Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp3039990pxy; Wed, 4 Aug 2021 00:16:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz0xFk4Qek5a6S3Vd1rkuM/4THDcKbp7FPIe1lyGJELzElz26l6CdrDizFeU6NEmhy0TJv9 X-Received: by 2002:a17:906:94cb:: with SMTP id d11mr24895941ejy.17.1628061399743; Wed, 04 Aug 2021 00:16:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628061399; cv=none; d=google.com; s=arc-20160816; b=cC/5iHbWzIrZjsnzqex2D+HLXzvkCBZIcUHnN4AbceVwIaP6M7hnJzsTbYfyMFYtdh 5aBbNQAF8IbQEo74x4uzkoU/OZ92OrAELdL4/GODWheUPxpHKYBt9AmjaY8uxJzsMhe8 1g155Nd+QMyWYWp6qkBb0rwWOD0BblgWbpLEhrxVbkJ1du8mXRqkfSWFMB67GqSLjYWo R6yFIuXyvdDleYRCU0q9+xB5jkndMItCv6kGGh5cEV1Ixm8w5d3e/ZV9PS/PPGAjssiU aH2HsgFRuLnijoPWa/vZaOFObgBBU8ckbg/hcj8nBQL1JZD3VLtnFj5Sp3SU+qtpMd8c tjFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature:dkim-filter; bh=9ZaqFTUSUabTOCq0gU0pkK9jc2pEBX00jmp+GcZOv0g=; b=WS+S4lKb35JXESxS7YBztoJ1/jVNd9RLhHTk1HENQ5hFwEjPp32LRWf574EpCFCHOU ZRUwJSFEH4Oo5e2tSf5g3C1AHVQBa73oFAQj32sSIcglyF0b4QstiLSaMCrgznEZVXBP gqpcq/zaeKYZHR9UTKy2aECE8ELGIazVvnbW8GSfSeM6a4G48JWiuUF2nsxCkqhNm2YT UPy3DWpcpqCBPoNCoq1JUORbZTinVc20X9RNgwlbGS/ziC0SV4PP96gZ5dkPRE8uND6s MfzlCJlCwCfAyN3gZ+IvwcBEm3LpwEVPeiBy3szC8IaQAE3/663GUwv81NATNrnWV+Lk +KNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=JHIEvDfm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p4si1529809eju.502.2021.08.04.00.16.16; Wed, 04 Aug 2021 00:16:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=JHIEvDfm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235720AbhHDHEQ (ORCPT + 99 others); Wed, 4 Aug 2021 03:04:16 -0400 Received: from linux.microsoft.com ([13.77.154.182]:39738 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235487AbhHDHEN (ORCPT ); Wed, 4 Aug 2021 03:04:13 -0400 Received: from [192.168.1.87] (unknown [223.178.56.171]) by linux.microsoft.com (Postfix) with ESMTPSA id 2C02F20B36E0; Wed, 4 Aug 2021 00:03:56 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2C02F20B36E0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1628060640; bh=9ZaqFTUSUabTOCq0gU0pkK9jc2pEBX00jmp+GcZOv0g=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=JHIEvDfmp/H7TPFi3UdGVZV5txesuMGg+GjVhE4Jx7Xljpo0hIVLuneKK/qsbLfLm zs5+T6qQbrLgMqQSh9cbdsu1Bb5/KjbY6RPzr4A4WlW4CuC9bLlCVUIE1HuFqgG3r0 Ors/l3/xf672Y0iQsGVu3qb7pyPhE38/p4VW+cOs= Subject: Re: [RFC v1 6/8] mshv: command line option to skip devices in PV-IOMMU To: Wei Liu Cc: Linux on Hyper-V List , virtualization@lists.linux-foundation.org, Linux Kernel List , Michael Kelley , Vineeth Pillai , Sunil Muthuswamy , Nuno Das Neves , pasha.tatashin@soleen.com, "K. Y. Srinivasan" , Haiyang Zhang , Stephen Hemminger , Dexuan Cui , Joerg Roedel , Will Deacon , "open list:IOMMU DRIVERS" References: <20210709114339.3467637-1-wei.liu@kernel.org> <20210709114339.3467637-7-wei.liu@kernel.org> <4a6918ea-e3e5-55c9-a12d-bee7261301fd@linux.microsoft.com> <20210803215617.fzx2vrzhsabrrolc@liuwe-devbox-debian-v2> From: Praveen Kumar Message-ID: <8d9b6b9a-62b1-95ea-1bb6-258e72c1800d@linux.microsoft.com> Date: Wed, 4 Aug 2021 12:33:54 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <20210803215617.fzx2vrzhsabrrolc@liuwe-devbox-debian-v2> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04-08-2021 03:26, Wei Liu wrote: >>> struct iommu_domain domain; >>> @@ -774,6 +784,41 @@ static struct iommu_device *hv_iommu_probe_device(struct device *dev) >>> if (!dev_is_pci(dev)) >>> return ERR_PTR(-ENODEV); >>> >>> + /* >>> + * Skip the PCI device specified in `pci_devs_to_skip`. This is a >>> + * temporary solution until we figure out a way to extract information >>> + * from the hypervisor what devices it is already using. >>> + */ >>> + if (pci_devs_to_skip && *pci_devs_to_skip) { >>> + int pos = 0; >>> + int parsed; >>> + int segment, bus, slot, func; >>> + struct pci_dev *pdev = to_pci_dev(dev); >>> + >>> + do { >>> + parsed = 0; >>> + >>> + sscanf(pci_devs_to_skip + pos, >>> + " (%x:%x:%x.%x) %n", >>> + &segment, &bus, &slot, &func, &parsed); >>> + >>> + if (parsed <= 0) >>> + break; >>> + >>> + if (pci_domain_nr(pdev->bus) == segment && >>> + pdev->bus->number == bus && >>> + PCI_SLOT(pdev->devfn) == slot && >>> + PCI_FUNC(pdev->devfn) == func) >>> + { >>> + dev_info(dev, "skipped by MSHV IOMMU\n"); >>> + return ERR_PTR(-ENODEV); >>> + } >>> + >>> + pos += parsed; >>> + >>> + } while (pci_devs_to_skip[pos]); >> >> Is there a possibility of pci_devs_to_skip + pos > sizeof(pci_devs_to_skip) >> and also a valid memory ? > > pos should point to the last parsed position. If parsing fails pos does > not get updated and the code breaks out of the loop. If parsing is > success pos should point to either the start of next element of '\0' > (end of string). To me this is good enough. The point is, hypothetically the address to pci_devs_to_skip + pos can be valid address (later to '\0'), and thus there is a possibility, that parsing may not fail. Another, there is also a possibility of sscanf faulting accessing the illegal address, if pci_devs_to_skip[pos] turns out to be not NULL or valid address. > >> I would recommend to have a check of size as well before accessing the >> array content, just to be safer accessing any memory. >> > > What check do you have in mind? Something like, size_t len = strlen(pci_devs_to_skip); do { len -= parsed; } while (len); OR do { ... pos += parsed; } while (pos < len); Further, I'm also fine with the existing code, if you think this won't break and already been taken care. Thanks. Regards, ~Praveen.