Re: [PATCH v2 27/30] iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper

All of lore.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Guanghui Feng" <guanghuifeng@linux.alibaba.com>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH v2 27/30] iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper
Date: Tue, 02 Jun 2026 13:22:09 +0000	[thread overview]
Message-ID: <20260602132210.6868E1F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260602104637.1219810-28-guanghuifeng@linux.alibaba.com>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Critical] In `arm_smmu_iova_to_phys_hard`, a hardware translation failure returns `0` instead of `PHYS_ADDR_MAX`. This breaks callers of `iommu_iova_to_phys_length` which expect `PHYS_ADDR_MAX` to detect failures, causing them to treat physical address `0` as a valid translation result.
--

commit 17d24f53e1c566320f87a73674b736d336e36024
Author: Guanghui Feng <guanghuifeng@linux.alibaba.com>

iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper

Remove the iova_to_phys wrapper function and .iova_to_phys assignment
from ARM LPAE io-pgtable, as all callers now use iova_to_phys_length.

> diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
> index 2b94e0563e214..ceea8da8d1fd7 100644
> --- a/drivers/iommu/io-pgtable-arm.c
> +++ b/drivers/iommu/io-pgtable-arm.c
[ ... ]
> @@ -999,7 +987,6 @@ arm_lpae_alloc_pgtable(struct io_pgtable_cfg *cfg)
>  	data->iop.ops = (struct io_pgtable_ops) {
>  		.map_pages	= arm_lpae_map_pages,
>  		.unmap_pages	= arm_lpae_unmap_pages,
> -		.iova_to_phys	= arm_lpae_iova_to_phys,
>  		.iova_to_phys_length	= arm_lpae_iova_to_phys_length,

[Severity: Critical]
With the API migration to iova_to_phys_length now complete, does this introduce
a regression in error handling for drivers like arm-smmu?

The old iova_to_phys interface expected 0 on failure, but iova_to_phys_length
expects PHYS_ADDR_MAX. Looking at drivers/iommu/arm/arm-smmu/arm-smmu.c,
arm_smmu_iova_to_phys_length() can call arm_smmu_iova_to_phys_hard() which
still returns 0 instead of PHYS_ADDR_MAX on runtime PM get failure:

	ret = arm_smmu_rpm_get(smmu);
	if (ret < 0)
		return 0;

It also returns 0 on a hardware translation fault:

	if (phys & ARM_SMMU_CB_PAR_F) {
		dev_err(dev, "translation fault!\n");
		dev_err(dev, "PAR = 0x%llx\n", phys);
		goto out;
	}

	addr = (phys & GENMASK_ULL(39, 12)) | (iova & 0xfff);
out:
	arm_smmu_rpm_put(smmu);

	return addr;

Could callers like vfio_iommu_type1 now treat 0 as a valid physical address,
bypassing the WARN_ON(phys == PHYS_ADDR_MAX) check?

If iommu_unmap() unmaps the region, would VFIO use this incorrect physical
address 0 to unpin pages?

This appears to lead to an arbitrary page reference count decrement on PFN 0,
and could leak the reference count of the actual unmapped physical memory.

>  		.read_and_clear_dirty = arm_lpae_read_and_clear_dirty,
>  		.pgtable_walk	= arm_lpae_pgtable_walk,
>  	};

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260602104637.1219810-1-guanghuifeng@linux.alibaba.com?part=27

next prev parent reply	other threads:[~2026-06-02 13:22 UTC|newest]

