Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2212152pxb; Mon, 23 Aug 2021 14:55:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyz7uNVzHCXACx+T9c5Tzz1UAVL0DF+WML+6G/OweYBC2c70uTQUzs47FcU/wTv46hDlDIO X-Received: by 2002:a6b:7106:: with SMTP id q6mr28210869iog.174.1629755732376; Mon, 23 Aug 2021 14:55:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629755732; cv=none; d=google.com; s=arc-20160816; b=d6yN4cIM+QOsvHrUdm8i2exVGkLQWNP1OTi+j5cBGtHGE5JJl+iAYqxCu5PLrYxZZf sUHmZsWC9m29dOl7uewfMTxo6UPyHJYXMUh1oN4jEYL7329K+1IXNKGX/uPZumboqOc2 /C2XFzyoD1HcVB5FgbkhXwpCx6e53P6B8AQPRuAqFliCptvNcqZPNS1jupjFCZjkLdpT 6VydAadMtK83yQKZ27FNwtVwo5pHzjT4XUfXeypgAiJ6t6dv8q1Zg4f9tkOkm9ti/iu0 d3D4Td9y4MUbhfEKNrEHYuip3wwvZGSiOXxoHrJpdK5pUGQ1VrjdXZFrc0RvylObwPDx GZ+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:references:in-reply-to:user-agent:subject:cc:to:from :date; bh=gxdAobCdcPVl/alyt7NCZ1suNNjR0vRym5/qxzYEPcw=; b=jRp/puM3T5ttV5I067xhw0g7q6OoYhaOJmYTBS0Z8LUfKIJN+GGEKvf273+EA06PgN jHG37yyropXE0ZMxAxA97KiDqHceAP1jG7GBKhVc25UpHNQHzQGO46v5LIAPW5afMh+j 5aUPG6s8YgyN2sazhEzN2ilbQMOZnGDraqM4WDrs3+vRCCK7vzlvDhXuBFOsW3YJfXHQ +Md7axgZIunaqMEH8eP/6aR3mrZ7QUl4aHBuDfZSb4JrYiQ2UTZrZJBOsds7vvxG7ws8 STwLIkmfdCZ3d9DyguEUMrcGzVC+P3P49nM5A65rYp96ijjB9p3044ppQoYoScnI9ebY n4nA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g8si15851421jal.26.2021.08.23.14.55.20; Mon, 23 Aug 2021 14:55:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232963AbhHWVzZ convert rfc822-to-8bit (ORCPT + 99 others); Mon, 23 Aug 2021 17:55:25 -0400 Received: from foss.arm.com ([217.140.110.172]:57400 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232898AbhHWVzY (ORCPT ); Mon, 23 Aug 2021 17:55:24 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CF9D41042; Mon, 23 Aug 2021 14:54:40 -0700 (PDT) Received: from [127.0.0.1] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5FB0B3F766; Mon, 23 Aug 2021 14:54:40 -0700 (PDT) Date: Mon, 23 Aug 2021 22:54:35 +0100 From: Steven Price To: dri-devel@lists.freedesktop.org, Alyssa Rosenzweig CC: Alyssa Rosenzweig , Rob Herring , Tomeu Vizoso , David Airlie , Daniel Vetter , linux-kernel@vger.kernel.org, Chris Morgan , stable@vger.kernel.org Subject: Re: [PATCH 1/3] drm/panfrost: Simplify lock_region calculation User-Agent: K-9 Mail for Android In-Reply-To: References: <20210820213117.13050-1-alyssa.rosenzweig@collabora.com> <20210820213117.13050-2-alyssa.rosenzweig@collabora.com> <192e5a1b-2caf-11a8-f090-ec5649ea16b5@arm.com> Message-ID: <7076BF0A-C40E-4E5A-9185-FDB3882EC539@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23 August 2021 22:09:08 BST, Alyssa Rosenzweig wrote: >> > In lock_region, simplify the calculation of the region_width parameter. >> > This field is the size, but encoded as log2(ceil(size)) - 1. >> > log2(ceil(size)) may be computed directly as fls(size - 1). However, we >> > want to use the 64-bit versions as the amount to lock can exceed >> > 32-bits. >> > >> > This avoids undefined behaviour when locking all memory (size ~0), >> > caught by UBSAN. >> >> It might have been useful to mention what it is that UBSAN specifically >> picked up (it took me a while to spot) - but anyway I think there's a >> bigger issue with it being completely wrong when size == ~0 (see below). > >Indeed. I've updated the commit message in v2 to explain what goes >wrong (your analysis was spot on, but a mailing list message is more >ephermal than a commit message). I'll send out v2 tomorrow assuming >nobody objects to v1 in the mean time. > >Thanks for the review. > >> There is potentially a third bug which kbase only recently attempted to >> fix. The lock address is effectively rounded down by the hardware (the >> bottom bits are ignored). So if you have mask=(1<> (iova & mask) != ((iova + size) & mask) then you are potentially failing >> to lock the end of the intended region. kbase has added some code to >> handle this: >> >> > /* Round up if some memory pages spill into the next region. */ >> > region_frame_number_start = pfn >> (lockaddr_size_log2 - PAGE_SHIFT); >> > region_frame_number_end = >> > (pfn + num_pages - 1) >> (lockaddr_size_log2 - PAGE_SHIFT); >> > >> > if (region_frame_number_start < region_frame_number_end) >> > lockaddr_size_log2 += 1; >> >> I guess we should too? > >Oh, I missed this one. Guess we have 4 bugs with this code instead of >just 3, yikes. How could such a short function be so deeply and horribly >broken? ���� > >Should I add a fourth patch to the series to fix this? Yes please! Thanks, Steve