From: Niklas Schnelle <schnelle@linux.ibm.com>
To: Nicolin Chen <nicoleotsuka@gmail.com>,
mpe@ellerman.id.au, benh@kernel.crashing.org, paulus@samba.org,
rth@twiddle.net, ink@jurassic.park.msu.ru, mattst88@gmail.com,
tony.luck@intel.com, fenghua.yu@intel.com,
gerald.schaefer@linux.ibm.com, hca@linux.ibm.com,
gor@linux.ibm.com, borntraeger@de.ibm.com, davem@davemloft.net,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
x86@kernel.org, hpa@zytor.com,
James.Bottomley@HansenPartnership.com, deller@gmx.de
Cc: sfr@canb.auug.org.au, hch@lst.de, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org, linux-alpha@vger.kernel.org,
linux-ia64@vger.kernel.org, linux-s390@vger.kernel.org,
sparclinux@vger.kernel.org, linux-parisc@vger.kernel.org
Subject: Re: [RFT][PATCH 0/7] Avoid overflow at boundary_size
Date: Tue, 25 Aug 2020 12:16:27 +0200 [thread overview]
Message-ID: <4321af30-9554-6897-5281-05afd88f2631@linux.ibm.com> (raw)
In-Reply-To: <20200820231923.23678-1-nicoleotsuka@gmail.com>
On 8/21/20 1:19 AM, Nicolin Chen wrote:
> We are expending the default DMA segmentation boundary to its
> possible maximum value (ULONG_MAX) to indicate that a device
> doesn't specify a boundary limit. So all dma_get_seg_boundary
> callers should take a precaution with the return values since
> it would easily get overflowed.
>
> I scanned the entire kernel tree for all the existing callers
> and found that most of callers may get overflowed in two ways:
> either "+ 1" or passing it to ALIGN() that does "+ mask".
>
> According to kernel defines:
> #define ALIGN_MASK(x, mask) (((x) + (mask)) & ~(mask))
> #define ALIGN(x, a) ALIGN_MASK(x, (typeof(x))(a) - 1)
>
> We can simplify the logic here:
> ALIGN(boundary + 1, 1 << shift) >> shift
> = ALIGN_MASK(b + 1, (1 << s) - 1) >> s
> = {[b + 1 + (1 << s) - 1] & ~[(1 << s) - 1]} >> s
> = [b + 1 + (1 << s) - 1] >> s
> = [b + (1 << s)] >> s
> = (b >> s) + 1
>
> So this series of patches fix the potential overflow with this
> overflow-free shortcut.
Hi Nicolin,
haven't seen any other feedback from other maintainers,
so I guess you will resend this?
On first glance it seems to make sense.
I'm a little confused why it is only a "potential overflow"
while this part
"We are expending the default DMA segmentation boundary to its
possible maximum value (ULONG_MAX) to indicate that a device
doesn't specify a boundary limit"
sounds to me like ULONG_MAX is actually used, does that
mean there are currently no devices which do not specify a
boundary limit?
>
> As I don't think that I have these platforms, marking RFT.
>
> Thanks
> Nic
>
> Nicolin Chen (7):
> powerpc/iommu: Avoid overflow at boundary_size
> alpha: Avoid overflow at boundary_size
> ia64/sba_iommu: Avoid overflow at boundary_size
> s390/pci_dma: Avoid overflow at boundary_size
> sparc: Avoid overflow at boundary_size
> x86/amd_gart: Avoid overflow at boundary_size
> parisc: Avoid overflow at boundary_size
>
> arch/alpha/kernel/pci_iommu.c | 10 ++++------
> arch/ia64/hp/common/sba_iommu.c | 4 ++--
> arch/powerpc/kernel/iommu.c | 11 +++++------
> arch/s390/pci/pci_dma.c | 4 ++--
> arch/sparc/kernel/iommu-common.c | 9 +++------
> arch/sparc/kernel/iommu.c | 4 ++--
> arch/sparc/kernel/pci_sun4v.c | 4 ++--
> arch/x86/kernel/amd_gart_64.c | 4 ++--
> drivers/parisc/ccio-dma.c | 4 ++--
> drivers/parisc/sba_iommu.c | 4 ++--
> 10 files changed, 26 insertions(+), 32 deletions(-)
>
next prev parent reply other threads:[~2020-08-25 10:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-20 23:19 [RFT][PATCH 0/7] Avoid overflow at boundary_size Nicolin Chen
2020-08-25 10:16 ` Niklas Schnelle [this message]
2020-08-25 23:19 ` Nicolin Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4321af30-9554-6897-5281-05afd88f2631@linux.ibm.com \
--to=schnelle@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=fenghua.yu@intel.com \
--cc=gerald.schaefer@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hch@lst.de \
--cc=hpa@zytor.com \
--cc=ink@jurassic.park.msu.ru \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mattst88@gmail.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=nicoleotsuka@gmail.com \
--cc=paulus@samba.org \
--cc=rth@twiddle.net \
--cc=sfr@canb.auug.org.au \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox