Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp3039990pxy;
        Wed, 4 Aug 2021 00:16:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz0xFk4Qek5a6S3Vd1rkuM/4THDcKbp7FPIe1lyGJELzElz26l6CdrDizFeU6NEmhy0TJv9
X-Received: by 2002:a17:906:94cb:: with SMTP id d11mr24895941ejy.17.1628061399743;
        Wed, 04 Aug 2021 00:16:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1628061399; cv=none;
        d=google.com; s=arc-20160816;
        b=cC/5iHbWzIrZjsnzqex2D+HLXzvkCBZIcUHnN4AbceVwIaP6M7hnJzsTbYfyMFYtdh
         5aBbNQAF8IbQEo74x4uzkoU/OZ92OrAELdL4/GODWheUPxpHKYBt9AmjaY8uxJzsMhe8
         1g155Nd+QMyWYWp6qkBb0rwWOD0BblgWbpLEhrxVbkJ1du8mXRqkfSWFMB67GqSLjYWo
         R6yFIuXyvdDleYRCU0q9+xB5jkndMItCv6kGGh5cEV1Ixm8w5d3e/ZV9PS/PPGAjssiU
         aH2HsgFRuLnijoPWa/vZaOFObgBBU8ckbg/hcj8nBQL1JZD3VLtnFj5Sp3SU+qtpMd8c
         tjFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:dkim-signature:dkim-filter;
        bh=9ZaqFTUSUabTOCq0gU0pkK9jc2pEBX00jmp+GcZOv0g=;
        b=WS+S4lKb35JXESxS7YBztoJ1/jVNd9RLhHTk1HENQ5hFwEjPp32LRWf574EpCFCHOU
         ZRUwJSFEH4Oo5e2tSf5g3C1AHVQBa73oFAQj32sSIcglyF0b4QstiLSaMCrgznEZVXBP
         gqpcq/zaeKYZHR9UTKy2aECE8ELGIazVvnbW8GSfSeM6a4G48JWiuUF2nsxCkqhNm2YT
         UPy3DWpcpqCBPoNCoq1JUORbZTinVc20X9RNgwlbGS/ziC0SV4PP96gZ5dkPRE8uND6s
         MfzlCJlCwCfAyN3gZ+IvwcBEm3LpwEVPeiBy3szC8IaQAE3/663GUwv81NATNrnWV+Lk
         +KNQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=JHIEvDfm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p4si1529809eju.502.2021.08.04.00.16.16;
        Wed, 04 Aug 2021 00:16:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=JHIEvDfm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235720AbhHDHEQ (ORCPT <rfc822;liq3ea@gmail.com> + 99 others);
        Wed, 4 Aug 2021 03:04:16 -0400
Received: from linux.microsoft.com ([13.77.154.182]:39738 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235487AbhHDHEN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Aug 2021 03:04:13 -0400
Received: from [192.168.1.87] (unknown [223.178.56.171])
        by linux.microsoft.com (Postfix) with ESMTPSA id 2C02F20B36E0;
        Wed,  4 Aug 2021 00:03:56 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2C02F20B36E0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1628060640;
        bh=9ZaqFTUSUabTOCq0gU0pkK9jc2pEBX00jmp+GcZOv0g=;
        h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
        b=JHIEvDfmp/H7TPFi3UdGVZV5txesuMGg+GjVhE4Jx7Xljpo0hIVLuneKK/qsbLfLm
         zs5+T6qQbrLgMqQSh9cbdsu1Bb5/KjbY6RPzr4A4WlW4CuC9bLlCVUIE1HuFqgG3r0
         Ors/l3/xf672Y0iQsGVu3qb7pyPhE38/p4VW+cOs=
Subject: Re: [RFC v1 6/8] mshv: command line option to skip devices in
 PV-IOMMU
To:     Wei Liu <wei.liu@kernel.org>
Cc:     Linux on Hyper-V List <linux-hyperv@vger.kernel.org>,
        virtualization@lists.linux-foundation.org,
        Linux Kernel List <linux-kernel@vger.kernel.org>,
        Michael Kelley <mikelley@microsoft.com>,
        Vineeth Pillai <viremana@linux.microsoft.com>,
        Sunil Muthuswamy <sunilmut@microsoft.com>,
        Nuno Das Neves <nunodasneves@linux.microsoft.com>,
        pasha.tatashin@soleen.com, "K. Y. Srinivasan" <kys@microsoft.com>,
