Re: [PATCH] iommu/iova: Fix tracking of recently failed iova address size

From: Robin Murphy
Date: Mon Mar 18 2019 - 11:19:29 EST

Next message: Ewan D. Milne: "Re: [BUG] scsi: ses: out of bound accessing in ses_enclosure_data_process"
Previous message: Paul Kocialkowski: "Re: [linux-sunxi] [PATCH 11/14] ARM: sunxi: dts: s3/s3l/v3: add DTSI files for S3/S3L/V3 SoCs"
Next in thread: Robert Richter: "[PATCH v2] iommu/iova: Fix tracking of recently failed iova address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15/03/2019 15:56, Robert Richter wrote:

We track the smallest size that failed for a 32 bit allocation. The
Size decreases only and if we actually walked the tree and noticed an
allocation failure. Current code is broken and wrongly updates the
size value even if we did not try an allocation. This leads to
increased size values and we might go the slow path again even if we
have seen a failure before for the same or a smaller size.

That description wasn't too clear (since it rather contradicts itself by starting off with "XYZ happens" when the whole point is that XYZ doesn't actually happen properly), but having gone and looked at the code in context I think I understand it now - specifically, it's that the early-exit path for detecting that a 32-bit allocation request is too big to possibly succeed should never have gone via the route which assigns to max32_alloc_size.

In that respect, the diff looks correct, so modulo possibly tweaking the commit message,

Reviewed-by: Robin Murphy <robin.murphy@xxxxxxx>

Thanks,
Robin.

Cc: <stable@xxxxxxxxxxxxxxx> # 4.20+
Fixes: bee60e94a1e2 ("iommu/iova: Optimise attempts to allocate iova from 32bit address range")
Signed-off-by: Robert Richter <rrichter@xxxxxxxxxxx>
---
drivers/iommu/iova.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c
index f8d3ba247523..2de8122e218f 100644
--- a/drivers/iommu/iova.c
+++ b/drivers/iommu/iova.c
@@ -207,8 +207,10 @@ static int __alloc_and_insert_iova_range(struct iova_domain *iovad,
curr_iova = rb_entry(curr, struct iova, node);
} while (curr && new_pfn <= curr_iova->pfn_hi);
- if (limit_pfn < size || new_pfn < iovad->start_pfn)
+ if (limit_pfn < size || new_pfn < iovad->start_pfn) {
+ iovad->max32_alloc_size = size;
goto iova32_full;
+ }
/* pfn_lo will point to size aligned address if size_aligned is set */
new->pfn_lo = new_pfn;
@@ -222,7 +224,6 @@ static int __alloc_and_insert_iova_range(struct iova_domain *iovad,
return 0;
iova32_full:
- iovad->max32_alloc_size = size;
spin_unlock_irqrestore(&iovad->iova_rbtree_lock, flags);
return -ENOMEM;
}

Next message: Ewan D. Milne: "Re: [BUG] scsi: ses: out of bound accessing in ses_enclosure_data_process"
Previous message: Paul Kocialkowski: "Re: [linux-sunxi] [PATCH 11/14] ARM: sunxi: dts: s3/s3l/v3: add DTSI files for S3/S3L/V3 SoCs"
Next in thread: Robert Richter: "[PATCH v2] iommu/iova: Fix tracking of recently failed iova address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]