Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp3542147pxb; Mon, 4 Oct 2021 04:43:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxTO2YPr2IC5/0k51+MYo8hy7nrSDHq58qFsV5jBra/ysi9VMlQYf1z+8uZrme4Iw2B/Pxg X-Received: by 2002:a50:bf0f:: with SMTP id f15mr17339274edk.43.1633347803156; Mon, 04 Oct 2021 04:43:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633347803; cv=none; d=google.com; s=arc-20160816; b=GaLDeuyRq2xOmXOmeQeS8A8Cz8b9A1UkwIfN53fCWEqpmRFUNlxx5mwMqFVLTiQ2le sD95ifPAC419wLDjksRQQYC4KmsjxsIWnAR6iVkDDm9YTaZnzGpNqiHuK919kayKO4iJ svQ7dyV66IXTCG5LphqG35tjYnd5gPaCgDPVLBjQkInOgINGBILV+RxNGbtPMIzMlaw8 SCa+e1NeE74zLJox4mknopudxGmD/GXauEkEYrYBRtrIrBvunltHIO0PVEMtuSV6nBFa xNneNknGeZIi3BXYyUJ0JdsWScSGKdoJ9h46IwweyIcdJ8mMzK7elU4TPXvjW+nolcOh 8a0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=pWen03MW76+vLMnsrgtKbGm1eah2vCWz5eLA/Hrcbr8=; b=pDnHdiWrx9LLzazaF8EuVDX18RsJa3eG4ZTpqbKWbtOxvjiFZROX1k+IkALbby2xCD OlNHM9WkL49hzByufkseHnryRi/GORyHQz3UOSihLmLNVI1wwAo2j6jYho5pUNRpGOP8 b+zxTw5+3C+51gVAFxQAe29z25pCRJJOkHLc4S/24pP08sYAbjiPZe0dnFBLpIkoUJp7 twK6aHfAoDyzWMv4zICLMecgwWYVvv7JxTA2b7q/4a+KXhKQ1LYJP5tfpU1/QNh5TOJE HOtgQjNjvlrZ7T8w1tNSiHFvtwDWx+rbeLJ5+/U358hcu1MgArzNtWq0suGLz0FRlwSx 090Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TTkrdlhm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h1si5759893ede.337.2021.10.04.04.42.59; Mon, 04 Oct 2021 04:43:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TTkrdlhm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233038AbhJDLkc (ORCPT + 99 others); Mon, 4 Oct 2021 07:40:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:38118 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232999AbhJDLka (ORCPT ); Mon, 4 Oct 2021 07:40:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 290916126A; Mon, 4 Oct 2021 11:38:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1633347522; bh=N/fKuI91VrRX38cUMG86Df37anLTauMrP0OpxJCi4EI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TTkrdlhm3/0e4WSPrswiuvJ6yxGZZH6vwcl2WDPCFYPZr2jn45FbEWl3hH51TPZvb OWXVdGRV0O6Uohq6cjITxcYuib0OlvL0GzKGkIvXCwVElxgH6mwQZvj2z2q50wDJJt pDBBqywaPqY9+lEuXNzdZW6MW3ye2F6EX4AU9RVSgZOZqZjESk8d60SzEM1tqICqU2 t2iCEUHmxKSxoEMmRcVQOLsxQGKG6CeJSOV8snLisDSgnLUztVaO6zaGbg4gS1An2d EP1YYfA/rty+mBnTxaOkZuFgcYgw78alWYM37TcB7FHtZ1s92B0EqQdli+cv6N1v6W +/PJFJ3akjvmg== Date: Mon, 4 Oct 2021 12:38:36 +0100 From: Will Deacon To: John Garry Cc: joro@8bytes.org, mst@redhat.com, jasowang@redhat.com, robin.murphy@arm.com, xieyongji@bytedance.com, linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org, virtualization@lists.linux-foundation.org, linuxarm@huawei.com, thunder.leizhen@huawei.com, baolu.lu@linux.intel.com Subject: Re: [PATCH 5/5] iommu/iova: Avoid double-negatives in magazine helpers Message-ID: <20211004113836.GB27373@willie-the-truck> References: <1632477717-5254-1-git-send-email-john.garry@huawei.com> <1632477717-5254-6-git-send-email-john.garry@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1632477717-5254-6-git-send-email-john.garry@huawei.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 24, 2021 at 06:01:57PM +0800, John Garry wrote: > A similar crash to the following could be observed if initial CPU rcache > magazine allocations fail in init_iova_rcaches(): > > Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 > Mem abort info: > > free_iova_fast+0xfc/0x280 > iommu_dma_free_iova+0x64/0x70 > __iommu_dma_unmap+0x9c/0xf8 > iommu_dma_unmap_sg+0xa8/0xc8 > dma_unmap_sg_attrs+0x28/0x50 > cq_thread_v3_hw+0x2dc/0x528 > irq_thread_fn+0x2c/0xa0 > irq_thread+0x130/0x1e0 > kthread+0x154/0x158 > ret_from_fork+0x10/0x34 > > The issue is that expression !iova_magazine_full(NULL) evaluates true; this > falls over in __iova_rcache_insert() when we attempt to cache a mag and > cpu_rcache->loaded == NULL: > > if (!iova_magazine_full(cpu_rcache->loaded)) { > can_insert = true; > ... > > if (can_insert) > iova_magazine_push(cpu_rcache->loaded, iova_pfn); > > As above, can_insert is evaluated true, which it shouldn't be, and we try > to insert pfns in a NULL mag, which is not safe. > > To avoid this, stop using double-negatives, like !iova_magazine_full() and > !iova_magazine_empty(), and use positive tests, like > iova_magazine_has_space() and iova_magazine_has_pfns(), respectively; these > can safely deal with cpu_rcache->{loaded, prev} = NULL. I don't understand why you're saying that things like !iova_magazine_empty() are double-negatives. What about e.g. !list_empty() elsewhre in the kernel? The crux of the fix seems to be: > @@ -783,8 +787,9 @@ static bool __iova_rcache_insert(struct iova_caching_domain *rcached, > if (new_mag) { > spin_lock(&rcache->lock); > if (rcache->depot_size < MAX_GLOBAL_MAGS) { > - rcache->depot[rcache->depot_size++] = > - cpu_rcache->loaded; > + if (cpu_rcache->loaded) > + rcache->depot[rcache->depot_size++] = > + cpu_rcache->loaded; Which could be independent of the renaming? Will