f426-1001-5311-6c615df2e7de@canonical.com> Date: Thu, 22 Jul 2021 19:56:53 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Static analysis with Coverity on Linux-next has found an issue with the following commit: commit 6b4b87f2c31ac1af4f244990a7cbfb50d3f3e33f Author: Dave Jiang Date: Wed Jul 14 11:50:06 2021 -0700 dmaengine: idxd: fix submission race window The analysis is as follows: 180static int irq_process_pending_llist(struct idxd_irq_entry *irq_entry, 181 int *processed, u64 data) 182{ 183 struct idxd_desc *desc, *t; 184 struct llist_node *head; 185 int queued = 0; 186 unsigned long flags; 187 188 *processed = 0; 189 head = llist_del_all(&irq_entry->pending_llist); 190 if (!head) 191 goto out; 192 193 llist_for_each_entry_safe(desc, t, head, llnode) { assignment: Assigning: status = (*desc).completion->status & 0x7f. 194 u8 status = desc->completion->status & DSA_COMP_STATUS_MASK; 195 cond_between: Condition status, taking true branch. Now the value of status is between 1 and 127. cond_cannot_single: Condition status, taking true branch. Now the value of status cannot be equal to 0. 196 if (status) { between: At condition status == IDXD_COMP_DESC_ABORT, the value of status must be between 1 and 127. cond_cannot_set: Condition status == IDXD_COMP_DESC_ABORT, taking false branch. Now the value of status cannot be equal to any of {0, 255}. cannot_single: At condition status == IDXD_COMP_DESC_ABORT, the value of status cannot be equal to 0. dead_error_condition: The condition !!(status == IDXD_COMP_DESC_ABORT) cannot be true. 197 if (unlikely(status == IDXD_COMP_DESC_ABORT)) { Logically dead code (DEADCODE) dead_error_begin: Execution cannot reach this statement: complete_desc(desc, IDXD_CO.... 198 complete_desc(desc, IDXD_COMPLETE_ABORT); 199 (*processed)++; 200 continue; 201 } 202 203 complete_desc(desc, IDXD_COMPLETE_NORMAL); 204 (*processed)++; The check (status == IDXD_COMP_DESC_ABORT) is always false since status was previously masked with 0x7f and IDXD_COMP_DESC_ABORT is 0xff Colin.