Re: [PATCH] iommu/vt-d: Fix scatterlist offset handling

From: David Woodhouse
Date: Tue Oct 03 2017 - 08:56:23 EST

Next message: Arnaldo Carvalho de Melo: "[PATCH 6/8] perf top: Implement multithreading for perf_event__synthesize_threads"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 4/8] perf tools: Lock to protect namespaces and comm list"
Next in thread: Robin Murphy: "Re: [PATCH] iommu/vt-d: Fix scatterlist offset handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2017-09-28 at 15:14 +0100, Robin Murphy wrote:
> The intel-iommu DMA ops fail to correctly handle scatterlists where
> sg->offset is greater than PAGE_SIZE - the IOVA allocation is computed
> appropriately based on the page-aligned portion of the offset, but the
> mapping is set up relative to sg->page, which means it fails to actually
> cover the whole buffer (and in the worst case doesn't cover it at all):
>
> ÂÂÂ (sg->dma_address + sg->dma_len) ----+
> ÂÂÂ sg->dma_address ---------+ÂÂÂÂÂÂÂÂÂ |
> ÂÂÂ iov_pfn------+ÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂ |
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂ |
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ vÂÂÂÂÂÂÂÂÂÂ vÂÂÂÂÂÂÂÂÂ v
> iova:ÂÂ aÂÂÂÂÂÂÂ bÂÂÂÂÂÂÂ cÂÂÂÂÂÂÂ dÂÂÂÂÂÂÂ eÂÂÂÂÂÂÂ f
> ÂÂÂÂÂÂÂ |--------|--------|--------|--------|--------|
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ <...calculated....>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ [_____mapped______]
> pfn:ÂÂÂ 0ÂÂÂÂÂÂÂ 1ÂÂÂÂÂÂÂ 2ÂÂÂÂÂÂÂ 3ÂÂÂÂÂÂÂ 4ÂÂÂÂÂÂÂ 5
> ÂÂÂÂÂÂÂ |--------|--------|--------|--------|--------|
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ^ÂÂÂÂÂÂÂÂÂÂ ^ÂÂÂÂÂÂÂÂÂ ^
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂ |
> ÂÂÂ sg->page ----+ÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂ |
> ÂÂÂ sg->offset --------------+ÂÂÂÂÂÂÂÂÂ |
> ÂÂÂ (sg->offset + sg->length) ----------+

I'd still dearly love to see some clear documentation of what it means
for sg->offset to be outside the page referenced by sg->page.

Or is it really not "outside", and it's *only* valid for the offset to
be > PAGE_OFFSET when it's a huge page, so we can check that with a
BUG_ON() ?Â

In particular, I'd like to know what is intended in the Xen PV case,
where there isn't a straight correspondence between pfn and mfn. Is the
out-of-range sg->offset intended to refer to the next *pfn* after sg-
>page, or to the next *mfn* after sg->page?Â

I confess I've only followed this thread vaguely, but I haven't seen a
*coherent* explanation except in the huge page case (in which case I
want to see that BUG_ON in the patch) of why this isn't just totally
bogus.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Arnaldo Carvalho de Melo: "[PATCH 6/8] perf top: Implement multithreading for perf_event__synthesize_threads"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 4/8] perf tools: Lock to protect namespaces and comm list"
Next in thread: Robin Murphy: "Re: [PATCH] iommu/vt-d: Fix scatterlist offset handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]