From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751170AbbCJW6H (ORCPT ); Tue, 10 Mar 2015 18:58:07 -0400 Received: from mail-pd0-f179.google.com ([209.85.192.179]:37428 "EHLO mail-pd0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750752AbbCJW6D (ORCPT ); Tue, 10 Mar 2015 18:58:03 -0400 Message-ID: <54FF76F4.5020503@ozlabs.ru> Date: Wed, 11 Mar 2015 09:57:56 +1100 From: Alexey Kardashevskiy User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Alex Williamson CC: linuxppc-dev@lists.ozlabs.org, Benjamin Herrenschmidt , Paul Mackerras , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v5 03/29] vfio: powerpc/spapr: Check that TCE page size is equal to it_page_size References: <1425910045-26167-1-git-send-email-aik@ozlabs.ru> <1425910045-26167-4-git-send-email-aik@ozlabs.ru> <1426017408.25026.79.camel@redhat.com> In-Reply-To: <1426017408.25026.79.camel@redhat.com> Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/11/2015 06:56 AM, Alex Williamson wrote: > On Tue, 2015-03-10 at 01:06 +1100, Alexey Kardashevskiy wrote: >> This checks that the TCE table page size is not bigger that the size of >> a page we just pinned and going to put its physical address to the table. >> >> Otherwise the hardware gets unwanted access to physical memory between >> the end of the actual page and the end of the aligned up TCE page. >> >> Since compound_order() and compound_head() work correctly on non-huge >> pages, there is no need for additional check whether the page is huge. >> >> Signed-off-by: Alexey Kardashevskiy >> --- >> Changes: >> v4: >> * s/tce_check_page_size/tce_page_is_contained/ >> --- >> drivers/vfio/vfio_iommu_spapr_tce.c | 22 ++++++++++++++++++++++ >> 1 file changed, 22 insertions(+) >> >> diff --git a/drivers/vfio/vfio_iommu_spapr_tce.c b/drivers/vfio/vfio_iommu_spapr_tce.c >> index 756831f..91e7599 100644 >> --- a/drivers/vfio/vfio_iommu_spapr_tce.c >> +++ b/drivers/vfio/vfio_iommu_spapr_tce.c >> @@ -49,6 +49,22 @@ struct tce_container { >> bool enabled; >> }; >> >> +static bool tce_page_is_contained(struct page *page, unsigned page_shift) >> +{ >> + unsigned shift; >> + >> + /* >> + * Check that the TCE table granularity is not bigger than the size of >> + * a page we just found. Otherwise the hardware can get access to >> + * a bigger memory chunk that it should. >> + */ >> + shift = PAGE_SHIFT + compound_order(compound_head(page)); >> + if (shift >= page_shift) >> + return true; >> + >> + return false; > > nit, simplified: > > return (PAGE_SHIFT + compound_order(compound_head(page) >= page_shift); This won't be "bool" though. This will (I'll do this) shift = PAGE_SHIFT + compound_order(compound_head(page)); return (shift >= page_shift); > >> +} >> + >> static int tce_iommu_enable(struct tce_container *container) >> { >> int ret = 0; >> @@ -197,6 +213,12 @@ static long tce_iommu_build(struct tce_container *container, >> ret = -EFAULT; >> break; >> } >> + >> + if (!tce_page_is_contained(page, tbl->it_page_shift)) { >> + ret = -EPERM; >> + break; >> + } >> + >> hva = (unsigned long) page_address(page) + >> (tce & IOMMU_PAGE_MASK(tbl) & ~PAGE_MASK); >> > > > -- Alexey