        Haiyang Zhang <haiyangz@microsoft.com>,
        Stephen Hemminger <sthemmin@microsoft.com>,
        Dexuan Cui <decui@microsoft.com>,
        Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
        "open list:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>
References: <20210709114339.3467637-1-wei.liu@kernel.org>
 <20210709114339.3467637-7-wei.liu@kernel.org>
 <4a6918ea-e3e5-55c9-a12d-bee7261301fd@linux.microsoft.com>
 <20210803215617.fzx2vrzhsabrrolc@liuwe-devbox-debian-v2>
From:   Praveen Kumar <kumarpraveen@linux.microsoft.com>
Message-ID: <8d9b6b9a-62b1-95ea-1bb6-258e72c1800d@linux.microsoft.com>
Date:   Wed, 4 Aug 2021 12:33:54 +0530
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <20210803215617.fzx2vrzhsabrrolc@liuwe-devbox-debian-v2>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 04-08-2021 03:26, Wei Liu wrote:
>>>  	struct iommu_domain domain;
>>> @@ -774,6 +784,41 @@ static struct iommu_device *hv_iommu_probe_device(struct device *dev)
>>>  	if (!dev_is_pci(dev))
>>>  		return ERR_PTR(-ENODEV);
>>>  
>>> +	/*
>>> +	 * Skip the PCI device specified in `pci_devs_to_skip`. This is a
>>> +	 * temporary solution until we figure out a way to extract information
>>> +	 * from the hypervisor what devices it is already using.
>>> +	 */
>>> +	if (pci_devs_to_skip && *pci_devs_to_skip) {
>>> +		int pos = 0;
>>> +		int parsed;
>>> +		int segment, bus, slot, func;
>>> +		struct pci_dev *pdev = to_pci_dev(dev);
>>> +
>>> +		do {
>>> +			parsed = 0;
>>> +
>>> +			sscanf(pci_devs_to_skip + pos,
>>> +				" (%x:%x:%x.%x) %n",
>>> +				&segment, &bus, &slot, &func, &parsed);
>>> +
>>> +			if (parsed <= 0)
>>> +				break;
>>> +
>>> +			if (pci_domain_nr(pdev->bus) == segment &&
>>> +				pdev->bus->number == bus &&
>>> +				PCI_SLOT(pdev->devfn) == slot &&
>>> +				PCI_FUNC(pdev->devfn) == func)
>>> +			{
>>> +				dev_info(dev, "skipped by MSHV IOMMU\n");
>>> +				return ERR_PTR(-ENODEV);
>>> +			}
>>> +
>>> +			pos += parsed;
>>> +
>>> +		} while (pci_devs_to_skip[pos]);
>>
>> Is there a possibility of pci_devs_to_skip + pos > sizeof(pci_devs_to_skip)
>> and also a valid memory ?
> 
> pos should point to the last parsed position. If parsing fails pos does
> not get updated and the code breaks out of the loop. If parsing is
> success pos should point to either the start of next element of '\0'
> (end of string). To me this is good enough.

The point is, hypothetically the address to pci_devs_to_skip + pos can be valid address (later to '\0'), and thus there is a possibility, that parsing may not fail.
Another, there is also a possibility of sscanf faulting accessing the illegal address, if pci_devs_to_skip[pos] turns out to be not NULL or valid address.

> 
>> I would recommend to have a check of size as well before accessing the
>> array content, just to be safer accessing any memory.
>>
> 
> What check do you have in mind?

Something like,
size_t len = strlen(pci_devs_to_skip);
do {

	len -= parsed;
} while (len);

OR

do {
...
	pos += parsed;
} while (pos < len);

Further, I'm also fine with the existing code, if you think this won't break and already been taken care. Thanks.

Regards,

~Praveen.