Re: [PATCH V2] xen-swiotlb: use actually allocated size on check physical continuous

From: Konrad Rzeszutek Wilk
Date: Thu Oct 18 2018 - 19:52:42 EST


On Tue, Oct 16, 2018 at 03:21:16PM -0700, Joe Jin wrote:
> xen_swiotlb_{alloc,free}_coherent() allocate/free memory by order,
> but passed required size to range_straddles_page_boundary(),
> when first pages are physical continuous,
> range_straddles_page_boundary() returned true, then did not
> exchanged memory with Xen, later on free memory, it tried to
> exchanged non-contiguous memory with Xen, then kernel panic.

I have a hard time understanding the commit message.

I think you mean to say:

xen_swiotlb_{alloc,free}_coherent() allocate/free memory based on the
order of the pages and not size argument (bytes). This is inconsistent with
range_straddles_page_boundary and memset which use the 'size' value,
which may lead to not exchanging memory with Xen (range_straddles_page_boundary()
returned true). And then the call to xen_swiotlb_free_coherent() would
actually try to exchange the memory with Xen, leading to the kernel
hitting an BUG (as the hypercall returned an error).

This patch fixes it by making the 'size' variable be of the same size
as the amount of memory allocated.

I checked it as such..
>
> Signed-off-by: Joe Jin <joe.jin@xxxxxxxxxx>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
> Cc: Christoph Helwig <hch@xxxxxx>
> Cc: Dongli Zhang <dongli.zhang@xxxxxxxxxx>
> Cc: John Sobecki <john.sobecki@xxxxxxxxxx>
>
> ---
> drivers/xen/swiotlb-xen.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c
> index a6f9ba85dc4b..aa081f806728 100644
> --- a/drivers/xen/swiotlb-xen.c
> +++ b/drivers/xen/swiotlb-xen.c
> @@ -303,6 +303,9 @@ xen_swiotlb_alloc_coherent(struct device *hwdev, size_t size,
> */
> flags &= ~(__GFP_DMA | __GFP_HIGHMEM);
>
> + /* Convert the size to actually allocated. */
> + size = 1UL << (order + XEN_PAGE_SHIFT);
> +
> /* On ARM this function returns an ioremap'ped virtual address for
> * which virt_to_phys doesn't return the corresponding physical
> * address. In fact on ARM virt_to_phys only works for kernel direct
> @@ -351,6 +354,9 @@ xen_swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr,
> * physical address */
> phys = xen_bus_to_phys(dev_addr);
>
> + /* Convert the size to actually allocated. */
> + size = 1UL << (order + XEN_PAGE_SHIFT);
> +
> if (((dev_addr + size - 1 <= dma_mask)) ||
> range_straddles_page_boundary(phys, size))
> xen_destroy_contiguous_region(phys, order);
> --
> 2.15.2 (Apple Git-101.1)
>
>