Thread overview: 145+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-29  7:09 [RFC PATCH] Optimize VFIO and IOMMU mapping traversal Guanghui Feng
2026-05-29  7:52 ` sashiko-bot
2026-05-29 11:51 ` Jason Gunthorpe
2026-05-31  9:36   ` [PATCH 0/9] iommu: introduce iova_to_phys_length for efficient IOVA-to-physical translation Guanghui Feng
2026-05-31  9:36     ` [PATCH 1/9] iommu: introduce iova_to_phys_length in iommu_domain_ops Guanghui Feng
2026-05-31  9:54       ` sashiko-bot
2026-05-31 23:51       ` Jason Gunthorpe
2026-06-01  8:41         ` guanghuifeng
2026-06-01 13:43           ` Jason Gunthorpe
2026-06-01 14:14             ` guanghuifeng
2026-06-01 14:31               ` Jason Gunthorpe
2026-05-31  9:36     ` [PATCH 2/9] iommu/io-pgtable: introduce iova_to_phys_length in io_pgtable_ops Guanghui Feng
2026-05-31 10:03       ` sashiko-bot
2026-05-31  9:36     ` [PATCH 3/9] iommu/generic_pt: implement iova_to_phys_length Guanghui Feng
2026-05-31 10:12       ` sashiko-bot
2026-05-31 23:54       ` Jason Gunthorpe
2026-06-01  9:23         ` guanghuifeng
2026-06-01 14:24         ` guanghuifeng
2026-06-01 14:32           ` Jason Gunthorpe
2026-06-02  7:20         ` guanghuifeng
2026-06-02 12:32           ` Jason Gunthorpe
2026-05-31  9:36     ` [PATCH 4/9] iommu/arm-smmu: " Guanghui Feng
2026-05-31 10:22       ` sashiko-bot
2026-05-31  9:36     ` [PATCH 5/9] iommu: apple-dart/ipmmu/mtk_iommu " Guanghui Feng
2026-05-31 10:32       ` sashiko-bot
2026-05-31  9:36     ` [PATCH 6/9] iommu: direct page-table drivers " Guanghui Feng
2026-05-31 10:47       ` sashiko-bot
2026-05-31  9:36     ` [PATCH 7/9] vfio/iommufd: use iova_to_phys_length for efficient unmap Guanghui Feng
2026-05-31 11:01       ` sashiko-bot
2026-05-31 23:58       ` Jason Gunthorpe
2026-05-31  9:36     ` [PATCH 8/9] drm/gpu, iommu/io-pgtable: switch to iova_to_phys_length Guanghui Feng
2026-05-31  9:36     ` [PATCH 9/9] iommu: remove deprecated iova_to_phys from domain_ops and io_pgtable_ops Guanghui Feng
2026-05-31 11:17       ` sashiko-bot
2026-06-02 10:46     ` [PATCH v2 00/30] iommu: introduce iova_to_phys_length for efficient IOVA-to-physical translation Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 01/30] iommu: introduce iova_to_phys_length in iommu_domain_ops Guanghui Feng
2026-06-02 11:05         ` sashiko-bot
2026-06-03  1:08         ` Jason Gunthorpe
2026-06-02 10:46       ` [PATCH v2 02/30] iommu/io-pgtable-arm: introduce iova_to_phys_length in io_pgtable_ops Guanghui Feng
2026-06-02 11:09         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 03/30] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-02 11:02         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 04/30] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 05/30] iommu/generic_pt: implement iova_to_phys_length Guanghui Feng
2026-06-02 11:06         ` sashiko-bot
2026-06-03  1:11         ` Jason Gunthorpe
2026-06-02 10:46       ` [PATCH v2 06/30] iommu/arm-smmu-v3: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 07/30] iommu/arm-smmu: " Guanghui Feng
2026-06-02 11:04         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 08/30] iommu/qcom_iommu: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 09/30] iommu/apple-dart: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 10/30] iommu/ipmmu-vmsa: " Guanghui Feng
2026-06-03  1:13         ` Jason Gunthorpe
2026-06-02 10:46       ` [PATCH v2 11/30] iommu/mtk_iommu: " Guanghui Feng
2026-06-03  1:17         ` Jason Gunthorpe
2026-06-02 10:46       ` [PATCH v2 12/30] iommu/exynos: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 13/30] iommu/fsl_pamu: " Guanghui Feng
2026-06-02 11:02         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 14/30] iommu/msm: " Guanghui Feng
2026-06-02 11:04         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 15/30] iommu/mtk_v1: " Guanghui Feng
2026-06-02 11:12         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 16/30] iommu/omap: " Guanghui Feng
2026-06-02 11:09         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 17/30] iommu/rockchip: " Guanghui Feng
2026-06-02 11:03         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 18/30] iommu/s390: " Guanghui Feng
2026-06-02 11:10         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 19/30] iommu/sprd: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 20/30] iommu/sun50i: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 21/30] iommu/tegra-smmu: " Guanghui Feng
2026-06-02 11:10         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 22/30] iommu/virtio: " Guanghui Feng
2026-06-02 11:15         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 23/30] vfio/iommufd: use iova_to_phys_length for efficient unmap Guanghui Feng
2026-06-02 11:16         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 24/30] drm/panfrost: switch to iova_to_phys_length Guanghui Feng
