From: Mostafa Saleh <smostafa@google.com>
To: Will Deacon <will@kernel.org>
Cc: linux-mm@kvack.org, iommu@lists.linux.dev,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
corbet@lwn.net, joro@8bytes.org, robin.murphy@arm.com,
akpm@linux-foundation.org, vbabka@suse.cz, surenb@google.com,
mhocko@suse.com, jackmanb@google.com, hannes@cmpxchg.org,
ziy@nvidia.com, david@redhat.com, lorenzo.stoakes@oracle.com,
Liam.Howlett@oracle.com, rppt@kernel.org,
Qinxin Xia <xiaqinxin@huawei.com>
Subject: Re: [PATCH v2 4/4] drivers/iommu-debug-pagealloc: Check mapped/unmapped kernel memory
Date: Mon, 24 Nov 2025 12:38:50 +0000 [thread overview]
Message-ID: <aSRR2h68l9LRn3iZ@google.com> (raw)
In-Reply-To: <aRW6LWh_1lTce7kU@willie-the-truck>
On Thu, Nov 13, 2025 at 10:59:57AM +0000, Will Deacon wrote:
> On Thu, Nov 06, 2025 at 04:39:53PM +0000, Mostafa Saleh wrote:
> > Now, as the page_ext holds count of IOMMU mappings, we can use it to
> > assert that any page allocated/freed is indeed not in the IOMMU.
> >
> > The sanitizer doesn’t protect against mapping/unmapping during this
> > period. However, that’s less harmful as the page is not used by the
> > kernel.
> >
> > Signed-off-by: Mostafa Saleh <smostafa@google.com>
> > Tested-by: Qinxin Xia <xiaqinxin@huawei.com>
> > ---
> > drivers/iommu/iommu-debug-pagealloc.c | 19 +++++++++++++++++++
> > include/linux/iommu-debug-pagealloc.h | 12 ++++++++++++
> > include/linux/mm.h | 5 +++++
> > 3 files changed, 36 insertions(+)
> >
> > diff --git a/drivers/iommu/iommu-debug-pagealloc.c b/drivers/iommu/iommu-debug-pagealloc.c
> > index 0e14104b971c..5b26c84d3a0e 100644
> > --- a/drivers/iommu/iommu-debug-pagealloc.c
> > +++ b/drivers/iommu/iommu-debug-pagealloc.c
> > @@ -71,6 +71,25 @@ static size_t iommu_debug_page_size(struct iommu_domain *domain)
> > return 1UL << __ffs(domain->pgsize_bitmap);
> > }
> >
> > +static unsigned int iommu_debug_page_count(unsigned long phys)
>
> 'phys_addr_t phys' ?
>
> But having said that, wouldn't you be better off taking the
> 'struct page *' here rather than converting it to a physical address
> only for get_iommu_page_ext() to convert it straight back again?
Will do, we will need the physical address anyway for the error message.
>
> > +{
> > + unsigned int ref;
> > + struct page_ext *page_ext = get_iommu_page_ext(phys);
> > + struct iommu_debug_metadate *d = get_iommu_data(page_ext);
> > +
> > + ref = atomic_read(&d->ref);
> > + page_ext_put(page_ext);
> > + return ref;
> > +}
> > +
> > +void __iommu_debug_check_unmapped(const struct page *page, int numpages)
> > +{
> > + while (numpages--) {
> > + WARN_ON(iommu_debug_page_count(page_to_phys(page)));
>
> Since you only care about the count being non-zero, perhaps tweak
> iommu_debug_page_count() to be something like:
>
> bool iommu_debug_page_referenced(struct page *);
>
Will do.
Thanks,
Mostafa
> Will
prev parent reply other threads:[~2025-11-24 12:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 16:39 [PATCH v2 0/4] iommu: Add IOMMU_DEBUG_PAGEALLOC sanitizer Mostafa Saleh
2025-11-06 16:39 ` [PATCH v2 1/4] drivers/iommu: Add page_ext for IOMMU_DEBUG_PAGEALLOC Mostafa Saleh
2025-11-06 19:50 ` Randy Dunlap
2025-11-24 11:04 ` Mostafa Saleh
2025-11-13 10:05 ` Will Deacon
2025-11-24 11:10 ` Mostafa Saleh
2025-11-24 12:45 ` Mostafa Saleh
2025-11-06 16:39 ` [PATCH v2 2/4] drivers/iommu: Add calls " Mostafa Saleh
2025-11-13 11:00 ` Will Deacon
2025-11-24 11:23 ` Mostafa Saleh
2025-11-06 16:39 ` [PATCH v2 3/4] drivers/iommu-debug-pagealloc: Track IOMMU pages Mostafa Saleh
2025-11-13 11:00 ` Will Deacon
2025-11-24 12:37 ` Mostafa Saleh
2025-11-24 15:35 ` Will Deacon
2025-11-24 16:01 ` Mostafa Saleh
2025-11-06 16:39 ` [PATCH v2 4/4] drivers/iommu-debug-pagealloc: Check mapped/unmapped kernel memory Mostafa Saleh
2025-11-13 10:59 ` Will Deacon
2025-11-24 12:38 ` Mostafa Saleh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSRR2h68l9LRn3iZ@google.com \
--to=smostafa@google.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=david@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=iommu@lists.linux.dev \
--cc=jackmanb@google.com \
--cc=joro@8bytes.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@suse.com \
--cc=robin.murphy@arm.com \
--cc=rppt@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=will@kernel.org \
--cc=xiaqinxin@huawei.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.