2026-06-02 11:14         ` sashiko-bot
2026-06-02 10:46       ` [PATCH v2 25/30] drm/panthor: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 26/30] iommu/io-pgtable: selftests " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 27/30] iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper Guanghui Feng
2026-06-02 13:22         ` sashiko-bot [this message]
2026-06-02 10:46       ` [PATCH v2 28/30] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 29/30] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-02 10:46       ` [PATCH v2 30/30] iommu: remove iova_to_phys from domain_ops and io_pgtable_ops Guanghui Feng
2026-06-02 11:16         ` sashiko-bot
2026-06-03 15:17       ` [PATCH v3 00/32] iommu: introduce iova_to_phys_length and remove iova_to_phys Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 01/32] iommu: introduce iova_to_phys_length in iommu_domain_ops Guanghui Feng
2026-06-03 15:38           ` sashiko-bot
2026-06-04  2:44           ` Baolu Lu
2026-06-04 14:16           ` Jason Gunthorpe
2026-06-03 15:17         ` [PATCH v3 02/32] iommu/io-pgtable-arm: introduce iova_to_phys_length in io_pgtable_ops Guanghui Feng
2026-06-03 15:35           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 03/32] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 04/32] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 05/32] iommu/generic_pt: implement iova_to_phys_length Guanghui Feng
2026-06-03 15:39           ` sashiko-bot
2026-06-04  3:30           ` Baolu Lu
2026-06-04 14:12             ` Jason Gunthorpe
2026-06-03 15:17         ` [PATCH v3 06/32] iommu/arm-smmu-v3: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 07/32] iommu/arm-smmu: " Guanghui Feng
2026-06-03 15:42           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 08/32] iommu/qcom_iommu: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 09/32] iommu/apple-dart: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 10/32] iommu/ipmmu-vmsa: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 11/32] iommu/mtk_iommu: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 12/32] iommu/exynos: " Guanghui Feng
2026-06-03 15:46           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 13/32] iommu/fsl_pamu: " Guanghui Feng
2026-06-03 15:48           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 14/32] iommu/msm: " Guanghui Feng
2026-06-03 15:51           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 15/32] iommu/mtk_v1: " Guanghui Feng
2026-06-03 15:58           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 16/32] iommu/omap: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 17/32] iommu/rockchip: " Guanghui Feng
2026-06-03 15:53           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 18/32] iommu/s390: " Guanghui Feng
2026-06-03 16:03           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 19/32] iommu/sprd: " Guanghui Feng
2026-06-03 15:57           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 20/32] iommu/sun50i: " Guanghui Feng
2026-06-03 15:17         ` [PATCH v3 21/32] iommu/tegra-smmu: " Guanghui Feng
2026-06-03 16:04           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 22/32] iommu/virtio: " Guanghui Feng
2026-06-03 16:10           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 23/32] vfio: use iova_to_phys_length for efficient unmap Guanghui Feng
2026-06-03 16:14           ` sashiko-bot
2026-06-04 14:27           ` Jason Gunthorpe
2026-06-03 15:17         ` [PATCH v3 24/32] iommufd: " Guanghui Feng
2026-06-03 16:14           ` sashiko-bot
2026-06-04 14:26           ` Jason Gunthorpe
2026-06-03 15:17         ` [PATCH v3 25/32] iommufd/selftest: switch to iommu_iova_to_phys_length Guanghui Feng
2026-06-03 16:17           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 26/32] drm/panfrost: switch to iova_to_phys_length Guanghui Feng
2026-06-03 16:13           ` sashiko-bot
2026-06-03 15:17         ` [PATCH v3 27/32] drm/panthor: " Guanghui Feng
2026-06-03 16:16           ` sashiko-bot
2026-06-03 15:18         ` [PATCH v3 28/32] iommu/io-pgtable: selftests " Guanghui Feng
2026-06-03 15:18         ` [PATCH v3 29/32] iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper Guanghui Feng
2026-06-03 16:32           ` sashiko-bot
2026-06-03 15:18         ` [PATCH v3 30/32] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-03 16:31           ` sashiko-bot
2026-06-03 15:18         ` [PATCH v3 31/32] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-03 15:18         ` [PATCH v3 32/32] iommu: remove iova_to_phys from domain_ops and io_pgtable_ops Guanghui Feng
2026-06-03 16:26           ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260602132210.6868E1F00893@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=guanghuifeng@linux.alibaba.com \
    --cc=kvm@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.